Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Arcade Twist On PC Can't Uninstall [Solved]

Arcade Twist

  • This topic is locked This topic is locked

#1
BeFreeIL

BeFreeIL

    New Member

  • Member
  • Pip
  • 5 posts

The adware, Arcade Twist (AT) recently started popping up when browsing (Firefox). I ran another app to try to get rid of it but didn't want to pay $30 for it and have uninstalled it. Unfortunately, I think I used that app to block it and now when I try to uninstall AT the system just tells me its blocked and goes no further. I have tried to take care of the problem with it popping up by disabling the plugin named "nAPI Plugin" and the "eShield" extension that, I presume were responsible within Firefox. I suppose I could just delete the C:\User\...\Local\CloudServan830 folder & contents where the AT application files seem to reside but that would not take care of any instructions, etc. in the registry.

 

Anyway, following your 'geeks to go!' instructions I ran the Farbar tool and have copied the text from FRST.txt & Additional.txt below...

 

**********************************

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Tim (administrator) on TIM-LENOVO (31-10-2015 15:02:14)
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim (Available Profiles: Tim)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(PointGrab LTD) C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(VentureOmni Technologies) C:\Users\Tim\AppData\Local\SecIndust79\VOTPrx.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Eshield) C:\Users\Tim\AppData\Local\TNT2\2.0.0.2010\TNT2User.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
() C:\Program Files\StageLight\StagelightUpdate.exe
(Playthru Player) C:\Program Files (x86)\PlaythruPlayer\PlaythruPlayer.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(ArcadeTwist) C:\Users\Tim\AppData\Local\CloudServan830\Cldisplay.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-04] (Realtek Semiconductor)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-08-02] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [396688 2015-07-18] ()
HKLM\...\Run: [HotKeysCmds] => "C:\windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\windows\system32\igfxpers.exe"
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2013-10-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-10-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [StageLightUpdate] => C:\Program Files\Stagelight\StagelightUpdate.exe [1391104 2014-12-01] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6134544 2015-10-04] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\...\Run: [Playthru Player] => C:\Program Files (x86)\PlaythruPlayer\PlaythruPlayer.exe [412080 2015-08-04] (Playthru Player)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-10-04] (AVAST Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2013-10-16]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600.lnk [2015-10-31]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600.lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{88b559c9-b027-4925-8c9e-77ce50e663db}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9ea7f74b-2d6a-40df-a76d-f50f1c88e1ac}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> DefaultScope {5B48AA42-96EA-4C01-9E97-764881039627} URL = hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> {219E79B3-7730-4EF1-BAFF-AE7AC00C8D89} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=tightropetb&type=11469
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> {5B48AA42-96EA-4C01-9E97-764881039627} URL = hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> {D4D0853F-5CB7-4966-B37A-142BCFB0F822} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-08-14] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-08-14] (AVAST Software)
Toolbar: HKLM - eShield - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\TNT2\2.0.0.2010\IEToolbar64.dll [2015-10-27] (Eshield)
Toolbar: HKLM-x32 - eShield - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\TNT2\2.0.0.2010\ietoolbar.dll [2015-10-27] (Eshield)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2012-06-01] (Skype Technologies)

FireFox:
========
FF ProfilePath: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default
FF NewTab: hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
FF DefaultSearchEngine: eShield Safe Web
FF DefaultSearchEngine.US: eShield Safe Web
FF SelectedSearchEngine: eShield Safe Web
FF Homepage: hxxp://www.wunderground.com/US/IL/Springfield.html
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-17] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-20] (Intel Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll [2013-07-24] (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-09-26] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4223536469-4065902509-2743383526-1001: @tnt2npapi.com/Plugin -> C:\Users\Tim\AppData\Local\TNT2\2.0.0.2010\npTNT2.dll [2015-10-27] (Eshield)
FF Plugin HKU\S-1-5-21-4223536469-4065902509-2743383526-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll [2013-07-18] (Intel)
FF Plugin HKU\S-1-5-21-4223536469-4065902509-2743383526-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll [2013-07-18] (Intel)
FF user.js: detected! => C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\user.js [2015-10-27]
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\searchplugins\eshield-safe-web.xml [2015-10-31]
FF Extension: Xmarks - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\Extensions\[email protected] [2015-10-28]
FF Extension: LastPass - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\Extensions\[email protected] [2015-10-27]
FF Extension: eShield - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\Extensions\{cf15270e-cf08-4def-b4ea-6a5ac23f3bca}.xpi [2015-10-27] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-10-04] [not signed]

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-26]
CHR Extension: (Google Docs) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-22]
CHR Extension: (Google Drive) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-22]
CHR Extension: (YouTube) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-22]
CHR Extension: (Google Search) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-22]
CHR Extension: (Avast SafePrice) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2015-04-22]
CHR Extension: (Google Sheets) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-26]
CHR Extension: (Bookmark Manager) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-30]
CHR Extension: (Avast Online Security) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-05-26]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-26]
CHR Extension: (Google Wallet) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-26]
CHR Extension: (Gmail) - C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22]
CHR HKLM-x32\...\Chrome\Extension: [dkmjljdbbgogihjcapfhgkonfmccbffp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-04-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-22]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-10-04] (AVAST Software)
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-08-20] (Intel Corporation)
R2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-30] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-20] (Intel Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 PGService; C:\Program Files (x86)\Lenovo\Motion Control\PGService.exe [161072 2013-08-07] (PointGrab LTD)
S4 PG_Service_Launcher; C:\Program Files (x86)\Lenovo\Motion Control\PG_Service_Launcher.exe [345408 2013-08-07] (PointGrab LTD)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
R2 VOTPrx; C:\Users\Tim\AppData\Local\SecIndust79\VOTPrx.exe [1726800 2015-08-07] (VentureOmni Technologies)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-10-04] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-10-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-10-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-10-04] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1049880 2015-10-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [448968 2015-10-04] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [153744 2015-10-04] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-10-04] (AVAST Software)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [263952 2015-07-14] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-01] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [423128 2013-07-24] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8873688 2013-08-02] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-10-31] (SlimWare Utilities, Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R2 VOTw8; C:\WINDOWS\system32\Drivers\VOTw864.sys [44136 2015-08-07] (VentureOmni Technologies)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 15:02 - 2015-10-31 15:02 - 00020623 _____ C:\Users\Tim\Desktop\FRST.txt
2015-10-31 15:00 - 2015-10-31 15:02 - 00000000 ____D C:\FRST
2015-10-31 14:59 - 2015-10-31 15:00 - 02198016 _____ (Farbar) C:\Users\Tim\Desktop\FRST64.exe
2015-10-31 14:57 - 2015-10-31 14:57 - 00016148 _____ C:\WINDOWS\system32\TIM-LENOVO_Tim_HistoryPrediction.bin
2015-10-31 14:57 - 2015-10-31 14:57 - 00000000 ___HD C:\OneDriveTemp
2015-10-31 13:43 - 2015-10-31 13:43 - 00000000 _____ C:\autoexec.bat
2015-10-31 13:42 - 2015-10-31 13:42 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Tim\Downloads\SpyHunter-Installer.exe
2015-10-29 23:17 - 2015-10-27 18:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-29 23:17 - 2015-10-27 18:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-29 23:17 - 2015-10-21 07:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-29 23:17 - 2015-10-21 00:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-29 23:16 - 2015-10-21 07:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-29 23:16 - 2015-10-21 07:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-29 23:16 - 2015-10-21 07:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-29 23:16 - 2015-10-21 07:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-29 23:16 - 2015-10-21 07:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-29 23:16 - 2015-10-21 06:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-29 23:16 - 2015-10-21 06:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-29 23:16 - 2015-10-21 06:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-29 23:16 - 2015-10-21 06:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-29 23:16 - 2015-10-21 06:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-29 23:16 - 2015-10-21 06:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-29 23:16 - 2015-10-21 06:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-29 23:16 - 2015-10-21 06:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-29 23:16 - 2015-10-21 06:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-29 23:16 - 2015-10-21 06:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-29 23:16 - 2015-10-21 06:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-29 23:16 - 2015-10-21 06:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-29 23:16 - 2015-10-21 06:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-29 23:16 - 2015-10-21 06:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-29 23:16 - 2015-10-21 06:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-29 23:16 - 2015-10-21 00:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-29 23:16 - 2015-10-21 00:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-29 23:16 - 2015-10-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-29 23:16 - 2015-10-21 00:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-29 23:16 - 2015-10-21 00:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-29 23:16 - 2015-10-21 00:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-29 23:16 - 2015-10-21 00:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-29 23:16 - 2015-10-20 23:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-29 23:16 - 2015-10-20 23:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-29 23:16 - 2015-10-20 23:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-27 22:57 - 2015-10-31 14:59 - 00010928 _____ C:\WINDOWS\SysWOW64\VOTPrxOff.ini
2015-10-27 22:57 - 2015-10-31 14:59 - 00010928 _____ C:\WINDOWS\system32\VOTPrxOff.ini
2015-10-27 22:57 - 2015-10-31 14:59 - 00000272 _____ C:\WINDOWS\Tasks\LigServan20.job
2015-10-27 22:57 - 2015-10-31 14:43 - 00000282 _____ C:\WINDOWS\Tasks\SecreDivisi744.job
2015-10-27 22:57 - 2015-10-31 06:49 - 00000000 ____D C:\Users\Tim\AppData\Local\PlaythruPlayer
2015-10-27 22:57 - 2015-10-27 22:57 - 00003188 _____ C:\WINDOWS\System32\Tasks\SecreDivisi744
2015-10-27 22:57 - 2015-10-27 22:57 - 00003172 _____ C:\WINDOWS\System32\Tasks\LigServan20
2015-10-27 22:57 - 2015-10-27 22:57 - 00000970 _____ C:\Users\Tim\Desktop\PRO PC Cleaner Software.lnk
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner Software
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Local\SecIndust79
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Local\CloudServan830
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playthru Player
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\PRO PC Cleaner Software
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\PlaythruPlayer
2015-10-27 22:57 - 2015-08-07 15:01 - 00044136 _____ (VentureOmni Technologies) C:\WINDOWS\system32\Drivers\VOTw864.sys
2015-10-27 22:56 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\TNT2
2015-10-27 22:56 - 2015-10-27 22:56 - 00000000 ____D C:\Users\Tim\AppData\Local\TNT2
2015-10-27 22:55 - 2015-10-27 22:56 - 00889816 _____ (Skilled Tomorrow Install System) C:\Users\Tim\Downloads\Setup.exe
2015-10-15 18:01 - 2015-10-31 14:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-13 19:55 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 19:55 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 19:55 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 19:55 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 19:55 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 19:55 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 19:55 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 19:55 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 19:55 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 19:55 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 19:55 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 19:55 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 19:55 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 19:55 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 19:55 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 19:55 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 19:55 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 19:55 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 19:55 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 19:55 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 19:55 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 19:55 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 19:55 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 19:55 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 19:55 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 19:55 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 19:55 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 19:55 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 19:55 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 19:55 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 19:55 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 19:55 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 19:55 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 19:55 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 19:55 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 19:55 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 19:55 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 19:55 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 19:55 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 19:55 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 19:55 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 19:55 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 19:55 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 19:55 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 19:55 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 19:55 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 19:55 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 19:55 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 19:55 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 19:55 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 19:55 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 19:55 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 19:55 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 19:55 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 19:55 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 19:55 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 19:55 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 19:55 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-05 00:05 - 2015-10-31 00:05 - 00000362 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Tim).job
2015-10-05 00:05 - 2015-10-05 00:05 - 00003114 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Tim)
2015-10-04 23:09 - 2015-10-04 23:08 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-10-04 23:08 - 2015-10-04 23:08 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-10-04 23:04 - 2015-10-31 14:57 - 00016056 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2015-10-04 23:04 - 2015-10-31 14:57 - 00000436 _____ C:\WINDOWS\Tasks\DriverUpdate Startup.job
2015-10-04 23:04 - 2015-10-25 23:04 - 00000490 _____ C:\WINDOWS\Tasks\DriverUpdate Scan.job
2015-10-04 23:04 - 2015-10-05 00:04 - 00000000 ____D C:\Users\Tim\AppData\Local\SlimWare Utilities Inc
2015-10-04 23:04 - 2015-10-04 23:04 - 00003406 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Scan
2015-10-04 23:04 - 2015-10-04 23:04 - 00002914 _____ C:\WINDOWS\System32\Tasks\DriverUpdate Startup
2015-10-04 23:04 - 2015-10-04 23:04 - 00002501 _____ C:\Users\Public\Desktop\DriverUpdate.lnk
2015-10-04 23:04 - 2015-10-04 23:04 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2015-10-04 23:04 - 2015-10-04 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverUpdate
2015-10-04 23:04 - 2015-10-04 23:04 - 00000000 ____D C:\Program Files (x86)\DriverUpdate
2015-10-04 23:03 - 2015-10-04 23:04 - 00920808 _____ (SlimWare Utilities, Inc.) C:\Users\Tim\Downloads\DriverUpdate-setup.exe
2015-10-02 08:26 - 2015-10-31 14:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-10-02 06:30 - 2015-09-17 01:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-02 06:30 - 2015-09-17 01:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-02 06:30 - 2015-09-17 01:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-02 06:30 - 2015-09-17 01:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-02 06:30 - 2015-09-17 01:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 06:30 - 2015-09-17 01:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-02 06:30 - 2015-09-17 01:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-02 06:30 - 2015-09-17 01:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-02 06:30 - 2015-09-17 01:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-02 06:30 - 2015-09-17 01:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-02 06:30 - 2015-09-17 01:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-02 06:30 - 2015-09-17 01:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-02 06:30 - 2015-09-17 01:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-02 06:30 - 2015-09-17 01:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-02 06:30 - 2015-09-17 01:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-02 06:30 - 2015-09-17 01:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-02 06:30 - 2015-09-17 00:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-02 06:30 - 2015-09-17 00:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-02 06:30 - 2015-09-17 00:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-02 06:30 - 2015-09-17 00:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-02 06:30 - 2015-09-17 00:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-02 06:30 - 2015-09-17 00:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-02 06:30 - 2015-09-17 00:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-02 06:30 - 2015-09-17 00:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-02 06:30 - 2015-09-17 00:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-02 06:30 - 2015-09-17 00:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-02 06:30 - 2015-09-17 00:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-02 06:30 - 2015-09-17 00:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-02 06:30 - 2015-09-17 00:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-02 06:30 - 2015-09-17 00:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-02 06:30 - 2015-09-17 00:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-02 06:30 - 2015-09-17 00:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-02 06:30 - 2015-09-17 00:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-02 06:30 - 2015-09-17 00:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-02 06:30 - 2015-09-17 00:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-02 06:30 - 2015-09-17 00:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-02 06:30 - 2015-09-17 00:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-02 06:30 - 2015-09-17 00:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-02 06:29 - 2015-09-19 00:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-02 06:29 - 2015-09-17 01:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-02 06:29 - 2015-09-17 01:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-02 06:29 - 2015-09-17 01:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-02 06:29 - 2015-09-17 01:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-02 06:29 - 2015-09-17 01:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-02 06:29 - 2015-09-17 01:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-02 06:29 - 2015-09-17 01:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-02 06:29 - 2015-09-17 01:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-02 06:29 - 2015-09-17 01:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-02 06:29 - 2015-09-17 01:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-02 06:29 - 2015-09-17 01:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-02 06:29 - 2015-09-17 01:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-02 06:29 - 2015-09-17 01:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-02 06:29 - 2015-09-17 01:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-02 06:29 - 2015-09-17 01:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-02 06:29 - 2015-09-17 01:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-02 06:29 - 2015-09-17 01:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-02 06:29 - 2015-09-17 01:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-02 06:29 - 2015-09-17 01:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-02 06:29 - 2015-09-17 01:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-02 06:29 - 2015-09-17 01:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-02 06:29 - 2015-09-17 01:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-02 06:29 - 2015-09-17 01:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-02 06:29 - 2015-09-17 01:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-02 06:29 - 2015-09-17 01:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-02 06:29 - 2015-09-17 01:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-02 06:29 - 2015-09-17 01:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-02 06:29 - 2015-09-17 01:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-02 06:29 - 2015-09-17 01:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-02 06:29 - 2015-09-17 01:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-02 06:29 - 2015-09-17 01:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-02 06:29 - 2015-09-17 01:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-02 06:29 - 2015-09-17 01:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-02 06:29 - 2015-09-17 01:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-02 06:29 - 2015-09-17 01:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-02 06:29 - 2015-09-17 01:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-02 06:29 - 2015-09-17 01:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-02 06:29 - 2015-09-17 01:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-02 06:29 - 2015-09-17 01:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-02 06:29 - 2015-09-17 01:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-02 06:29 - 2015-09-17 01:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-02 06:29 - 2015-09-17 01:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-02 06:29 - 2015-09-17 01:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-02 06:29 - 2015-09-17 01:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-02 06:29 - 2015-09-17 01:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-02 06:29 - 2015-09-17 01:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-02 06:29 - 2015-09-17 01:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-02 06:29 - 2015-09-17 01:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-02 06:29 - 2015-09-17 01:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-02 06:29 - 2015-09-17 01:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-02 06:29 - 2015-09-17 01:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-02 06:29 - 2015-09-17 01:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-02 06:29 - 2015-09-17 01:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-02 06:29 - 2015-09-17 01:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-02 06:29 - 2015-09-17 01:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-02 06:29 - 2015-09-17 00:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-02 06:29 - 2015-09-17 00:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-02 06:29 - 2015-09-17 00:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-02 06:29 - 2015-09-17 00:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-02 06:29 - 2015-09-17 00:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-02 06:29 - 2015-09-17 00:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-02 06:29 - 2015-09-17 00:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-02 06:29 - 2015-09-17 00:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-02 06:29 - 2015-09-17 00:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-02 06:29 - 2015-09-17 00:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-02 06:29 - 2015-09-17 00:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-02 06:29 - 2015-09-17 00:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-02 06:29 - 2015-09-17 00:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-02 06:29 - 2015-09-17 00:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-02 06:29 - 2015-09-17 00:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-02 06:29 - 2015-09-17 00:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-02 06:29 - 2015-09-17 00:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-02 06:29 - 2015-09-17 00:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-02 06:29 - 2015-09-17 00:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-02 06:29 - 2015-09-17 00:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-02 06:29 - 2015-09-17 00:50 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-02 06:29 - 2015-09-17 00:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-02 06:29 - 2015-09-17 00:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-02 06:29 - 2015-09-17 00:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-02 06:29 - 2015-09-17 00:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-02 06:29 - 2015-09-17 00:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-02 06:29 - 2015-09-17 00:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-02 06:29 - 2015-09-17 00:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-02 06:29 - 2015-09-17 00:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-02 06:29 - 2015-09-17 00:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-02 06:29 - 2015-09-17 00:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-02 06:29 - 2015-09-17 00:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-02 06:29 - 2015-09-17 00:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-02 06:29 - 2015-09-17 00:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-02 06:29 - 2015-09-17 00:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-02 06:29 - 2015-09-17 00:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-02 06:29 - 2015-09-17 00:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-02 06:29 - 2015-09-17 00:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-02 06:29 - 2015-09-17 00:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-02 06:29 - 2015-09-17 00:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-02 06:29 - 2015-09-17 00:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-02 06:29 - 2015-09-17 00:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-02 06:29 - 2015-09-17 00:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-02 06:29 - 2015-09-17 00:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-02 06:29 - 2015-09-17 00:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-02 06:29 - 2015-09-17 00:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-02 06:29 - 2015-09-17 00:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-02 06:29 - 2015-09-17 00:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-02 06:29 - 2015-09-17 00:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-02 06:29 - 2015-09-17 00:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-02 06:29 - 2015-09-17 00:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-02 06:29 - 2015-09-17 00:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-02 06:29 - 2015-09-17 00:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-02 06:29 - 2015-09-17 00:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-02 06:29 - 2015-09-17 00:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-02 06:29 - 2015-09-17 00:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-02 06:29 - 2015-09-17 00:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-02 06:29 - 2015-09-17 00:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-02 06:29 - 2015-09-17 00:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-02 06:29 - 2015-09-17 00:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-02 06:29 - 2015-09-17 00:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-02 06:29 - 2015-09-17 00:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-02 06:29 - 2015-09-17 00:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-02 06:29 - 2015-09-17 00:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-02 06:29 - 2015-09-17 00:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-02 06:29 - 2015-09-17 00:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-02 06:29 - 2015-09-17 00:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-02 06:29 - 2015-09-17 00:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-02 06:29 - 2015-09-17 00:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-02 06:29 - 2015-09-17 00:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-02 06:29 - 2015-09-17 00:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-02 06:29 - 2015-09-17 00:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-02 06:29 - 2015-09-17 00:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-02 06:29 - 2015-09-17 00:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-02 06:29 - 2015-09-17 00:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-02 06:29 - 2015-09-17 00:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 14:57 - 2015-09-12 17:01 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-10-31 14:57 - 2014-12-11 00:13 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 14:57 - 2014-11-06 18:43 - 00000000 ___DO C:\Users\Tim\SkyDrive
2015-10-31 14:55 - 2015-09-12 17:22 - 00876942 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 14:54 - 2015-07-10 07:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-31 14:51 - 2015-07-10 07:20 - 00020645 _____ C:\WINDOWS\setupact.log
2015-10-31 14:51 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-31 14:50 - 2015-09-12 16:57 - 00027904 _____ C:\WINDOWS\PFRO.log
2015-10-31 14:50 - 2015-07-10 07:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-31 14:50 - 2014-11-04 21:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-31 14:49 - 2015-07-10 04:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-31 14:48 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-31 14:48 - 2014-12-11 00:13 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 14:47 - 2014-11-04 18:39 - 00006611 _____ C:\Users\Tim\AppData\Roaming\AbsoluteReminder.xml
2015-10-31 14:40 - 2014-11-15 13:23 - 00001293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2015-10-31 14:40 - 2014-11-15 13:23 - 00001281 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2015-10-31 14:26 - 2014-11-10 00:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-31 13:34 - 2014-11-04 21:24 - 00000000 ____D C:\Users\Tim\AppData\LocalLow\LastPass
2015-10-31 13:08 - 2014-11-05 01:05 - 00000000 ____D C:\Users\Tim\Documents\Automotive
2015-10-31 12:42 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-31 12:42 - 2014-11-04 18:38 - 00000000 ____D C:\Users\Tim\AppData\Local\Packages
2015-10-31 11:08 - 2014-11-04 20:54 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5D4F841A-8141-4E56-8994-49E60F55B903}
2015-10-31 06:57 - 2015-07-10 05:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-30 21:45 - 2014-12-26 13:41 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-10-27 22:57 - 2015-05-22 14:30 - 00000000 __SHD C:\Users\Tim\AppData\LocalLow\EmieUserList
2015-10-27 22:57 - 2015-05-22 14:30 - 00000000 __SHD C:\Users\Tim\AppData\LocalLow\EmieSiteList
2015-10-27 22:54 - 2014-11-05 01:21 - 00000000 ____D C:\Users\Tim\Documents\Online Billing
2015-10-27 22:47 - 2014-11-05 01:05 - 00096295 _____ C:\Users\Tim\Documents\VerizonSharedBilling.ods
2015-10-25 20:00 - 2014-11-28 11:40 - 00003838 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2015-10-25 20:00 - 2014-11-28 11:40 - 00003604 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon
2015-10-25 16:02 - 2014-11-05 01:06 - 00000000 ____D C:\Users\Tim\Documents\Church
2015-10-25 07:50 - 2014-12-11 00:14 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-25 00:30 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-15 22:10 - 2015-07-10 06:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 22:10 - 2015-07-10 06:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 21:20 - 2014-11-05 00:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-10-14 22:09 - 2014-11-05 01:22 - 00000000 ____D C:\Users\Tim\Documents\Travel
2015-10-13 20:00 - 2014-11-10 00:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-13 19:57 - 2014-11-10 00:44 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-04 23:09 - 2014-12-11 00:14 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-10-04 23:08 - 2014-12-11 00:13 - 01049880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2015-10-04 23:08 - 2014-12-11 00:13 - 00448968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-10-04 23:08 - 2014-12-11 00:13 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-10-04 23:08 - 2014-12-11 00:13 - 00153744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-10-04 23:08 - 2014-12-11 00:13 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-10-04 23:08 - 2014-12-11 00:13 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-10-04 23:08 - 2014-12-11 00:13 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-10-04 23:08 - 2014-12-11 00:13 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-10-04 00:51 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-03 03:31 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\L2Schemas

==================== Files in the root of some directories =======

2014-11-04 18:39 - 2015-10-31 14:47 - 0006611 _____ () C:\Users\Tim\AppData\Roaming\AbsoluteReminder.xml
2015-03-21 23:08 - 2015-03-21 23:08 - 1249792 _____ (http://www.ruby-lang.org/) C:\Users\Tim\AppData\Roaming\msvcr90-ruby191.dll
2014-12-24 14:55 - 2014-12-24 14:55 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-09-12 17:01 - 2015-09-12 17:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Tim\AppData\Local\Temp\scpFC2.tmp.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-24 21:38

==================== End of FRST.txt ============================

 

**********************************

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Tim (2015-10-31 15:03:08)
Running from C:\Users\Tim\Desktop
Windows 10 Home (X64) (2015-09-13 04:45:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4223536469-4065902509-2743383526-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4223536469-4065902509-2743383526-503 - Limited - Disabled)
Guest (S-1-5-21-4223536469-4065902509-2743383526-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4223536469-4065902509-2743383526-1003 - Limited - Enabled)
Tim (S-1-5-21-4223536469-4065902509-2743383526-1001 - Administrator - Enabled) => C:\Users\Tim

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.3.0.1 - Absolute Software)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.13) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.13 - Adobe Systems Incorporated)
ArcadeTwist (HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\...\{63A2A228-3453-6FBF43D1-F398CDE39E22}) (Version:  - ArcadeTwist)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.4.2233 - AVAST Software)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4107 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.2810 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
Dolby Digital Plus Home Theater (HKLM\...\{7E3D8FA1-6092-469A-955B-68FC4A2C67CA}) (Version: 7.3.2.2 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.8 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.10 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.10 - Nuance Communications, Inc.)
Dragon Assistant Installer version 1.5.8 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.8 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.3 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.3 - Nuance Communications, Inc.)
DriverUpdate (HKLM-x32\...\{E6617834-9398-4F95-9C05-2D87B192E1DF}) (Version: 2.4.3 - SlimWare Utilities, Inc.)
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.31 - Lenovo)
Energy Manager (x32 Version: 1.0.0.31 - Lenovo) Hidden
eShield Browser Security (HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\...\{DC7ED913-2431-48DB-B55C-198244FACD1C}) (Version:  - eShield) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel Experience Center - Configuration (x32 Version: 1.9.0.8 - Intel) Hidden
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.28 - Intel) Hidden
Intel® Experience Center Desktop Software (HKLM-x32\...\{85de612b-ee05-476a-87cc-52e5740de420}) (Version: 1.9.0.8 - Intel)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3277 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{D6FBF816-ACB8-46CC-ACC6-C8BBA85F497D}) (Version: 4.2.40.2418 - Intel Corporation)
Intel® Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{b7a9966b-b4d6-468e-9f50-ecf4ac2c6ce4}) (Version: 2.0.0.28 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{7a06df8f-4c5a-4207-aa9e-019406e3a46d}) (Version: 17.1.0 - Intel Corporation)
Lenovo App Shop (HKLM-x32\...\Lenovo App Shop 45246) (Version: 3.10.0.45246.24 - Lenovo)
Lenovo EasyCamera (HKLM-x32\...\{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}) (Version: 6.2.9200.10242 - Realtek Semiconductor Corp.)
Lenovo Motion Control (HKLM-x32\...\InstallShield_{A7B68D5F-A468-493F-AD3D-625001293E19}) (Version: 2.0.0.0807 - PointGrab)
Lenovo Motion Control (x32 Version: 2.0.0.0807 - PointGrab) Hidden
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo Reach (HKLM-x32\...\{0B5E0E89-4BCA-4035-BBA1-D1439724B6E2}) (Version: 1.1.0.166 - Stoneware, Inc.)
Logos 4 Prerequisites (HKLM-x32\...\{BACD43F8-6FC9-4613-9556-A4A11412CE44}) (Version: 4.63.00327 - Logos Bible Software)
Logos Bible Software 4 (HKLM-x32\...\{EAD8A4BB-4505-482C-9705-A599F1E88623}) (Version: 4.63.00409 - Logos Bible Software)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.3.0 (x86 en-US)) (Version: 38.3.0 - Mozilla)
Nitro Pro 8 (HKLM\...\{6E7DFD3E-2E89-4F35-B4F2-D3301A4AD190}) (Version: 8.5.6.5 - Nitro)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
Playthru Player (HKLM-x32\...\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}) (Version: 1.5.0.12 - Playthru Player)
PRO PC Cleaner Software (HKLM-x32\...\PRO PC Cleaner Software) (Version: 3.0.1 - PRO PC Cleaner Software) <==== ATTENTION
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21236 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.18.621.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Stagelight (HKLM\...\StageLight) (Version: 2.0.0.5045 - Open Labs, LLC.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System  (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001_Classes\CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.2010\IEToolbar64.dll (Eshield)
CustomCLSID: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AC}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
CustomCLSID: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001_Classes\CLSID\{9E506282-69D3-5ABA-9C1D-15994B37F4AD}\InprocServer32 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)

==================== Restore Points =========================

13-10-2015 16:57:31 Scheduled Checkpoint
23-10-2015 17:33:06 Scheduled Checkpoint
31-10-2015 06:55:34 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2015-10-31 12:41 - 00000828 ____N C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00314A8E-7E0F-4341-A36B-0FF824576712} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-04] (AVAST Software)
Task: {0557CB6A-52FA-4579-B96E-BA49E7819B77} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0D6C6471-ADCF-4EB4-AA05-FFAA576B4E98} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {0DD9BF28-035F-4290-A74C-D59C6E01560D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0E68ADB3-BF9C-433E-BBC7-1A142F4C1BA3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {120E29A9-1F92-490D-98EA-E2F20F2278BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {17015FB2-7EB2-41A9-B9D7-725A665CA4DF} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {2D2B0104-FA26-4280-9D94-1721BD2F48EA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {35C6B8AE-D092-4CAA-8FD2-2467B99BA9E6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-13] (Microsoft Corporation)
Task: {3CCC44CF-C419-4B24-AE83-DF180DB49E30} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {466ECAC7-BBA9-47F1-9BB9-8CFE422C1C54} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-17] (Adobe Systems Incorporated)
Task: {5C162A64-59A1-46A5-AFDF-5C2AE043DBF1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {60E1280C-97F2-426B-9A72-B5C0471EB692} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {65742F1D-B21C-4377-8339-C7E85F8B2082} - System32\Tasks\LigServan20 => C:\Users\Tim\AppData\Local\CloudServan830\Cldisplay.exe [2015-10-27] (ArcadeTwist)
Task: {67CD9C42-B05C-4B93-8D15-B585B41B21C1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6E92E89D-C33C-41D4-A464-1E363A8EB016} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {6EFB082C-4C69-42B0-B479-3FFB348A8BD6} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Tim) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {7CCE4C7E-BAF2-411D-A058-66BB3E9684A1} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-09-08] (SlimWare Utilities, Inc.)
Task: {8CFBFF87-819D-4C3B-A1D4-430AF65A5C8E} - System32\Tasks\SecreDivisi744 => C:\Users\Tim\AppData\Local\CloudServan830\Clinsert.exe [2015-10-27] (ArcadeTwist)
Task: {9A92A69E-F737-463A-85E6-B87B8EFBB8BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9E6DA2E5-E6AF-4D79-AE31-F4771671E69D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C6C4F756-0710-40AC-B145-ECDA39F176C0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {C9716F42-6C0D-4EAE-A4F7-8A465C2CF523} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E943BF79-890B-48D5-AB4E-A7FE27B14BC9} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-06-03] (Synaptics Incorporated)
Task: {EFC1DE85-5AC8-4CBF-A216-E8AC82244639} - System32\Tasks\DriverUpdate Scan => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2015-09-08] (SlimWare Utilities, Inc.)
Task: {FDCE14DD-8C36-4916-A93A-A14118E35DF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Scan.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\LigServan20.job => C:\Users\Tim\AppData\Local\CLOUDS~1\Cldisplay.exe
Task: C:\WINDOWS\Tasks\SecreDivisi744.job => C:\Users\Tim\AppData\Local\CloudServan830\Clinsert.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Tim).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-12 18:16 - 2015-09-12 18:16 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-12 18:16 - 2015-09-12 18:16 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2013-10-16 01:10 - 2012-04-24 21:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2013-08-01 19:31 - 2013-08-01 19:31 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 19:31 - 2013-08-01 19:31 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 19:31 - 2013-08-01 19:31 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2015-10-02 06:30 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 06:30 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-10-02 06:29 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 06:30 - 2015-09-17 00:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 06:29 - 2015-09-17 00:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 06:29 - 2015-09-17 00:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 06:30 - 2015-09-17 00:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-12-01 15:18 - 2014-12-01 15:18 - 01391104 _____ () C:\Program Files\StageLight\StagelightUpdate.exe
2015-10-04 23:08 - 2015-10-04 23:08 - 00103376 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-10-04 23:08 - 2015-10-04 23:08 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-31 07:06 - 2015-10-31 07:06 - 03014096 _____ () C:\Program Files\AVAST Software\Avast\defs\15103100\algo.dll
2013-10-16 01:13 - 2013-05-02 13:26 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-10-16 01:13 - 2013-05-02 13:26 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-10-16 01:13 - 2013-05-02 13:26 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-10-16 01:13 - 2013-05-02 13:26 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-10-16 01:13 - 2013-05-02 13:26 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-10-16 01:13 - 2013-05-02 13:26 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-10-16 01:13 - 2013-05-02 13:25 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2013-10-16 00:41 - 2013-08-20 05:12 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-27 23:12 - 2015-10-27 23:12 - 01020928 _____ () C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-10-27 22:57 - 2015-10-27 22:56 - 00101584 _____ () C:\Program Files (x86)\TNT2\TNT2UserPS.dll
2015-08-04 12:35 - 2015-08-04 12:35 - 01089536 _____ () C:\Program Files (x86)\PlaythruPlayer\player.dll
2015-10-04 23:08 - 2015-10-04 23:08 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tim\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\lenovowallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{FBD3C122-F0B9-42F9-9728-02E1A82A5CD5}C:\users\tim\appdata\local\temp\ign150d.tmp\lmiignition.exe] => (Allow) C:\users\tim\appdata\local\temp\ign150d.tmp\lmiignition.exe
FirewallRules: [TCP Query User{53F5BA67-4E75-4A5C-86A9-8D5E089BB35A}C:\users\tim\appdata\local\temp\ign150d.tmp\lmiignition.exe] => (Allow) C:\users\tim\appdata\local\temp\ign150d.tmp\lmiignition.exe
FirewallRules: [UDP Query User{AAB13603-614B-4CD8-ACCC-7F8C98E7B30A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{100F3F8D-34BF-4D62-AB80-5663FDB1548D}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{221EB2ED-35BC-4471-A049-E885F59A7B66}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{1256CB45-ED29-42AB-98FE-8522778DED11}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7E62A6F4-3EED-45A3-AFA0-FD298B147969}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{AB164ADC-C9A4-451E-9C25-38EC1C5C9D33}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{4C5D2DBD-BFA7-4B0C-AD80-24176FCDA4DF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{B65C1005-26CA-494D-BC24-123D72271CB8}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{20BAD493-1F1C-4A21-BC25-261F12388119}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{5A2EE844-EB90-4B15-81E9-794C5DFDF3BF}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{1C92BE39-8625-4B56-8B71-001D91022078}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{867C6A2D-8612-4FC6-BC32-C0579D8878C4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{04FBA919-D4A3-4329-8F74-3B1E7668EBFF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{BBA4BAB9-1648-42CA-8463-EC280721F728}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismloader.exe
FirewallRules: [{5D5B93D1-59F9-40FB-99B7-07D3167C0417}] => (Allow) C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe
FirewallRules: [{59E3E904-2B5F-4C95-AD4F-C1F654BF68BD}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{EDC9D9A1-D221-41B0-BB78-CF19F34B1EE4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{F850E5ED-8D4F-43D8-BB48-61AF4991CDD4}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3778EF6E-E818-4C85-9642-3CC368491211}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{702EDEB0-BFF1-4A1C-95FA-083BBF724BBC}] => (Allow) C:\Users\Tim\AppData\Local\TNT2\2.0.0.2010\TNT2User.exe

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Port Reset Failed)
Description: Unknown USB Device (Port Reset Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 07:33:30 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7184) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 07:33:30 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7184) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 07:33:19 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7184) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 07:33:19 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7184) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 07:33:09 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7184) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 07:33:09 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7184) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 07:32:59 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7184) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 07:32:59 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7184) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 07:32:48 AM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7184) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 07:32:48 AM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7184) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (10/31/2015 03:00:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/31/2015 03:00:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


==================== Memory info ===========================

Processor: Intel® Core™ i5-4200U CPU @ 1.60GHz
Percentage of memory in use: 48%
Total physical RAM: 4008.27 MB
Available physical RAM: 2080.15 MB
Total Virtual: 5544.27 MB
Available Virtual: 3536.2 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:425.87 GB) (Free:349.28 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.87 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E3C3F06C)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, lets get you tidied up.. Could you let me know how the computer is after this

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\...\Run: [Playthru Player] => C:\Program Files (x86)\PlaythruPlayer\PlaythruPlayer.exe [412080 2015-08-04] (Playthru Player)
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> DefaultScope {5B48AA42-96EA-4C01-9E97-764881039627} URL = hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> {5B48AA42-96EA-4C01-9E97-764881039627} URL = hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k={searchTerms}
Toolbar: HKLM - eShield - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\TNT2\2.0.0.2010\IEToolbar64.dll [2015-10-27] (Eshield)
Toolbar: HKLM-x32 - eShield - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\TNT2\2.0.0.2010\ietoolbar.dll [2015-10-27] (Eshield)
FF NewTab: hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
FF DefaultSearchEngine: eShield Safe Web
FF DefaultSearchEngine.US: eShield Safe Web
FF SelectedSearchEngine: eShield Safe Web
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k=
FF Plugin HKU\S-1-5-21-4223536469-4065902509-2743383526-1001: @tnt2npapi.com/Plugin -> C:\Users\Tim\AppData\Local\TNT2\2.0.0.2010\npTNT2.dll [2015-10-27] (Eshield)
FF user.js: detected! => C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\user.js [2015-10-27]
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\searchplugins\eshield-safe-web.xml [2015-10-31]
R2 VOTPrx; C:\Users\Tim\AppData\Local\SecIndust79\VOTPrx.exe [1726800 2015-08-07] (VentureOmni Technologies)
2015-10-27 22:57 - 2015-10-31 14:59 - 00010928 _____ C:\WINDOWS\SysWOW64\VOTPrxOff.ini
2015-10-27 22:57 - 2015-10-31 14:59 - 00010928 _____ C:\WINDOWS\system32\VOTPrxOff.ini
2015-10-27 22:57 - 2015-10-31 14:59 - 00000272 _____ C:\WINDOWS\Tasks\LigServan20.job
2015-10-27 22:57 - 2015-10-31 14:43 - 00000282 _____ C:\WINDOWS\Tasks\SecreDivisi744.job
2015-10-27 22:57 - 2015-10-31 06:49 - 00000000 ____D C:\Users\Tim\AppData\Local\PlaythruPlayer
2015-10-27 22:57 - 2015-10-27 22:57 - 00003188 _____ C:\WINDOWS\System32\Tasks\SecreDivisi744
2015-10-27 22:57 - 2015-10-27 22:57 - 00003172 _____ C:\WINDOWS\System32\Tasks\LigServan20
2015-10-27 22:57 - 2015-10-27 22:57 - 00000970 _____ C:\Users\Tim\Desktop\PRO PC Cleaner Software.lnk
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner Software
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Local\SecIndust79
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Local\CloudServan830
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playthru Player
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\PRO PC Cleaner Software
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\PlaythruPlayer
2015-10-27 22:57 - 2015-08-07 15:01 - 00044136 _____ (VentureOmni Technologies) C:\WINDOWS\system32\Drivers\VOTw864.sys
2015-10-27 22:56 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\TNT2
2015-10-27 22:56 - 2015-10-27 22:56 - 00000000 ____D C:\Users\Tim\AppData\Local\TNT2
2015-10-27 22:55 - 2015-10-27 22:56 - 00889816 _____ (Skilled Tomorrow Install System) C:\Users\Tim\Downloads\Setup.exe
2015-10-27 22:57 - 2015-05-22 14:30 - 00000000 __SHD C:\Users\Tim\AppData\LocalLow\EmieUserList
2015-10-27 22:57 - 2015-05-22 14:30 - 00000000 __SHD C:\Users\Tim\AppData\LocalLow\EmieSiteList
CustomCLSID: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001_Classes\CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.2010\IEToolbar64.dll (Eshield)
Task: {0557CB6A-52FA-4579-B96E-BA49E7819B77} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0DD9BF28-035F-4290-A74C-D59C6E01560D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0E68ADB3-BF9C-433E-BBC7-1A142F4C1BA3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {120E29A9-1F92-490D-98EA-E2F20F2278BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CCC44CF-C419-4B24-AE83-DF180DB49E30} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {60E1280C-97F2-426B-9A72-B5C0471EB692} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {65742F1D-B21C-4377-8339-C7E85F8B2082} - System32\Tasks\LigServan20 => C:\Users\Tim\AppData\Local\CloudServan830\Cldisplay.exe [2015-10-27] (ArcadeTwist)
Task: {6E92E89D-C33C-41D4-A464-1E363A8EB016} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8CFBFF87-819D-4C3B-A1D4-430AF65A5C8E} - System32\Tasks\SecreDivisi744 => C:\Users\Tim\AppData\Local\CloudServan830\Clinsert.exe [2015-10-27] (ArcadeTwist)
Task: {9A92A69E-F737-463A-85E6-B87B8EFBB8BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9E6DA2E5-E6AF-4D79-AE31-F4771671E69D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C9716F42-6C0D-4EAE-A4F7-8A465C2CF523} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FDCE14DD-8C36-4916-A93A-A14118E35DF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\LigServan20.job => C:\Users\Tim\AppData\Local\CLOUDS~1\Cldisplay.exe
Task: C:\WINDOWS\Tasks\SecreDivisi744.job => C:\Users\Tim\AppData\Local\CloudServan830\Clinsert.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#3
BeFreeIL

BeFreeIL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Thanks essexboy,

So far so good. FRST seems to have done its thing. I do notice that the CloudServan830 folder no longer exists.

The fixlog.txt is below. Following this post I will download AdwCleaner and follow your instructions.

Until next post,

BeFreeIL

 

********************

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Tim (2015-10-31 20:54:20) Run:1
Running from C:\Users\Tim\Desktop
Loaded Profiles: Tim (Available Profiles: Tim)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\...\Run: [Playthru Player] => C:\Program Files (x86)\PlaythruPlayer\PlaythruPlayer.exe [412080 2015-08-04] (Playthru Player)
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> DefaultScope {5B48AA42-96EA-4C01-9E97-764881039627} URL = hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k={searchTerms}
SearchScopes: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001 -> {5B48AA42-96EA-4C01-9E97-764881039627} URL = hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k={searchTerms}
Toolbar: HKLM - eShield - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\TNT2\2.0.0.2010\IEToolbar64.dll [2015-10-27] (Eshield)
Toolbar: HKLM-x32 - eShield - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\TNT2\2.0.0.2010\ietoolbar.dll [2015-10-27] (Eshield)
FF NewTab: hxxp://services.eshield.com/general/newhometab.php?hometab=tab&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=
FF DefaultSearchEngine: eShield Safe Web
FF DefaultSearchEngine.US: eShield Safe Web
FF SelectedSearchEngine: eShield Safe Web
FF Keyword.URL: hxxp://search.eshield.com/serp?guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&action=default_search&k=
FF Plugin HKU\S-1-5-21-4223536469-4065902509-2743383526-1001: @tnt2npapi.com/Plugin -> C:\Users\Tim\AppData\Local\TNT2\2.0.0.2010\npTNT2.dll [2015-10-27] (Eshield)
FF user.js: detected! => C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\user.js [2015-10-27]
FF SearchPlugin: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\searchplugins\eshield-safe-web.xml [2015-10-31]
R2 VOTPrx; C:\Users\Tim\AppData\Local\SecIndust79\VOTPrx.exe [1726800 2015-08-07] (VentureOmni Technologies)
2015-10-27 22:57 - 2015-10-31 14:59 - 00010928 _____ C:\WINDOWS\SysWOW64\VOTPrxOff.ini
2015-10-27 22:57 - 2015-10-31 14:59 - 00010928 _____ C:\WINDOWS\system32\VOTPrxOff.ini
2015-10-27 22:57 - 2015-10-31 14:59 - 00000272 _____ C:\WINDOWS\Tasks\LigServan20.job
2015-10-27 22:57 - 2015-10-31 14:43 - 00000282 _____ C:\WINDOWS\Tasks\SecreDivisi744.job
2015-10-27 22:57 - 2015-10-31 06:49 - 00000000 ____D C:\Users\Tim\AppData\Local\PlaythruPlayer
2015-10-27 22:57 - 2015-10-27 22:57 - 00003188 _____ C:\WINDOWS\System32\Tasks\SecreDivisi744
2015-10-27 22:57 - 2015-10-27 22:57 - 00003172 _____ C:\WINDOWS\System32\Tasks\LigServan20
2015-10-27 22:57 - 2015-10-27 22:57 - 00000970 _____ C:\Users\Tim\Desktop\PRO PC Cleaner Software.lnk
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner Software
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Local\SecIndust79
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Users\Tim\AppData\Local\CloudServan830
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playthru Player
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\PRO PC Cleaner Software
2015-10-27 22:57 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\PlaythruPlayer
2015-10-27 22:57 - 2015-08-07 15:01 - 00044136 _____ (VentureOmni Technologies) C:\WINDOWS\system32\Drivers\VOTw864.sys
2015-10-27 22:56 - 2015-10-27 22:57 - 00000000 ____D C:\Program Files (x86)\TNT2
2015-10-27 22:56 - 2015-10-27 22:56 - 00000000 ____D C:\Users\Tim\AppData\Local\TNT2
2015-10-27 22:55 - 2015-10-27 22:56 - 00889816 _____ (Skilled Tomorrow Install System) C:\Users\Tim\Downloads\Setup.exe
2015-10-27 22:57 - 2015-05-22 14:30 - 00000000 __SHD C:\Users\Tim\AppData\LocalLow\EmieUserList
2015-10-27 22:57 - 2015-05-22 14:30 - 00000000 __SHD C:\Users\Tim\AppData\LocalLow\EmieSiteList
CustomCLSID: HKU\S-1-5-21-4223536469-4065902509-2743383526-1001_Classes\CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}\InprocServer32 -> C:\Program Files (x86)\TNT2\2.0.0.2010\IEToolbar64.dll (Eshield)
Task: {0557CB6A-52FA-4579-B96E-BA49E7819B77} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0DD9BF28-035F-4290-A74C-D59C6E01560D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0E68ADB3-BF9C-433E-BBC7-1A142F4C1BA3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {120E29A9-1F92-490D-98EA-E2F20F2278BD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CCC44CF-C419-4B24-AE83-DF180DB49E30} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {60E1280C-97F2-426B-9A72-B5C0471EB692} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {65742F1D-B21C-4377-8339-C7E85F8B2082} - System32\Tasks\LigServan20 => C:\Users\Tim\AppData\Local\CloudServan830\Cldisplay.exe [2015-10-27] (ArcadeTwist)
Task: {6E92E89D-C33C-41D4-A464-1E363A8EB016} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8CFBFF87-819D-4C3B-A1D4-430AF65A5C8E} - System32\Tasks\SecreDivisi744 => C:\Users\Tim\AppData\Local\CloudServan830\Clinsert.exe [2015-10-27] (ArcadeTwist)
Task: {9A92A69E-F737-463A-85E6-B87B8EFBB8BF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {9E6DA2E5-E6AF-4D79-AE31-F4771671E69D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C9716F42-6C0D-4EAE-A4F7-8A465C2CF523} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FDCE14DD-8C36-4916-A93A-A14118E35DF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\LigServan20.job => C:\Users\Tim\AppData\Local\CLOUDS~1\Cldisplay.exe
Task: C:\WINDOWS\Tasks\SecreDivisi744.job => C:\Users\Tim\AppData\Local\CloudServan830\Clinsert.exe
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTPrx => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VOTw8 => ""="Driver"
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers
*****************

Restore point was successfully created.
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Playthru Player => value removed successfully
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5B48AA42-96EA-4C01-9E97-764881039627}" => key removed successfully
HKCR\CLSID\{5B48AA42-96EA-4C01-9E97-764881039627} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{00011268-E188-40DF-A514-835FCD78B1BF} => value removed successfully
"HKCR\CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{00011268-E188-40DF-A514-835FCD78B1BF} => value removed successfully
"HKCR\Wow6432Node\CLSID\{00011268-E188-40DF-A514-835FCD78B1BF}" => key removed successfully
Firefox "newtab" removed successfully
Firefox DefaultSearchEngine removed successfully
Firefox DefaultSearchEngine.US removed successfully
Firefox SelectedSearchEngine removed successfully
Firefox "Keyword.URL" removed successfully
"HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\Software\MozillaPlugins\@tnt2npapi.com/Plugin" => key removed successfully
C:\Users\Tim\AppData\Local\TNT2\2.0.0.2010\npTNT2.dll => moved successfully
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\user.js => moved successfully
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\searchplugins\eshield-safe-web.xml => moved successfully
VOTPrx => Unable to stop service.
VOTPrx => service removed successfully
C:\WINDOWS\SysWOW64\VOTPrxOff.ini => moved successfully
C:\WINDOWS\system32\VOTPrxOff.ini => moved successfully
C:\WINDOWS\Tasks\LigServan20.job => moved successfully
C:\WINDOWS\Tasks\SecreDivisi744.job => moved successfully
C:\Users\Tim\AppData\Local\PlaythruPlayer => moved successfully
C:\WINDOWS\System32\Tasks\SecreDivisi744 => moved successfully
C:\WINDOWS\System32\Tasks\LigServan20 => moved successfully
C:\Users\Tim\Desktop\PRO PC Cleaner Software.lnk => moved successfully
C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner Software => moved successfully
C:\Users\Tim\AppData\Local\SecIndust79 => moved successfully

"C:\Users\Tim\AppData\Local\CloudServan830" folder move:

Could not move "C:\Users\Tim\AppData\Local\CloudServan830" => Scheduled to move on reboot.

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Playthru Player => moved successfully
C:\Program Files (x86)\PRO PC Cleaner Software => moved successfully
C:\Program Files (x86)\PlaythruPlayer => moved successfully
C:\WINDOWS\system32\Drivers\VOTw864.sys => moved successfully
C:\Program Files (x86)\TNT2 => moved successfully
C:\Users\Tim\AppData\Local\TNT2 => moved successfully
C:\Users\Tim\Downloads\Setup.exe => moved successfully
C:\Users\Tim\AppData\LocalLow\EmieUserList => moved successfully
C:\Users\Tim\AppData\LocalLow\EmieSiteList => moved successfully
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001_Classes\CLSID\{00011268-E188-40DF-A514-835FCD78B1BF} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0557CB6A-52FA-4579-B96E-BA49E7819B77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0557CB6A-52FA-4579-B96E-BA49E7819B77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0DD9BF28-035F-4290-A74C-D59C6E01560D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0DD9BF28-035F-4290-A74C-D59C6E01560D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0E68ADB3-BF9C-433E-BBC7-1A142F4C1BA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0E68ADB3-BF9C-433E-BBC7-1A142F4C1BA3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{120E29A9-1F92-490D-98EA-E2F20F2278BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{120E29A9-1F92-490D-98EA-E2F20F2278BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CCC44CF-C419-4B24-AE83-DF180DB49E30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CCC44CF-C419-4B24-AE83-DF180DB49E30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{60E1280C-97F2-426B-9A72-B5C0471EB692}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60E1280C-97F2-426B-9A72-B5C0471EB692}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65742F1D-B21C-4377-8339-C7E85F8B2082}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65742F1D-B21C-4377-8339-C7E85F8B2082}" => key removed successfully
C:\WINDOWS\System32\Tasks\LigServan20 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LigServan20" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E92E89D-C33C-41D4-A464-1E363A8EB016}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E92E89D-C33C-41D4-A464-1E363A8EB016}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CFBFF87-819D-4C3B-A1D4-430AF65A5C8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CFBFF87-819D-4C3B-A1D4-430AF65A5C8E}" => key removed successfully
C:\WINDOWS\System32\Tasks\SecreDivisi744 => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SecreDivisi744" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9A92A69E-F737-463A-85E6-B87B8EFBB8BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9A92A69E-F737-463A-85E6-B87B8EFBB8BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E6DA2E5-E6AF-4D79-AE31-F4771671E69D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E6DA2E5-E6AF-4D79-AE31-F4771671E69D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C9716F42-6C0D-4EAE-A4F7-8A465C2CF523}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9716F42-6C0D-4EAE-A4F7-8A465C2CF523}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDCE14DD-8C36-4916-A93A-A14118E35DF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDCE14DD-8C36-4916-A93A-A14118E35DF2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\WINDOWS\Tasks\LigServan20.job => not found.
C:\WINDOWS\Tasks\SecreDivisi744.job => not found.
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\VOTPrx" => key removed successfully
"HKLM\System\CurrentControlSet\Control\SafeBoot\Network\VOTw8" => key removed successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========


=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {4EC4E099-9A57-40C3-B799-0386CD19D9A6}.
Unable to cancel {A144C3B4-181E-4113-944B-77B45FFCBDC4}.
0 out of 2 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 1.3 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-31 21:09:31)

C:\Users\Tim\AppData\Local\CloudServan830 => Is moved successfully

==== End of Fixlog 21:09:31 ====


  • 0

#4
BeFreeIL

BeFreeIL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Here's the final result from AdwCleaner_5.015 by Xplode, Two nearly identical files were created, AdwCleaner[S1].txt & AdwCleaner[C1].txt with different time stamps. The following is AdwCleaner[C1].txt.

Let me know if you have any further comments or instructions.

 

*************************

 

# AdwCleaner v5.015 - Logfile created 31/10/2015 at 21:35:13
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Tim - TIM-LENOVO
# Running from : C:\Users\Tim\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\driverupdate
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driverupdate
[-] Folder Deleted : C:\Users\Tim\AppData\Local\slimware utilities inc

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\driverupdate.lnk
[-] File Deleted : C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\searchplugins\yahoo.xml
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : driverupdate startup

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.ReadOnlyManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.WFPController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\VOTPrx.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataContainer.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataController
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataController.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTable.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableFields.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.DataTableHolder.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\VOTPrxLib.LSPLogic
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0B7CB21B-2D13-4315-9E35-69742BF77530}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{554EBE31-AEC1-4E34-BCE3-606467760D88}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{09CBD86E-22AC-4BFF-A97C-85744B2819AB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{542B7A6A-C8B6-4372-8829-FD8E35FA4CB8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{55AB8477-ED99-431F-ABB3-22022902A934}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{79701C41-C345-47EC-B57C-02C39A698A0D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86937CB9-BDDC-482F-A3B3-E05E3DFDFF08}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE479D24-AF59-4DEB-9D8B-D1E7DFA2C6A6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BED722AF-1533-4596-964F-B5E1F8A6456E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E94546E8-E2A0-48FE-BC53-568F314EAA7A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{007F707C-3F7A-4FBF-9BB1-4C9404211A9C}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DEDAF650-12B8-48F5-A843-BBA100716106}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00011268-E188-40DF-A514-835FCD78B1BF}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FEB2313-F89B-4AC6-8153-84025604A06A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4CA2AC92-971B-47B1-ACB6-357B552155AC}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{52C5395B-1FCD-47FA-A834-FD830701C2D5}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{762D463B-C45A-456D-A80D-8689C297C91E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A6BE473-7960-44D0-BD54-D23DA76353DF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{803F550E-BAAE-42BB-8917-64BA0006AB17}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A5ACC874-D943-483F-A2D1-14598D51F872}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B0474212-0D9D-4361-90B3-B89D1A44275D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83C83BF-3EDD-4410-ADAB-5295116DD8C7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DD260902-9420-4055-A956-9152EB4F3E6A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F1912128-469A-4138-AA26-9699C15BB13E}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0394AE51-F76F-4FBF-848D-CF9407CE868F}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{058281DD-014E-4E81-A5D3-9E14A1EBC8B7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AB1CA27-FA6E-434B-8433-612346BBDD3B}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34A729EE-F357-4A94-9243-D33E50A504A7}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{420A2140-FB38-4984-B681-2A0217483077}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{46A200C2-2B44-4C47-8EA9-5DB33859BC7C}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47F18772-002C-4A49-AA12-EE88297CCDD0}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5C567C55-75EF-4000-B36F-FF562D4204C1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78AC0B67-463E-4702-A7B1-CFB4C33B3D56}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95980124-E89B-48C2-BA92-DF835F62ABFB}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AA33003C-AB62-428E-B24E-59933BE52393}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D22566FE-4D97-4D5D-968B-0E79353F22E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F0C53D54-F8AF-4156-8D66-420036A79A28}
[-] Key Deleted : HKCU\Software\TNT2
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[!] Key Not Deleted : [x64] HKCU\Software\TNT2
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc

***** [ Web browsers ] *****

[-] [C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\qj2xpnz9.default\prefs.js] [Preference] Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 0);
[-] [C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Tim\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [10901 bytes] ##########


  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Final check for orphans :)

Please download Malwarebytes Anti-Malware to your desktop
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • At the end, be sure a check-mark is placed next to the following:
    • Ensure that "Enable free trial of Malwarebytes Anti-Malware Premium" is unchecked
    • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that everything is set to "Quarantine", and click Apply Actions.
  • Reboot your computer if prompted.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

To access logs from Malwarebytes Anti-Malware 2.0:

mbamlogs.JPG

1.Open Malwarebytes Anti-Malware 2.0
2.Click History > Application Logs
3.Double-click the log you would like to open

Scan Logs record detections from manual scans, including threats detected and the actions taken against them

To save a Scan Log:

1.Open the log file you would like to save
2.Click Export
3.Choose to export to a .txt
4.Choose a folder to save the log file in, then click Save
5.Post that log here
  • 0

#6
BeFreeIL

BeFreeIL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

I scanned w/Malwarebytes, which restarted and then it restarted again and suggested that I do another scan, which I did. The first scan log is copied here first and the second scan log is copied second...

 

Malwarebytes Anti-Malware
www.malwarebytes.org

 

**************************************

Scan Date: 11/1/2015
Scan Time: 4:26 PM
Logfile: Malwarebytes_Scan_Log1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.01.05
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Tim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335158
Time Elapsed: 6 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 13
PUP.Optional.eShield, HKLM\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\com.eshield.extension_host, Quarantined, [538688f0f695cb6b209c01bda75c6898],
PUP.Optional.DriverUpdate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DriverUpdate Scan, Quarantined, [a6330e6a206b71c5618f63fc17eccc34],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PROPCCleanerSoftware.exe, Quarantined, [cc0da0d8e3a81620079f019834cf34cc],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\WOW6432NODE\PRO PC Cleaner Software, Quarantined, [9d3c97e12b60fd39364e0477689bc33d],
PUP.Optional.eShield, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dkmjljdbbgogihjcapfhgkonfmccbffp, Quarantined, [5f7a3147b2d9b0861e287de4a55ee917],
PUP.Optional.TidyNetwork, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [845579ffacdf9b9b80f3b1d8bf44ea16],
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\PROPCCleanerSoftware.exe, Quarantined, [48914e2a800b8fa7ddc92d6c25de44bc],
PUP.Optional.PlayThruPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}, Quarantined, [8a4f1761e2a9d16575a09adf43c029d7],
PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\PlaythruPlayer, Quarantined, [4c8d5d1b98f34cea050fafcafe05837d],
PUP.Optional.ProPCCleaner, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\PRO PC Cleaner Software, Quarantined, [fbde85f32962d0662a4e0e6d8083a957],
PUP.Optional.TidyNetwork, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\DRAGDROP\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}, Quarantined, [fddc61178ffc02342544434655aeee12],
PUP.Optional.TNT, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}, Quarantined, [5d7c8deb5f2caf87e3b05039e02312ee],
PUP.Optional.TNT, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{219E79B3-7730-4EF1-BAFF-AE7AC00C8D89}, Quarantined, [27b24632bad11e186034cebb1de6867a],

Registry Values: 4
PUP.Optional.PlayThruPlayer, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{83245CDF-A15E-49E9-BE6D-AC32E96FCE78}|DisplayName, Playthru Player, Quarantined, [8a4f1761e2a9d16575a09adf43c029d7]
PUP.Optional.TNT, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}|AppName, TNT2User.exe, Quarantined, [5d7c8deb5f2caf87e3b05039e02312ee]
PUP.Optional.TNT, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{219E79B3-7730-4EF1-BAFF-AE7AC00C8D89}|OSDFileURL, file:///C:/Users/Tim/AppData/Local/TNT2/Profiles/11469/yah11469.xml, Quarantined, [27b24632bad11e186034cebb1de6867a]
PUP.Optional.TNT, HKU\S-1-5-21-4223536469-4065902509-2743383526-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{219E79B3-7730-4EF1-BAFF-AE7AC00C8D89}|FaviconURL, http://mirror.mirror...nt2/1/Y1404.ico, Quarantined, [5f7ad0a8444763d38c089fea50b345bb]

Registry Data: 1
PUP.Optional.eShield, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|Tabs, http://services.eshi...8244FACD1C}&i=,Good: (www.google.com), Bad: (http://services.eshield.com/general/newhometab.php?hometab=home&partner=11469&guid={DC7ED913-2431-48DB-B55C-198244FACD1C}&i=),Replaced,[c811d3a58605f4421e2435085aaa15eb]

Folders: 3
PUP.Optional.OptimizerPro, C:\Users\Tim\Documents\Optimizer Pro, Quarantined, [f8e15622a5e63402cb974b2c6a99738d],
PUP.Optional.PlayThruPlayer, C:\Users\Tim\AppData\Local\PlaythruPlayer, Quarantined, [489142361f6cee48c67bd78e867c1be5],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\VOTPrx, Quarantined, [3b9e4d2b91fa5dd994cac8ac2dd542be],

Files: 7
PUP.Optional.Slimware.Offers, C:\Users\Tim\Downloads\DriverUpdate-setup.exe, Quarantined, [8d4c7701018a81b56c9d38abfb0527d9],
PUP.Optional.DriverUpdate, C:\Windows\System32\Tasks\DriverUpdate Scan, Quarantined, [40995a1e99f21c1a3ab09bc4bb489a66],
PUP.Optional.DriverUpdate, C:\Windows\Tasks\DriverUpdate Scan.job, Quarantined, [ae2b7bfd9af187afa448de818083be42],
PUP.Optional.OptimizerPro, C:\Users\Tim\Documents\Optimizer Pro\CookiesException.txt, Quarantined, [f8e15622a5e63402cb974b2c6a99738d],
PUP.Optional.Winsock.WnskRST, C:\Windows\Temp\VOTPrxr.log, Quarantined, [16c3bbbded9ee74f4babd1e6020145bb],
PUP.Optional.PlayThruPlayer, C:\Users\Tim\AppData\Local\PlaythruPlayer\PlaythruPlayer.dat, Quarantined, [489142361f6cee48c67bd78e867c1be5],
PUP.Optional.Winsock.WnskRST, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\VOTPrx\VOTPrx.ini, Quarantined, [3b9e4d2b91fa5dd994cac8ac2dd542be],

Physical Sectors: 0
(No malicious items detected)


(end)

 

*******************************************

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 11/1/2015
Scan Time: 9:22 PM
Logfile: Malwarebytes_Scan_Log2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2015.11.01.05
Rootkit Database: v2015.10.28.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Tim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 335131
Time Elapsed: 5 min, 41 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Any further problems before I tidy up ?
  • 0

#8
BeFreeIL

BeFreeIL

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No, everything is good. Thanks a lot. Everthing worked great. I'll try to stay more vigilant in the future.
Again, thank you!
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Remove tools

Download and run Delfix
Select the options as shown
delfix.JPG

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

CryptoPrevent install this programme to lock down and prevent crypto ransome ware

CryptoPrevent.JPG

Malwarebytes

Update and run weekly to keep your system clean

Unchecky

Click on the link above to be taken to Unchecky.com
click the very large Download button.
click Save
Click Open folder
Right click on the Unchecky_setup and choose to Run as Administrator
Once open click the Install button.
Then click on Finish
Unchecky is now installed and will help you keep unwanted check boxes unchecked, this is a fire and forget programme ;)

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe :wave:
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP