Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Not confident that my laptop is clean.


  • This topic is locked This topic is locked
12 replies to this topic

#1 dormillie

dormillie

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 28 July 2017 - 01:19 PM

Made a thread here: https://www.bleepingcomputer.com/forums/t/652719/am-i-still-infected-i-need-help-and-ive-been-very-afraid-lately/

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-07-2017
Ran by Lenovo Gaming (administrator) on LENOVO-PC (29-07-2017 02:11:39)
Running from C:\Users\Lenovo Gaming\Downloads
Loaded Profiles: UpdatusUser & Lenovo Gaming (Available Profiles: UpdatusUser & Lenovo Gaming)
Platform: Windows 8.1 (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Condusiv Technologies) C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaConverter.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaRenderer.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-28] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13648600 2013-08-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-08-30] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2894664 2013-08-14] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17111056 2013-11-14] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-11-14] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-19] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Google Japanese Input Prelauncher] => C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaBroker32.exe [1752016 2016-12-07] (Google Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3062560 2017-07-18] (Valve Corporation)
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\Run: [Google Update] => C:\Users\Lenovo Gaming\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe [601168 2017-04-29] (Google Inc.)
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9818328 2017-06-30] (Piriform Ltd)
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\RunOnce: [Uninstall C:\Users\Lenovo Gaming\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenovo Gaming\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\RunOnce: [Uninstall C:\Users\Lenovo Gaming\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lenovo Gaming\AppData\Local\Microsoft\OneDrive\17.3.6390.0509"
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-10-04] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [156256 2013-10-04] (NVIDIA Corporation)
GroupPolicy: Restriction <==== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{0B84A85B-FBA7-455F-BE86-5BAAEFF9BA29}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{3F31000C-2C3F-4F71-B491-A17747400619}: [DhcpNameServer] 192.168.254.254 192.168.254.254
Tcpip\..\Interfaces\{7BC3A95E-DFF0-41E2-880C-EA86AA23BBEB}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{7BC3A95E-DFF0-41E2-880C-EA86AA23BBEB}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://lenovo13.msn.com/?pc=LCJB
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://home.lenovo.com
SearchScopes: HKLM -> DefaultScope {72F34A2B-0C79-4075-8B10-85FACC4A013E} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {72F34A2B-0C79-4075-8B10-85FACC4A013E} URL = 
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-07-07] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-16] (Microsoft Corporation)
BHO-x32: Kaspersky Protection -> {2E38825B-8815-42CF-9126-C58BC28D4591} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll [2016-12-06] (AO Kaspersky Lab)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-07] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF DefaultProfile: rwnwyryx.default-1498627294340
FF ProfilePath: C:\Users\Lenovo Gaming\AppData\Roaming\Mozilla\Firefox\Profiles\rwnwyryx.default-1498627294340 [2017-07-28]
FF HKLM\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi [2017-07-19]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-25] (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2017-03-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-341163345-3639595445-3741724759-1002: @tools.google.com/Google Update;version=3 -> C:\Users\Lenovo Gaming\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-341163345-3639595445-3741724759-1002: @tools.google.com/Google Update;version=9 -> C:\Users\Lenovo Gaming\AppData\Local\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-341163345-3639595445-3741724759-1002: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-19] (Intel)
FF Plugin HKU\S-1-5-21-341163345-3639595445-3741724759-1002: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-19] (Intel)
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR Profile: C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default [2017-07-28]
CHR Extension: (Google Drive) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-06]
CHR Extension: (YouTube) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-06]
CHR Extension: (Adblock Plus) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-07-13]
CHR Extension: (uBlock Origin) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-07-24]
CHR Extension: (Tampermonkey) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2017-05-29]
CHR Extension: (Kaspersky Protection) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoibnponjcgjgcnfacekaijdbbplhib [2017-02-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-06]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]
CHR Profile: C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\System Profile [2017-07-26]
CHR HKLM\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [fhoibnponjcgjgcnfacekaijdbbplhib] - hxxps://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVP17.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe [241544 2016-06-28] (AO Kaspersky Lab)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4412104 2017-07-18] (Microsoft Corporation)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [92160 2013-07-28] (ELAN Microelectronics Corp.)
R2 ExpressCache; C:\Program Files\Condusiv Technologies\ExpressCache\ExpressCache.exe [107944 2013-01-09] (Condusiv Technologies)
R2 GoogleIMEJaCacheService; C:\Program Files (x86)\Google\Google Japanese Input\GoogleIMEJaCacheService.exe [946640 2016-12-07] (Google Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-09] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-09-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-09] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\vssbridge64.exe [77328 2016-06-28] (AO Kaspersky Lab)
R2 KSDE1.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe [241544 2016-06-28] (AO Kaspersky Lab)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-08-24] ()
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3667696 2013-08-24] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 btmaux; C:\windows\system32\DRIVERS\btmaux.sys [132920 2013-04-24] (Motorola Solutions, Inc.)
R3 btmhsf; C:\windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-20] (Motorola Solutions, Inc.)
R0 cm_km; C:\windows\System32\DRIVERS\cm_km.sys [238936 2016-06-10] (AO Kaspersky Lab)
R3 ETDSMBus; C:\windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-08-05] (ELAN Microelectronic Corp.)
R1 excfs; C:\windows\System32\DRIVERS\excfs.sys [26024 2013-01-09] (Condusiv Technologies)
R0 excsd; C:\windows\System32\DRIVERS\excsd.sys [112552 2013-01-09] (Condusiv Technologies)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [100072 2013-08-02] (GenesysLogic)
R3 ibtusb; C:\windows\system32\DRIVERS\ibtusb.sys [118216 2013-09-23] (Intel Corporation)
R0 kl1; C:\windows\System32\DRIVERS\kl1.sys [554416 2016-06-02] (AO Kaspersky Lab)
R0 klbackupdisk; C:\windows\System32\DRIVERS\klbackupdisk.sys [63920 2016-06-08] (AO Kaspersky Lab)
R1 klbackupflt; C:\windows\System32\DRIVERS\klbackupflt.sys [86352 2016-06-15] (AO Kaspersky Lab)
R2 kldisk; C:\windows\system32\DRIVERS\kldisk.sys [78216 2016-06-01] (AO Kaspersky Lab)
S0 klelam; C:\windows\System32\DRIVERS\klelam.sys [28792 2016-03-31] (AO Kaspersky Lab)
R3 klflt; C:\windows\system32\DRIVERS\klflt.sys [197312 2017-07-19] (AO Kaspersky Lab)
R1 klhk; C:\windows\System32\drivers\klhk.sys [520152 2017-07-19] (AO Kaspersky Lab)
R1 KLIF; C:\windows\System32\DRIVERS\klif.sys [1021624 2017-07-19] (AO Kaspersky Lab)
R1 KLIM6; C:\windows\system32\DRIVERS\klim6.sys [57424 2016-12-06] (AO Kaspersky Lab)
R3 klkbdflt; C:\windows\system32\DRIVERS\klkbdflt.sys [52136 2016-05-19] (AO Kaspersky Lab)
R3 klmouflt; C:\windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\windows\System32\DRIVERS\klpd.sys [45488 2016-06-01] (AO Kaspersky Lab)
R3 kltap; C:\windows\system32\DRIVERS\kltap.sys [52152 2016-06-07] (The OpenVPN Project)
R1 klwfp; C:\windows\system32\DRIVERS\klwfp.sys [85320 2016-06-18] (AO Kaspersky Lab)
R1 Klwtp; C:\windows\system32\DRIVERS\klwtp.sys [136416 2017-03-14] (AO Kaspersky Lab)
R1 kneps; C:\windows\system32\DRIVERS\kneps.sys [199640 2017-07-19] (AO Kaspersky Lab)
R3 MEIx64; C:\windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-09] (Intel Corporation)
R3 NETwNb64; C:\windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-26] (Intel Corporation)
S3 NETwNe64; C:\windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 RtlWlanu; C:\windows\system32\DRIVERS\rtwlanu.sys [1975000 2013-08-01] (Realtek Semiconductor Corporation                           )
R3 rtsuvc; C:\windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsAlsDriver; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\windows\System32\drivers\WUDFRd.sys [226304 2014-10-29] (Microsoft Corporation)
S3 WdBoot; C:\windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 wsvd; C:\windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-28 17:14 - 2017-07-28 17:14 - 00000819 _____ C:\Users\Public\Desktop\Speccy.lnk
2017-07-28 17:14 - 2017-07-28 17:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2017-07-28 17:14 - 2017-07-28 17:14 - 00000000 ____D C:\Program Files\Speccy
2017-07-28 09:06 - 2017-07-28 12:10 - 00050686 _____ C:\Users\Lenovo Gaming\Downloads\Addition.txt
2017-07-28 09:05 - 2017-07-29 02:11 - 00023821 _____ C:\Users\Lenovo Gaming\Downloads\FRST.txt
2017-07-28 09:05 - 2017-07-29 02:11 - 00000000 ____D C:\FRST
2017-07-28 09:02 - 2017-07-28 09:02 - 02381824 _____ (Farbar) C:\Users\Lenovo Gaming\Downloads\FRST64.exe
2017-07-27 15:15 - 2017-07-27 15:15 - 00000966 _____ C:\Users\Lenovo Gaming\Downloads\cc_20170727_151506.reg
2017-07-26 12:17 - 2017-07-26 12:17 - 00003620 _____ C:\Users\Lenovo Gaming\Downloads\cc_20170726_121743.reg
2017-07-26 11:39 - 2017-07-26 11:40 - 30371312 _____ (SUPERAntiSpyware) C:\Users\Lenovo Gaming\Downloads\SUPERAntiSpywarePro.exe
2017-07-25 14:12 - 2017-07-25 14:13 - 00000000 ____D C:\Users\Lenovo Gaming\Downloads\old college stuff
2017-07-25 14:11 - 2017-07-25 14:11 - 00000000 ____D C:\Users\Lenovo Gaming\Downloads\registries
2017-07-25 13:43 - 2017-07-25 13:43 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Local\NVIDIA
2017-07-25 12:56 - 2017-07-25 13:44 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Local\CrashDumps
2017-07-25 12:46 - 2017-07-25 12:46 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-25 08:47 - 2017-07-25 08:47 - 00003190 _____ C:\windows\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-341163345-3639595445-3741724759-1002
2017-07-24 08:27 - 2017-07-24 08:27 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Local\VS Revo Group
2017-07-24 08:27 - 2017-07-24 08:27 - 00000000 ____D C:\ProgramData\VS Revo Group
2017-07-24 05:17 - 2017-07-28 17:15 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Roaming\Nitro PDF
2017-07-24 05:16 - 2017-07-24 05:16 - 06299336 _____ (Piriform Ltd) C:\Users\Lenovo Gaming\Downloads\spsetup131.exe
2017-07-23 08:15 - 2017-07-23 08:16 - 65033984 _____ (Malwarebytes ) C:\Users\Lenovo Gaming\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-22 07:14 - 2017-07-22 07:15 - 00000000 ____D C:\Program Files\CCleaner
2017-07-22 07:14 - 2017-07-22 07:14 - 00002808 _____ C:\windows\System32\Tasks\CCleanerSkipUAC
2017-07-22 07:14 - 2017-07-22 07:14 - 00000845 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-07-22 07:14 - 2017-07-22 07:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-07-22 07:13 - 2017-07-22 07:14 - 09749016 _____ (Piriform Ltd) C:\Users\Lenovo Gaming\Downloads\ccsetup532pro.exe
2017-07-20 08:07 - 2017-07-20 08:10 - 13853611 _____ C:\Users\Lenovo Gaming\Downloads\tModLoader.Windows.v0.10.0.2.zip
2017-07-20 08:06 - 2017-07-20 08:09 - 00000000 ____D C:\Users\Lenovo Gaming\Downloads\Terraria
2017-07-14 21:37 - 2017-07-14 21:37 - 01126852 _____ C:\Users\Lenovo Gaming\Downloads\Secrets Of Grindea.CT
2017-07-14 21:21 - 2017-07-14 21:21 - 00756878 _____ C:\Users\Lenovo Gaming\Downloads\Secrets Of Grindea [Tv1.0][ColonelRVH].CT
2017-07-13 06:04 - 2017-07-13 06:07 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Roaming\Trine2
2017-07-11 04:18 - 2017-07-16 05:01 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Roaming\Secrets of Grindea
2017-07-11 04:18 - 2017-07-11 04:18 - 00000000 ____D C:\Users\Lenovo Gaming\Documents\Secrets of Grindea
2017-07-11 04:09 - 2017-07-11 04:09 - 00166962 _____ C:\Users\Lenovo Gaming\Downloads\Tamagotchi (USA, Europe).zip
2017-07-05 17:44 - 2017-07-05 18:15 - 567668661 _____ C:\Users\Lenovo Gaming\Downloads\dreamerro (1).grf
2017-07-02 23:41 - 2017-07-02 23:42 - 02312499 _____ C:\Users\Lenovo Gaming\Downloads\1.+lineart.pdf
2017-07-02 04:53 - 2017-07-11 21:28 - 00000000 ____D C:\Users\Lenovo Gaming\Downloads\project1
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-29 02:11 - 2016-11-06 05:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-07-29 02:10 - 2017-01-10 21:00 - 00000000 ___RD C:\Users\Lenovo Gaming\OneDrive
2017-07-28 17:20 - 2016-07-20 21:20 - 00003596 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-341163345-3639595445-3741724759-1002
2017-07-28 17:15 - 2016-09-21 05:24 - 00003962 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{D6168CA9-3AFA-4B71-8662-92BED77B3CFC}
2017-07-28 17:15 - 2013-08-22 21:36 - 00000000 ____D C:\windows\Inf
2017-07-28 12:42 - 2016-11-06 05:07 - 00003032 _____ C:\windows\System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901}
2017-07-28 12:25 - 2017-05-10 22:10 - 00000581 _____ C:\windows\system32\Drivers\etc\hosts.ics
2017-07-28 12:25 - 2013-11-14 19:04 - 00010752 _____ C:\windows\system32\VfService.trf
2017-07-28 12:25 - 2013-08-22 22:45 - 00000006 ____H C:\windows\Tasks\SA.DAT
2017-07-28 11:51 - 2013-08-22 21:25 - 00524288 ___SH C:\windows\system32\config\BBI
2017-07-28 04:40 - 2016-07-20 21:13 - 00000000 ____D C:\Users\Lenovo Gaming
2017-07-28 04:28 - 2013-11-14 18:30 - 00000000 ____D C:\Users\UpdatusUser
2017-07-27 15:07 - 2016-12-15 00:58 - 00007607 _____ C:\Users\Lenovo Gaming\AppData\Local\resmon.resmoncfg
2017-07-27 12:52 - 2013-11-14 18:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2017-07-27 12:52 - 2013-11-14 18:27 - 00000000 ____D C:\Program Files (x86)\Intel
2017-07-27 11:50 - 2013-11-14 18:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-07-27 07:14 - 2016-11-06 21:42 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-27 06:40 - 2013-08-22 23:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-07-26 17:39 - 2016-11-06 03:47 - 00002455 _____ C:\Users\Lenovo Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-25 14:35 - 2017-04-14 23:34 - 00000000 ____D C:\Users\Lenovo Gaming\Desktop\VBA
2017-07-25 14:21 - 2016-12-07 21:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
2017-07-25 14:10 - 2016-11-17 00:54 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Roaming\vlc
2017-07-25 13:38 - 2013-11-14 18:30 - 00000000 ____D C:\windows\SysWOW64\NV
2017-07-25 13:38 - 2013-11-14 18:30 - 00000000 ____D C:\windows\system32\NV
2017-07-25 13:37 - 2013-11-14 18:47 - 00000000 ___HD C:\windows\system32\WLANProfiles
2017-07-25 13:37 - 2013-11-14 18:30 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-07-25 13:36 - 2013-08-22 23:36 - 00000000 ___HD C:\Program Files\WindowsApps
2017-07-25 13:33 - 2013-08-22 23:36 - 00000000 ____D C:\windows\registration
2017-07-25 13:32 - 2013-11-14 18:30 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-07-25 13:32 - 2013-11-14 18:30 - 00000000 ____D C:\ProgramData\NVIDIA
2017-07-25 13:31 - 2013-11-14 18:30 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-07-25 12:06 - 2017-01-07 21:13 - 00000000 ____D C:\Users\Lenovo Gaming\Desktop\Games
2017-07-25 12:05 - 2016-12-05 21:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCWest
2017-07-25 08:47 - 2016-11-06 04:54 - 00003198 _____ C:\windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-341163345-3639595445-3741724759-1002
2017-07-25 08:47 - 2016-11-06 04:54 - 00002333 _____ C:\Users\Lenovo Gaming\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2017-07-24 12:16 - 2017-01-03 01:23 - 00000258 __RSH C:\ProgramData\ntuser.pol
2017-07-24 02:43 - 2016-11-06 21:30 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Roaming\discord
2017-07-24 01:59 - 2017-06-04 12:51 - 00000024 _____ C:\Users\Lenovo Gaming\jagexappletviewer.preferences
2017-07-24 01:57 - 2016-12-11 21:30 - 00000052 _____ C:\Users\Lenovo Gaming\jagex_cl_oldschool_LIVE.dat
2017-07-23 12:18 - 2017-05-10 22:18 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\Local\ElevatedDiagnostics
2017-07-22 07:27 - 2013-08-28 17:31 - 00000000 ____D C:\windows\Panther
2017-07-22 07:27 - 2013-08-22 23:36 - 00000000 ____D C:\windows\LiveKernelReports
2017-07-22 00:08 - 2016-11-06 04:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-07-22 00:08 - 2016-11-06 04:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-07-21 23:28 - 2017-01-08 11:52 - 00000000 ____D C:\Users\Lenovo Gaming\AppData\LocalLow\Mozilla
2017-07-19 23:58 - 2013-08-22 21:25 - 00262144 ___SH C:\windows\system32\config\ELAM
2017-07-19 23:57 - 2016-06-15 08:47 - 00199640 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\kneps.sys
2017-07-19 23:56 - 2016-11-06 05:07 - 01021624 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klif.sys
2017-07-19 23:56 - 2016-11-06 05:07 - 00197312 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klflt.sys
2017-07-19 23:53 - 2016-06-21 08:54 - 00520152 _____ (AO Kaspersky Lab) C:\windows\system32\Drivers\klhk.sys
2017-07-16 05:24 - 2013-08-22 23:36 - 00000000 ____D C:\windows\system32\NDF
2017-07-12 21:38 - 2013-08-22 23:20 - 00000000 ____D C:\windows\CbsTemp
2017-07-08 02:10 - 2017-04-03 19:31 - 00000000 ____D C:\Users\Lenovo Gaming\Desktop\BAIÑO, CHAMILLEGRACE G
2017-07-08 02:10 - 2016-11-12 08:22 - 00000000 ___RD C:\Users\Lenovo Gaming\Desktop\Icons
2017-07-02 00:56 - 2017-06-18 20:30 - 00000000 ____D C:\Users\Lenovo Gaming\Downloads\Aseprite
 
==================== Files in the root of some directories =======
 
2017-01-10 20:40 - 2016-07-11 00:26 - 2465048 _____ (Reason Software Company Inc.) C:\Program Files\rsEngine.dll
2017-01-04 00:24 - 2017-02-13 20:24 - 0000306 _____ () C:\Users\Lenovo Gaming\AppData\Roaming\WB.CFG
2016-12-15 00:58 - 2017-07-27 15:07 - 0007607 _____ () C:\Users\Lenovo Gaming\AppData\Local\resmon.resmoncfg
2017-02-12 14:19 - 2016-11-23 21:37 - 0000570 _____ () C:\Users\Lenovo Gaming\AppData\Local\TroubleshooterConfig.json
2013-11-14 18:40 - 2013-11-14 18:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-23 01:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-07-2017
Ran by Lenovo Gaming (29-07-2017 02:12:24)
Running from C:\Users\Lenovo Gaming\Downloads
Windows 8.1 (Update) (X64) (2016-07-20 13:13:46)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-341163345-3639595445-3741724759-500 - Administrator - Disabled)
Guest (S-1-5-21-341163345-3639595445-3741724759-501 - Limited - Disabled)
Lenovo Gaming (S-1-5-21-341163345-3639595445-3741724759-1002 - Administrator - Enabled) => C:\Users\Lenovo Gaming
UpdatusUser (S-1-5-21-341163345-3639595445-3741724759-1001 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.20) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.20 - Adobe Systems Incorporated)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
CCleaner (HKLM\...\CCleaner) (Version: 5.32 - Piriform)
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Crypt of the NecroDancer (HKLM\...\Steam App 247080) (Version:  - Brace Yourself Games)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM\...\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
Discord (HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
Dungeons of Dredmor (HKLM\...\Steam App 98800) (Version:  - Gaslamp Games, Inc.)
Energy Management (HKLM-x32\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)
ExpressCache (HKLM\...\{C123584F-9C84-45E8-AE5F-522328BB79A0}) (Version: 1.0.100.0 - Condusiv Technologies)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.0.7 - Genesys Logic)
Golf With Your Friends (HKLM\...\Steam App 431240) (Version:  - Blacklight Interactive)
Google Chrome (HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\Google Chrome) (Version: 60.0.3112.78 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google 日本語入力 (HKLM\...\{8E62C276-2238-4D64-A560-61C3116E0EB7}) (Version: 2.20.2750.0 - Google Inc.)
Half-Life (HKLM\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM\...\Steam App 220) (Version:  - Valve)
Hollow Knight (HKLM\...\Steam App 367520) (Version:  - Team Cherry)
HunieCam Studio (HKLM\...\Steam App 426000) (Version:  - HuniePot)
HuniePop (HKLM\...\Steam App 339800) (Version:  - HuniePot)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.20.1447 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1337.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{72814a2c-2e03-4a50-b30a-43e7884b3934}) (Version: 16.5.1 - Intel Corporation)
Jamestown (HKLM\...\Steam App 94200) (Version:  - Final Form Games)
Kaspersky Internet Security (HKLM-x32\...\{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{E27B1D7B-3B34-43A2-9FC0-9828D5DF46E2}) (Version: 17.0.0.611 - Kaspersky Lab)
Kaspersky Secure Connection (HKLM-x32\...\{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab) Hidden
Kaspersky Secure Connection (HKLM-x32\...\InstallWIX_{1CF84962-50F8-48CA-9082-B70F3A02C686}) (Version: 17.0.0.611 - Kaspersky Lab)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (HKLM\...\LenovoExperienceImprovement) (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.26.1 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (HKLM-x32\...\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.) Hidden
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Lenovo VeriFace (HKLM\...\Lenovo VeriFace) (Version: 5.0.13.5261 - Lenovo)
LISA (HKLM\...\Steam App 335670) (Version:  - Dingaling)
Microsoft Office Home and Student 2016 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 16.0.8229.2103 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215 (HKLM-x32\...\{d992c12e-cab2-426f-bde3-fb8c53950b0d}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Momodora: Reverie Under the Moonlight (HKLM\...\Steam App 428550) (Version:  - Bombservice)
Mozilla Firefox 54.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 54.0.1 (x86 en-US)) (Version: 54.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 54.0.1.6388 - Mozilla)
Mr. Massagy (HKLM\...\Steam App 511350) (Version:  - Green Lava Studios)
Nitro Pro 8 (HKLM\...\{6E7DFD3E-2E89-4F35-B4F2-D3301A4AD190}) (Version: 8.5.6.5 - Nitro)
NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.45 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.45 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (HKLM-x32\...\{90160000-008C-0000-0000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (HKLM\...\{90160000-00DD-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-008F-0000-1000-0000000FF1CE}) (Version: 16.0.8229.2103 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM-x32\...\{90160000-008C-0409-0000-0000000FF1CE}) (Version: 16.0.8201.2075 - Microsoft Corporation) Hidden
OldSchool RuneScape Launcher 1.2.7 (HKLM-x32\...\{FEDDCE73-34B8-4980-90B8-8619A78C902C}) (Version: 1.2.7 - Jagex Ltd)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.2 - Lenovo)
OneShot (HKLM\...\Steam App 420530) (Version:  - Little Cat Feet)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Pit People (HKLM\...\Steam App 291860) (Version:  - The Behemoth)
Portal 2 (HKLM\...\Steam App 620) (Version:  - Valve)
Portal Knights (HKLM\...\Steam App 374040) (Version:  - Keen Games)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)
Princess Maker 2 Refine (HKLM\...\Steam App 523000) (Version:  - CFK Co., Ltd.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7030 - Realtek Semiconductor Corp.)
Secrets of Grindea (HKLM\...\Steam App 269770) (Version:  - Pixel Ferrets)
Serious Sam 2 (HKLM\...\Steam App 204340) (Version:  - Croteam)
Serious Sam Classics: Revolution (HKLM\...\Steam App 227780) (Version:  - Croteam)
Serious Sam's Bogus Detour (HKLM\...\Steam App 272620) (Version:  - Crackshell)
Shantae: Half-Genie Hero (HKLM\...\Steam App 253840) (Version:  - WayForward)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.31 - Piriform)
StageLight version 1.0.0.3508 (HKLM\...\StageLight) (Version: version 1.0.0.3508 - Open Labs, LLC.)
Starbound - Unstable (HKLM\...\Steam App 367540) (Version:  - )
Starbound (HKLM\...\Steam App 211820) (Version:  - Chucklefish)
Stardew Valley (HKLM\...\Steam App 413150) (Version:  - ConcernedApe)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Sven Co-op (HKLM\...\Steam App 225840) (Version:  - Sven Co-op Team)
Synergy (HKLM\...\Steam App 17520) (Version:  - Synergy Team)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Terraria (HKLM\...\Steam App 105600) (Version:  - Re-Logic)
Trine (HKLM\...\Steam App 35700) (Version:  - Frozenbyte)
Trine 2 (HKLM\...\Steam App 35720) (Version:  - Frozenbyte)
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
VA-11 Hall-A: Cyberpunk Bartender Action (HKLM\...\Steam App 447530) (Version:  - Sukeban Games)
Viscera Cleanup Detail (HKLM\...\Steam App 246900) (Version:  - RuneStorm)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.3 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.30 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.1 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-341163345-3639595445-3741724759-1002_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\Lenovo Gaming\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-341163345-3639595445-3741724759-1002_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Lenovo Gaming\AppData\Local\Microsoft\OneDrive\17.3.6943.0625\amd64\FileCoAuthLib64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-341163345-3639595445-3741724759-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-341163345-3639595445-3741724759-1002_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-341163345-3639595445-3741724759-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Lenovo Gaming\AppData\Local\Google\Update\1.3.33.5\psuser_64.dll (Google Inc.)
ContextMenuHandlers1: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers1: [NP8ShellExtension] -> {9C4B85B8-956C-49BF-9BA5-101384E562B2} => C:\Program Files\Common Files\Nitro\Pro\8.0\NPShellExtension64.dll [2013-07-24] (Nitro PDF)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-07-20] (Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-07-20] (Alexander Roshal)
ContextMenuHandlers2: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers4: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\windows\system32\igfxpph.dll [2013-08-20] (Intel Corporation)
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\windows\system32\nvshext.dll [2013-10-04] (NVIDIA Corporation)
ContextMenuHandlers6: [Kaspersky Anti-Virus 17.0.0] -> {39C9FA89-7012-4573-A92D-BFD1F8CA542D} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\x64\shellex.dll [2017-03-14] (AO Kaspersky Lab)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2015-07-20] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2015-07-20] (Alexander Roshal)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {19E27BF3-0962-4CEF-8DF9-1347DFB4758F} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2016-11-10] ()
Task: {1BCB4497-A683-47E3-8388-FEA5CF8F8D3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {1F645FBA-8AE8-43EA-A03A-4F6634C99BD3} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-09] (CyberLink Corp.)
Task: {26E72F59-10AE-4926-A99E-F336C58CF914} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-02-09] (Google Inc.)
Task: {3FBD22DD-307A-4846-97AF-B9D9450FAFDA} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [2016-07-12] (AO Kaspersky Lab)
Task: {454A2CF1-5F30-4E4B-8061-85AAE10F58AA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {5B222C02-1C01-4AA2-8BF4-B564D6F67BF0} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate -nolegacy
Task: {5F7DA5FD-FEC1-46B3-8DE1-E77749F225CC} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerLogon => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {64F686A5-DC53-493D-B7C7-9587CECB953B} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {86158491-4102-4054-B173-0519A4487B84} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-06-30] (Piriform Ltd)
Task: {9AA52874-E456-43A2-9E1C-02D64762A6E2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341163345-3639595445-3741724759-1002UA => C:\Users\Lenovo Gaming\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-06] (Google Inc.)
Task: {9D9C2CCA-550C-4027-9696-8C3161C1A925} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-341163345-3639595445-3741724759-1002Core => C:\Users\Lenovo Gaming\AppData\Local\Google\Update\GoogleUpdate.exe [2016-11-06] (Google Inc.)
Task: {AB454234-681F-4925-A29D-DCFDD27BA6EA} - System32\Tasks\Microsoft\Office\OfficeBackgroundTaskHandlerRegistration => C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe [2017-07-07] ()
Task: {D1B7BDAF-F62A-4A8B-8A39-B3F853791AA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-07-18] (Microsoft Corporation)
Task: {E20B8A82-4A70-433F-833F-F1074115B4DD} - System32\Tasks\UMonitor Task => C:\windows\SysWOW64\UMonit64.exe [2013-08-06] ()
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-11-14 19:01 - 2012-04-24 18:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-11-14 19:04 - 2013-11-14 19:04 - 00068368 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
2013-11-14 19:04 - 2013-11-14 19:04 - 00669288 _____ () C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfDataStorageInterface.dll
2013-11-14 18:30 - 2013-10-04 15:58 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2016-11-06 04:34 - 2017-07-07 06:15 - 08932040 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-06-28 15:19 - 2016-06-28 15:19 - 00865232 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 17.0.0\kpcengine.2.3.dll
2013-11-14 18:38 - 2013-08-09 05:25 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 21:25 - 2017-01-10 21:34 - 00002024 _____ C:\windows\system32\Drivers\etc\hosts
 
0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Lenovo Gaming\Downloads\tumblr_ojqub7LqVx1rp1n1do1_1280.png
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\StartupApproved\Run: => "GarenaPlus"
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\StartupApproved\Run: => "BlueStacks Agent"
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-341163345-3639595445-3741724759-1002\...\StartupApproved\Run: => "CCleaner Monitoring"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6C6395BF-60EC-45F2-8A45-29B90F713E4A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{028729A3-DB67-4B22-BC31-4AB0D3414B8A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{E26BD9E5-2B26-4B52-81D3-759071BFBDB2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{BEE1703B-B2EF-4163-9A5B-0067933CC626}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F1538E73-D3E4-404A-B596-6771C7F0DFB3}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{7B5854AE-1892-433C-9AB7-B6FEE29021DC}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{8561DD72-4748-451A-BE5D-A5B16F2750A7}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{1FFDCB59-8A88-4C13-8BF5-11C04CDB23BA}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{24A924AA-879D-4D2D-AC87-54CFD9BE8F16}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{0AA2A172-493A-4B87-8B09-FF935F1ACC5B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FE9E8FFC-A8AE-429F-BD47-D0AF0C9193D2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{2B89F914-40CD-46E1-9009-86CEB196C63D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6818404C-BB4F-48A1-A24D-041558F2DFC1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{FB664608-BF93-4107-9AF6-A69DB3FE02E8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Stardew Valley\Stardew Valley.exe
FirewallRules: [{981443DF-E624-4F46-BBB9-8CC068DFCF6F}] => (Allow) LPort=8370
FirewallRules: [{23E61FD3-C1B0-41E6-A767-0A9B98B6C278}] => (Allow) LPort=8370
FirewallRules: [{F5583E79-900E-4607-B0B1-F9027E09B1C0}] => (Allow) LPort=6991
FirewallRules: [{329102E3-5A48-4E20-9640-6BD76962E791}] => (Allow) LPort=6991
FirewallRules: [{9EA43DA8-E88B-49C2-9211-3C8ADDB3CA56}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D0CF1BFB-9470-44A1-8E6C-E7B0A2A8C3F4}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{9F165551-DA9A-4A3B-A62C-3CD08D2E81D5}] => (Allow) LPort=6896
FirewallRules: [{6BF981E3-76EF-4111-811B-F77A367B72CF}] => (Allow) LPort=6896
FirewallRules: [{E4CD489D-1CE7-4E1B-BD48-9A3406854C46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{222F8B7C-E835-4673-BDC2-EA5C86D211FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{F12D4273-48A3-4247-95A3-B8EAF1C3EF37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{D334F6B5-43C9-4766-9C1C-5F20F80B6701}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\Game.exe
FirewallRules: [{A9061068-559D-481C-9123-F95B6BA131FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{789B1D56-5F98-4483-811D-3CF1B6D1B707}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{83016ADA-8626-41C4-B19C-F34E39857C6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HunieCam Studio\HunieCamStudio.exe
FirewallRules: [{E53C771B-E65B-4F2B-8BBE-56114DB7DD37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HunieCam Studio\HunieCamStudio.exe
FirewallRules: [{35466883-D590-4E1A-BC52-F4DCE7A02F66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero.exe
FirewallRules: [{4CFE4AD6-2DFC-4649-8B67-54EBE8D980C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero.exe
FirewallRules: [{CC2D29E5-CA46-494D-9FA0-C6982A4F72AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero64.exe
FirewallRules: [{BD4E8A86-A1AF-426C-B370-545BE0289A2A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Shantae Half-Genie Hero\executable\ShantaeHero64.exe
FirewallRules: [{7C4CCBCA-5272-4288-A4CE-E481CBAFA51D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Maker 2 Refine\pm2.exe
FirewallRules: [{08504DD9-6E5C-4DC6-855D-05F2901DAF3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Princess Maker 2 Refine\pm2.exe
FirewallRules: [{086DB48F-2E90-46E3-B467-8E9E2FFBF19B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{7C07DB94-A552-4CCA-AFE1-5D6A55D1FF9A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Dungeons of Dredmor\Dungeons of Dredmor.exe
FirewallRules: [{3A7D943B-8F75-4E40-964A-53217A3081C6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{9E98E400-214D-4091-B74A-4901FD5A3C3C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\HuniePop\HuniePop.exe
FirewallRules: [{300DF126-7767-4AB1-9807-C955123EAC26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{C87B4CF8-D68E-44CC-A77A-5488D82CE774}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{5B37406A-AAEF-416C-B5E0-9419668D0E54}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jamestown\Jamestown.exe
FirewallRules: [{99E66E9E-85BE-486C-957F-E561E454A998}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Jamestown\Jamestown.exe
FirewallRules: [{C7CB09E1-891A-4CC4-9518-EF8E5F9838C8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [{03B6352C-9300-444A-84D2-104EDC9662FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Momodora RUtM\MomodoraRUtM.exe
FirewallRules: [{93241EC3-2D7D-4B43-9816-43E43FC804B7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{6FD3FA17-544F-4ED3-8573-9B614B65CE12}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{D42A2663-4281-4A9F-A4DB-21F83D986F55}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{99DBAA84-061E-429D-8958-C12D1EBC2924}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svencoop.exe
FirewallRules: [{D1E72FF5-0645-43C5-9C64-B83FFBF6719F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{19586565-CC3A-405A-B89B-CE109BC36F92}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sven Co-op\svends.exe
FirewallRules: [{7C3F1DA0-BE49-47D9-A20C-8586BD40811A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{F9E85ED9-0DAC-4541-B76F-E95EB791A5FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Golf With Your Friends\Golf With Your Friends.exe
FirewallRules: [{BDCC0B83-2596-4E36-9F04-BC619A148C73}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Knights\portal_knights_x64.exe
FirewallRules: [{1C5D9A97-D0F3-4B42-A4CA-2E7061659838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Portal Knights\portal_knights_x64.exe
FirewallRules: [{A47658E6-1A56-43DC-8EE5-9FCEDDC7ED7C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Massagy\Mr Massagy.exe
FirewallRules: [{2BE6E9AF-1503-42A0-9679-A53097F6A95C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Mr. Massagy\Mr Massagy.exe
FirewallRules: [{8B521EDA-34DF-4DED-B59C-F0680E97DE04}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneShot\steamshim.exe
FirewallRules: [{AA81BECA-7549-47A3-BCE1-860917D004FD}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\OneShot\steamshim.exe
FirewallRules: [{63A56B42-FEE8-4CC5-AA97-217BA4C8FEFC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{F5BED4A4-72C5-4BB3-99EE-C443636B4783}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\mkxp\lisa.exe
FirewallRules: [{DA5B0028-D29C-44A9-86FD-715E566C712A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{957FA81C-C3E5-4DBA-AA8C-C375EA4CF590}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\LISA\JOYFUL\Game.exe
FirewallRules: [{CC571A80-E6CB-4244-B7D1-2455DA052E46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{04AFA77D-8107-4DFF-9B2B-6293765C1137}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Crypt of the NecroDancer\NecroDancer.exe
FirewallRules: [{57797DC4-43F9-47EB-ABC3-6F4F94379458}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{1E48223C-2F8C-4A6C-A010-35A9BBBDB34E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Hollow Knight\hollow_knight.exe
FirewallRules: [{B1285715-2EA8-4602-AE35-AE566CD043F5}] => (Allow) F:\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{56D32982-5973-4CC1-9EFD-EB80D0DA09B9}] => (Allow) F:\SteamLibrary\steamapps\common\VA-11 HALL-A\VA-11 Hall A.exe
FirewallRules: [{A9932AF1-3858-400C-B13B-C39D300205AC}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{A93B23D9-2B0C-464C-BA8A-031578F1C3F8}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{BF8D5A8D-EE98-4F38-BF05-4AF4B0C4BB3A}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound - Unstable\win64\starbound.exe
FirewallRules: [{FF58FEC1-C38F-444D-92B8-25C74BB4EBDE}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{D0C006F8-283D-45CB-8693-55A8ACC9915F}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound - Unstable\win64\starbound_server.exe
FirewallRules: [{7AD04AF4-EDAF-4BFC-AE60-10A0C8FB2AE9}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{0AD63BB7-5ABA-45AE-89DF-3A0705446A17}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound - Unstable\win64\mod_uploader.exe
FirewallRules: [{749EF87B-9489-4F69-A1F2-E210CAEAFBF5}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sams Bogus Detour\SSBD.exe
FirewallRules: [{0EBB5553-7A90-4039-A7BA-EA2B38519FF0}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sams Bogus Detour\SSBD.exe
FirewallRules: [{AA9A4173-3F15-4BD1-954B-B2559B98129D}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sams Bogus Detour\EDITOR.exe
FirewallRules: [{4A4A969B-F5D9-4247-9C77-CBC636866943}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sams Bogus Detour\EDITOR.exe
FirewallRules: [{B6F07B63-7B31-461C-82AA-C1F0C1A7F8FA}] => (Allow) F:\SteamLibrary\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{F34C4402-F16A-4C1E-94AD-D14A2294C107}] => (Allow) F:\SteamLibrary\steamapps\common\Trine\_enchanted_edition_\trine1_launcher.exe
FirewallRules: [{6E08E4FC-C30E-4D2A-86E8-0F3C92C7DCBB}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{BF98F08D-5CB1-4DB3-B26B-C6E6ABD4E1EA}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sam Revolution\Bin\SeriousSam.exe
FirewallRules: [{4BD50F78-D216-463D-BEB6-28BBCD1BC56C}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{B07B61F7-30BE-4DD7-B2DC-B262A28D270C}] => (Allow) F:\SteamLibrary\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{4A422039-1F6C-4472-B64A-603F2C24D28D}] => (Allow) F:\SteamLibrary\steamapps\common\Synergy\synergy.exe
FirewallRules: [{007047DD-C72C-47D7-A86B-E3096F0EDD9A}] => (Allow) F:\SteamLibrary\steamapps\common\Synergy\synergy.exe
FirewallRules: [{A243E3C4-F447-485D-AC7C-BC5CC30E1B07}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sam 2\Bin\Sam2.exe
FirewallRules: [{B57EAA4E-83A1-42E8-9A2F-AD19FCFE3E83}] => (Allow) F:\SteamLibrary\steamapps\common\Serious Sam 2\Bin\Sam2.exe
FirewallRules: [{DE3A959B-C486-42C4-A8C2-67C3D3555A0F}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{1DA9622E-0EA3-4EB6-B91E-84C4F2AE3998}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\Win32\UDK.exe
FirewallRules: [{85E7B06C-D309-42E8-9D5B-ECA1CB62F330}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{6BD9CAF4-5F56-4590-AF00-A7BF072E19DC}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\Win64\UDK.exe
FirewallRules: [{91DDAB84-6585-4204-B0D1-6FDF8FB7C2DE}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{B6ABC1A6-E076-47F5-A21C-D7B929398363}] => (Allow) F:\SteamLibrary\steamapps\common\Viscera\Binaries\UDKLift.exe
FirewallRules: [{15CAAB45-E612-47EC-A3A8-5C17D9567298}] => (Allow) F:\SteamLibrary\steamapps\common\Pit People\pitpeople.exe
FirewallRules: [{10204572-235B-453B-AC88-6B623B5FDD2E}] => (Allow) F:\SteamLibrary\steamapps\common\Pit People\pitpeople.exe
FirewallRules: [{F4EB5277-88AB-4A92-99E5-E05E2FDB35D6}] => (Allow) F:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{2604D426-7DE6-4A80-A803-370EDDA1A125}] => (Allow) F:\SteamLibrary\steamapps\common\Portal 2\portal2.exe
FirewallRules: [{4F236485-1681-4BA5-A4B7-EDD3311FBF4A}] => (Allow) F:\SteamLibrary\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{1C02A28C-5B7B-487D-B15D-018B872E7233}] => (Allow) F:\SteamLibrary\steamapps\common\Trine 2\trine2_launcher.exe
FirewallRules: [{C4E48D2B-0E29-4D89-A744-72DD88BF9F0F}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{DFFFAD71-1353-4672-9094-95B637F4EAF3}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound.exe
FirewallRules: [{51B8634A-BA11-4853-BF8C-12B1A3A64989}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{8997644E-CEC7-4D89-B080-40A2EDDA06B3}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\starbound_server.exe
FirewallRules: [{4D2A8DB6-E547-44AA-9134-74AAA9CB22CE}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{6CC20C0B-4BA3-46EF-8386-EB5CCB83565E}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win64\mod_uploader.exe
FirewallRules: [{4FE5E4F6-20EF-4DEA-8D7B-C3F2756F24DD}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
FirewallRules: [{504A004B-BB65-44A0-AC73-1149480C7E92}] => (Allow) F:\SteamLibrary\steamapps\common\Starbound\win32\starbound.exe
 
==================== Restore Points =========================
 
28-07-2017 12:24:00 clean stuff
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/29/2017 02:11:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: UMonit64.exe, version: 13.0.0.0, time stamp: 0x52007056
Faulting module name: ustor.dll, version: 6.3.9600.18233, time stamp: 0x56bb4e1d
Exception code: 0xc0000135
Fault offset: 0x0009d3c2
Faulting process id: 0x1100
Faulting application start time: 0x01d307cce4937b8b
Faulting application path: C:\windows\SysWOW64\UMonit64.exe
Faulting module path: ustor.dll
Report Id: 227e06f8-73c0-11e7-82b5-0c8bfd7d6643
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (07/29/2017 02:11:09 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
Error: (07/29/2017 02:11:08 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (7964) Instance: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Windows\AppRepository\edb0002C.log.
 
 
System errors:
=============
Error: (07/28/2017 12:25:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (07/28/2017 04:37:04 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 5000 milliseconds: Restart the service.
 
Error: (07/28/2017 04:27:47 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:10:27 AM on ‎7/‎28/‎2017 was unexpected.
 
Error: (07/26/2017 12:19:04 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (07/26/2017 08:40:59 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/25/2017 03:22:53 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/25/2017 02:29:16 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (07/25/2017 10:18:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (07/25/2017 09:35:48 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
Error: (07/24/2017 12:15:30 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Superfetch service terminated with the following error: 
The service has not been started.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-03 15:19:55.436
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:19:47.009
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:18:55.168
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:17:08.525
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:16:57.543
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:16:09.257
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:16:03.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:16:02.363
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:15:56.857
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2017-01-03 15:15:55.378
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume6\Windows\System32\dsound.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 33%
Total physical RAM: 8104.27 MB
Available physical RAM: 5382.24 MB
Total Virtual: 9704.27 MB
Available Virtual: 7134.31 MB
 
==================== Drives ================================
 
Drive c: (Windows8_OS) (Fixed) (Total:446.54 GB) (Free:362.72 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:20.74 GB) NTFS
Drive f: () (Fixed) (Total:445.44 GB) (Free:399.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 22.4 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=22.4 GB) - (Type=73)
 
========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 66C3DC18)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 29 July 2017 - 08:01 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

#3 dormillie

dormillie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 29 July 2017 - 08:11 AM

Hey! Thanks for the response! I'll get back to you soon as my laptop is still trying to log in, it's still spinning on and on on the log on screen. Must be a UUID error. Thought I had it fixed. I'll get back to you once I get on. (Hopefully...)

#4 dormillie

dormillie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 29 July 2017 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the Windows key + r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 


Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

GroupPolicy: Restriction <==== ATTENTION
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-07-2017
Ran by Lenovo Gaming (29-07-2017 21:33:59) Run:1
Running from C:\Users\Lenovo Gaming\Desktop
Loaded Profiles: UpdatusUser & Lenovo Gaming (Available Profiles: UpdatusUser & Lenovo Gaming)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
GroupPolicy: Restriction <==== ATTENTION
FF Plugin-x32: @t.garena.com/garenatalk -> C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll [No File]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\windows\system32\GroupPolicy\Machine => moved successfully
C:\windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@t.garena.com/garenatalk => key removed successfully
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10] => Error: No automatic fix found for this entry.
CHR Extension: (Chrome Media Router) - C:\Users\Lenovo Gaming\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-26] => Error: No automatic fix found for this entry.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 62972995 B
Java, Flash, Steam htmlcache => 574640633 B
Windows/system/drivers => 6292117 B
Edge => 0 B
Chrome => 433422049 B
Firefox => 9756134 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
systemprofile32 => 128 B
LocalService => 792 B
NetworkService => 0 B
UpdatusUser => 0 B
Lenovo Gaming => 13791092 B
 
RecycleBin => 0 B
EmptyTemp: => 1 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 21:34:24 ====
 
Here you go! The problem I'm facing with is actually my paranoia that my laptop is still infected. Malwarebytes will freeze after pre-scan operation and not just a "regular" freeze but halts my laptop which forces me to force shut down my laptop.
It can run fine in safe mode and in fact I used Malwarebytes thrice in safe mode successfully. (prior to the creation of my threads). Other than that and the occasional long spinning circles of "Welcome", that's all so far, I think.


#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 29 July 2017 - 09:38 AM


Hi,

Download and run their removal tool.
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware-cleanup-tool/

Restart when completed.

Reinstall the application from their site.
https://www.malwarebytes.com

How is it now?

#6 dormillie

dormillie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 29 July 2017 - 09:58 AM

Hi,

Download and run their removal tool.
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware-cleanup-tool/

Restart when completed.

Reinstall the application from their site.
https://www.malwarebytes.com

How is it now?

Will try now. If it still freezes, I'll let you know. I also set both Kaspersky and Malwarebytes folder as exclusions. I'm hoping for the best!



#7 dormillie

dormillie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 29 July 2017 - 10:53 AM

Hi,

Download and run their removal tool.
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware-cleanup-tool/

Restart when completed.

Reinstall the application from their site.
https://www.malwarebytes.com

How is it now?

Hey there! Malwarebytes actually did not freeze at all this time! However, I did not add "Scan for Rootkits" for I was testing if it could actually stay fine and scan as is.
I used RKill just an extra measure to secure Malwarebytes to run.
 
Both have found nothing suspicious or anything bad whatsoever.
 
Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html
 
Program started at: 07/29/2017 11:02:40 PM in x64 mode.
Windows Version: Windows 8.1 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * Windows Defender Disabled
 
   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * HOSTS file entries found: 
 
  0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
  0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
  0.0.0.0 media.opencandy.com
  0.0.0.0 cdn.opencandy.com
  0.0.0.0 tracking.opencandy.com
  0.0.0.0 api.opencandy.com
  0.0.0.0 api.recommendedsw.com
  0.0.0.0 installer.betterinstaller.com
  0.0.0.0 installer.filebulldog.com
  0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
  0.0.0.0 inno.bisrv.com
  0.0.0.0 nsis.bisrv.com
  0.0.0.0 cdn.file2desktop.com
  0.0.0.0 cdn.goateastcach.us
  0.0.0.0 cdn.guttastatdk.us
  0.0.0.0 cdn.inskinmedia.com
  0.0.0.0 cdn.insta.oibundles2.com
  0.0.0.0 cdn.insta.playbryte.com
  0.0.0.0 cdn.llogetfastcach.us
  0.0.0.0 cdn.montiera.com
 
  20 out of 35 HOSTS entries shown.
  Please review HOSTS file for further entries.
 
Program finished at: 07/29/2017 11:03:05 PM
Execution time: 0 hours(s), 0 minute(s), and 25 seconds(s)
 
 
---------------------------------
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/29/17
Scan Time: 11:03 PM
Log File: mbam log.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2463
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: LENOVO-PC\Lenovo Gaming
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 376833
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 43 min, 13 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
I was wondering, is the HOSTS thing alright? Like I see weird sites on HOSTS, are they harmful?

Edit: Currently starting a new scan for "Scanning for Rootkits" to make sure.

Edited by dormillie, 29 July 2017 - 10:57 AM.


#8 dormillie

dormillie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 29 July 2017 - 11:50 AM

 

Hi,

Download and run their removal tool.
https://www.bleepingcomputer.com/download/malwarebytes-anti-malware-cleanup-tool/

Restart when completed.

Reinstall the application from their site.
https://www.malwarebytes.com

How is it now?


Edit: Currently starting a new scan for "Scanning for Rootkits" to make sure.

 

 

Here's my log of Malwarebytes Threat Scan + Rootkit Scan (this time). I'm glad it was able to run without sadly crashing/crippling my laptop. Considering it takes like more memory than Kaspersky. (esp. on startup, it takes eons for me to get through log on screens, much worse having mbam active.
 
ghP4kzj.png
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 7/29/17
Scan Time: 11:54 PM
Log File: mbam log + rootkit scan.txt
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.160
Update Package Version: 1.0.2463
License: Trial
 
-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: LENOVO-PC\Lenovo Gaming
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 378178
Threats Detected: 0
(No malicious items detected)
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 44 min, 9 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)
 
This is what I can provide you so far! I'll be awaiting further instructions. c:


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 30 July 2017 - 07:12 AM

Hi,

Looking good.

I was wondering, is the HOSTS thing alright? Like I see weird sites on HOSTS, are they harmful?

Not any more. Read about the HOSTS file.
http://winhelp2002.mvps.org/hosts.htm

===

For your peace of mind run ths Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.
  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Let me know of any remaining issues.

#10 dormillie

dormillie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 30 July 2017 - 06:17 PM

Hi,

Looking good.

I was wondering, is the HOSTS thing alright? Like I see weird sites on HOSTS, are they harmful?

Not any more. Read about the HOSTS file.
http://winhelp2002.mvps.org/hosts.htm

===

For your peace of mind run ths Sophos Virus Removal Tool

Please download Sophos Virus Removal Tool and save it to your computer's Desktop.

  • Right-click the icon and select Run as administrator.
  • Click Yes to accept any security warnings that may appear.
  • Click the Next button.
  • Select 'I accept the terms in the license agreement', then click Next twice.
  • Click the Install button and wait until the installation is complete.
  • Click the Finish button. The tool created a shortcut icon on the Desktop of your computer.
  • Now, double-click the Sophos Virus Removal Tool shortcut icon to run the tool.
  • Click Yes to accept any security warnings that may appear.
  • After it updates and a "Start Scanning" button appears in the lower right:
    • Disconnect from the Internet or physically unplug your Internet cable connection.
    • Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
    • Temporarily disable your anti-virus and real-time anti-spyware protection.
  • Click the "Start Scanning" button in the lower right to start the scan.
  • After starting the scan, do not use the computer until the scan has completed.
  • When finished, if it detected anything there will be a "Start Clean-up" button, click it and allow it to finish.
  • When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
  • If any threats are found click Details, then View Log file (bottom left-hand corner).
  • Copy and paste its contents in your next reply and note any errors encountered.
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup.
  • Click Exit to close the program.
  • If no threats were found, please confirm that result.
Note: Whenever necessary, the log will be in the following location:

Windows Vista and above:
C:\ProgramData\Sophos\Sophos Virus Removal Tool\Logs\SophosVirusRemovalTool.log
 
Please post the contents of the log in your next reply and note any errors encountered.
===

Let me know of any remaining issues.

 

 

Here you go! Sorry, I was asleep.

 

2017-07-30 22:16:14.606 Sophos Virus Removal Tool version 2.6.1
2017-07-30 22:16:14.606 Copyright © 2009-2017 Sophos Limited. All rights reserved.
 
2017-07-30 22:16:14.606 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.
 
2017-07-30 22:16:14.606 Windows version 6.2 SP 0.0  build 9200 SM=0x300 PT=0x1 WOW64
2017-07-30 22:16:14.606 Checking for updates...
2017-07-30 22:16:14.684 Update progress: proxy server not available
2017-07-30 22:16:27.281 Option all = no
2017-07-30 22:16:27.281 Option recurse = yes
2017-07-30 22:16:27.281 Option archive = no
2017-07-30 22:16:27.281 Option service = yes
2017-07-30 22:16:27.281 Option confirm = yes
2017-07-30 22:16:27.281 Option sxl = yes
2017-07-30 22:16:27.285 Option max-data-age = 35
2017-07-30 22:16:27.285 Option vdl-logging = yes
2017-07-30 22:16:27.289 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-07-30 22:16:27.289 Machine ID: d554844603d34867868442b04142eab0
2017-07-30 22:16:27.289 Component SVRTcli.exe version 2.6.1
2017-07-30 22:16:27.289 Component control.dll version 2.6.1
2017-07-30 22:16:27.289 Component SVRTservice.exe version 2.6.1
2017-07-30 22:16:27.289 Component engine\osdp.dll version 1.44.1.2286
2017-07-30 22:16:27.289 Component engine\veex.dll version 3.68.6.2286
2017-07-30 22:16:27.289 Component engine\savi.dll version 9.0.7.2286
2017-07-30 22:16:27.293 Component rkdisk.dll version 1.5.31.1
2017-07-30 22:16:27.293 Version info: Product version 2.6.1
2017-07-30 22:16:27.293 Version info: Detection engine 3.68.6
2017-07-30 22:16:27.293 Version info: Detection data 5.40
2017-07-30 22:16:27.293 Version info: Build date 5/30/2017
2017-07-30 22:16:27.293 Version info: Data files added 437
2017-07-30 22:16:27.293 Version info: Last successful update (not yet updated)
2017-07-30 22:18:10.356 Downloading updates...
2017-07-30 22:18:10.356 Update progress: [I96736] sdds.svrt_10: adding primary package C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED baseVersion=1
2017-07-30 22:18:10.356 Update progress: [I95020] sdds.svrt_10: looking for packages included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-30 22:18:10.356 Update progress: [I22529] sdds.svrt_10: looking for supplements included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-30 22:18:10.356 Update progress: [I49502] sdds.savi0910.xml: found supplement SAVIW32 LATEST path= baseVersion= [included from product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=]
2017-07-30 22:18:10.356 Update progress: [I95020] sdds.savi0910.xml: looking for packages included from product SAVIW32 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I22529] sdds.savi0910.xml: looking for supplements included from product SAVIW32 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I49502] sdds.data0910.xml: found supplement IDE541 LATEST path= baseVersion= [included from product SAVIW32 LATEST path=]
2017-07-30 22:18:10.356 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE541 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE541 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I49502] sdds.data0910.xml: found supplement IDE542 LATEST path= baseVersion= [included from product IDE541 LATEST path=]
2017-07-30 22:18:10.356 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE542 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE542 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I49502] sdds.data0910.xml: found supplement IDE543 LATEST path= baseVersion= [included from product IDE542 LATEST path=]
2017-07-30 22:18:10.356 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE543 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE543 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I49502] sdds.data0910.xml: found supplement IDE544 LATEST path= baseVersion= [included from product IDE543 LATEST path=]
2017-07-30 22:18:10.356 Update progress: [I95020] sdds.data0910.xml: looking for packages included from product IDE544 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I22529] sdds.data0910.xml: looking for supplements included from product IDE544 LATEST path=
2017-07-30 22:18:10.356 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 RECOMMENDED path=
2017-07-30 22:18:11.372 Update progress: [I19463] Syncing product SAVIW32 LATEST path=
2017-07-30 22:18:11.372 Update progress: [I19463] Product download size 166581621 bytes
2017-07-30 22:18:15.637 Update progress: [I19463] Syncing product IDE541 LATEST path=
2017-07-30 22:18:15.637 Update progress: [I19463] Product download size 2265483 bytes
2017-07-30 22:18:17.106 Update progress: [I19463] Syncing product IDE542 LATEST path=
2017-07-30 22:18:17.106 Update progress: [I19463] Product download size 2018230 bytes
2017-07-30 22:18:19.011 Update progress: [I19463] Syncing product IDE543 LATEST path=
2017-07-30 22:18:19.011 Update progress: [I19463] Product download size 2650459 bytes
2017-07-30 22:18:19.262 Update progress: [I19463] Syncing product IDE544 LATEST path=
2017-07-30 22:18:19.262 Update progress: [I19463] Product download size 326631 bytes
2017-07-30 22:18:19.455 Installing updates...
2017-07-30 22:18:20.293 Error level 1
2017-07-30 22:18:40.522 Update successful
2017-07-30 22:19:00.208 Option all = no
2017-07-30 22:19:00.208 Option recurse = yes
2017-07-30 22:19:00.208 Option archive = no
2017-07-30 22:19:00.208 Option service = yes
2017-07-30 22:19:00.208 Option confirm = yes
2017-07-30 22:19:00.208 Option sxl = yes
2017-07-30 22:19:00.208 Option max-data-age = 35
2017-07-30 22:19:00.208 Option vdl-logging = yes
2017-07-30 22:19:00.224 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2017-07-30 22:19:00.224 Machine ID: d554844603d34867868442b04142eab0
2017-07-30 22:19:00.224 Component SVRTcli.exe version 2.6.1
2017-07-30 22:19:00.224 Component control.dll version 2.6.1
2017-07-30 22:19:00.224 Component SVRTservice.exe version 2.6.1
2017-07-30 22:19:00.224 Component engine\osdp.dll version 1.44.1.2286
2017-07-30 22:19:00.224 Component engine\veex.dll version 3.68.6.2286
2017-07-30 22:19:00.224 Component engine\savi.dll version 9.0.7.2286
2017-07-30 22:19:00.224 Component rkdisk.dll version 1.5.31.1
2017-07-30 22:19:00.224 Version info: Product version 2.6.1
2017-07-30 22:19:00.224 Version info: Detection engine 3.68.6
2017-07-30 22:19:00.224 Version info: Detection data 5.40
2017-07-30 22:19:00.224 Version info: Build date 5/30/2017
2017-07-30 22:19:00.224 Version info: Data files added 437
2017-07-30 22:19:00.224 Version info: Last successful update 7/31/2017 6:18:40 AM
 
2017-07-30 22:22:33.873 Couldn't apply option 'SXLLiveProtection' to the detection engine.
2017-07-30 22:25:02.310 Could not open C:\DkHyperbootSync
2017-07-30 22:25:02.872 Could not open C:\hiberfil.sys
2017-07-30 22:25:02.872 Could not open C:\pagefile.sys
2017-07-30 22:35:14.636 Could not open C:\swapfile.sys
2017-07-30 22:35:14.902 Could not open C:\System Volume Information\{31c95005-734a-11e7-82b4-0c8bfd7d6643}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-30 22:35:14.902 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-30 22:35:14.902 Could not open C:\System Volume Information\{9e570c03-747e-11e7-82b8-0c8bfd7d6643}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-30 22:35:14.902 Could not open C:\System Volume Information\{9e5716d9-747e-11e7-82b8-0c8bfd7d6643}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-30 22:35:14.902 Could not open C:\System Volume Information\{c5180584-734c-11e7-82b5-0c8bfd7d6643}{3808876b-c176-4e48-b7ae-04046e6cc752}
2017-07-30 22:42:26.551 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2017-07-30 22:42:26.551 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2017-07-30 22:42:28.233 Could not open C:\Windows\System32\config\BBI
2017-07-30 22:42:28.265 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2017-07-30 22:42:28.265 Could not open C:\Windows\System32\config\RegBack\SAM
2017-07-30 22:42:28.265 Could not open C:\Windows\System32\config\RegBack\SECURITY
2017-07-30 22:42:28.265 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2017-07-30 22:42:28.265 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2017-07-30 22:57:45.146 Could not open LOGICAL:0004:00000000
2017-07-30 22:57:45.146 Could not open E:\
2017-07-30 22:57:51.615 >>> Virus 'Mal/VMProtBad-A' found in file F:\DreamerRO\gepard.dll
2017-07-30 22:59:57.585 The following items will be cleaned up:
2017-07-30 22:59:57.585 Mal/VMProtBad-A
 
I don't think I could remove that because that's my video game's anti-cheat system (Ragnarok Online). It's not a virus nor a malware. My main concern, however, are these:
 
 
The RSengine.dll was a leftover from Bytefence, I believe, I removed the thing (Bytefence, not the dll file) prior to me posting.
The "cina.dat" one feels off and I can't recall when and where it appeared but I do suspect it. I don't even want to touch it directly. Malwarebytes and Kaspersky isn't picking these up but I had to suspect it.
 
Please advise me on what to do on this!

Edited by dormillie, 30 July 2017 - 06:26 PM.


#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 31 July 2017 - 07:19 AM

Your computer is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

#12 dormillie

dormillie
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:05:52 PM

Posted 31 July 2017 - 10:06 AM

Your computer is clean.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/


https://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
Simple and easy ways to keep your computer safe and secure on the Internet.
===

 

Thank you! That's a relief but is it advisable to delete the files I linked you? (rsengine.dll is in my program files, like literally there and not in a folder or anything and cina.dat is in a folder named "dite" in local folder of appdata.) 

 

Also, can I uninstall Sophos or FBAR now? I really don't know how to uninstall FBAR...



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:52 AM

Posted 01 August 2017 - 06:49 AM



Always play it safe. Delete the files and keep them in the Recycle bin. If all is well in a week of operation you can flush them.

===

Uninstall Sophos.

As for the other programs we used you can use this tool to remove them.

Download Delfix from this site.
https://www.bleepingcomputer.com/download/delfix/

DelFix is a tool developed by Xplode, the makers of AdwCleaner, which can remove all portable virus cleaning and disinfection tools you’ve ever used. It will also reset the restore points of your computer systems making it even safer.

The program makes some other adjustments to your PC too which include:

Activate UAC: It activates the user account control after cleaning the log files and the unnecessary clutter in your PC.
Remove disinfection tools: Removes the tool you’ve ever used to disinfect your PC.
Create registry backup: The program creates a registry backup and stores it under % windir% \ ERUNT \ DelFix.
Purge system restore: Deletes all your older restore points and creates a fresh one.
Reset system settings: It resets the system settings after the removal process is completed.


Just download the program and run it on your computer system.
There is a default check-mark on feature ‘Remove disinfection tools’ and you need to check other feature manually before running the program should you wish to.
Wait for a few minutes and your computer system will be free of all unnecessary files.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users