Can't remove from Toshiba lap top. Unable to uninstall program as it's not showing. Downloaded Farber tool and did scan. Please help! Thanks so much!
Help remove One System Care [Solved]
Started by
lanelly7
, Aug 27 2016 03:07 PM
-
This topic is locked
#2
Posted 27 August 2016 - 03:08 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-08-2016
Ran by Admin (administrator) on PC (27-08-2016 10:43:42)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\ProgramData\Logic Handler\set.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
() C:\ProgramData\CloudPrinter\CloudPrinter.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iytotriha.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iaeridgi.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
() C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(VS Revo Group ) C:\Users\Admin\Downloads\RevoUninProSetup.exe
() C:\Users\Admin\AppData\Local\Temp\is-S72D9.tmp\RevoUninProSetup.tmp
(VS Revo Group ) C:\Users\Admin\Downloads\RevoUninProSetup.exe
() C:\Users\Admin\AppData\Local\Temp\is-RTMHA.tmp\RevoUninProSetup.tmp
(VS Revo Group) C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Allin1Convert EPM Support] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hmedint.exe [12872 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 32-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE [225864 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 64-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe [258632 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert Search Scope Monitor] => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-29] (Google Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Amazon Music] => C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-29] (Skype Technologies S.A.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Caster] => C:\Program Files (x86)\Max Driver Updater\wizzcaster.exe
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Policies\Explorer: [Run] "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Command Processor: "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe" <===== ATTENTION
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-06-30] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MOBK400] -> {73552f1f-bf89-9213-24d3-b502f837bb93} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4002] -> {81d6082a-73e9-8567-a371-6ad62982aca6} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4003] -> {44391887-365b-8585-2ab9-799a50b9ef5e} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-09-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmc.lnk [2014-10-17]
ShortcutTarget: mmc.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-09-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0c703bfc-be9a-4d78-8410-9362f435f7f7}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{41ef520c-d253-11e5-9d89-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{a4083a91-22d3-11e6-9d8d-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{ed44b5e9-7a03-46b1-866b-4477a072285d}: [NameServer] 104.197.191.4
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {15848FFC-7A1E-483C-A0F8-5028A1EF9123} URL =
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {8e15dd2e-acf8-4a20-a651-e5935f75a867} URL = hxxp://isearch.shopathome.com?user_id={675d90a4-435b-4f52-9047-adadd987fc82}&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Search Assistant BHO -> {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll [2015-04-24] (Mindspark)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Toolbar BHO -> {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2013-02-05] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-111038216-3123894467-4160015040-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-04] (Unity Technologies ApS)
Chrome:
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgYt6OamqXKYn1DthkJqVHn0gLel593R8c3wLrVWKnwM-gHYKF_AHekPG8H4NleLe70_w7P_EO9H3i3ICfNxI_PJGO5w,,
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-09]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Honey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-22]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Bazz Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef [2016-08-18]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [90696 2015-04-24] (Mindspark)
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [782848 2016-06-01] () [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-06-01] (DotC United Inc)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-04-15] (SlimWare Utilities, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
R2 Ulifumeul; C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe [170496 2016-06-01] () [File not signed]
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 Jaezrui; "C:\Users\Admin\AppData\Roaming\LoctywReet\Nackyrl.exe" -cms [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65344 2016-06-01] (Windows ® Win 7 DDK provider)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-06-01] (DotC United Inc)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-27 10:43 - 2016-08-27 10:44 - 00032072 _____ C:\Users\Admin\Downloads\FRST.txt
2016-08-27 10:43 - 2016-08-27 10:43 - 00000000 ____D C:\FRST
2016-08-27 10:42 - 2016-08-27 10:42 - 02396672 _____ (Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe
2016-08-27 10:41 - 2016-08-27 10:41 - 02396672 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-08-27 10:38 - 2016-08-27 10:38 - 00001090 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-27 10:37 - 2016-08-27 10:38 - 11374528 _____ (VS Revo Group ) C:\Users\Admin\Downloads\RevoUninProSetup.exe
2016-08-27 10:37 - 2016-08-27 10:38 - 07093624 _____ (VS Revo Group ) C:\Users\Admin\Downloads\revosetup.exe
2016-08-24 19:56 - 2016-08-24 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-7065-0
2016-08-24 19:56 - 2016-08-24 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-5987-1
2016-08-24 13:56 - 2016-08-24 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-5a57-1
2016-08-24 13:56 - 2016-08-24 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-0975-0
2016-08-24 07:56 - 2016-08-24 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-5fc1-0
2016-08-24 07:56 - 2016-08-24 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-4aa3-1
2016-08-23 13:56 - 2016-08-23 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-5fa1-0
2016-08-23 13:56 - 2016-08-23 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-1cb3-1
2016-08-22 19:56 - 2016-08-22 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-4cb1-1
2016-08-22 19:56 - 2016-08-22 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-1277-0
2016-08-22 13:56 - 2016-08-22 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-5ad5-1
2016-08-22 13:56 - 2016-08-22 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-4733-0
2016-08-21 19:56 - 2016-08-21 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-63a3-0
2016-08-21 19:56 - 2016-08-21 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-1a71-1
2016-08-18 20:08 - 2016-08-18 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-08-18 07:56 - 2016-08-18 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-1e93-0
2016-08-18 01:56 - 2016-08-18 01:56 - 00000000 ____D C:\ProgramData\9f572a7f-30c7-0
2016-08-17 10:10 - 2016-08-17 10:10 - 00002364 _____ C:\Users\Admin\Downloads\Reminder_Register_for_Marriott_Rewards_MegaBonus.ics
2016-08-17 07:56 - 2016-08-17 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-0643-0
2016-08-16 19:56 - 2016-08-16 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-0137-0
2016-08-16 07:56 - 2016-08-20 10:47 - 00000000 ____D C:\ProgramData\9f572a7f-39a3-0
2016-08-16 07:56 - 2016-08-16 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-15a1-1
2016-08-15 19:32 - 2016-08-15 19:32 - 00000217 _____ C:\Users\Admin\Downloads\Welcome_Numbers_1-20.ics
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-6eb1-1
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-14c7-0
2016-08-14 07:56 - 2016-08-14 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-0da1-1
2016-08-14 07:56 - 2016-08-14 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-0183-0
2016-08-13 13:56 - 2016-08-13 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-4717-0
2016-08-13 13:56 - 2016-08-13 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-1781-1
2016-08-12 07:56 - 2016-08-13 10:59 - 00000000 ____D C:\ProgramData\9f572a7f-5b65-0
2016-08-12 01:56 - 2016-08-13 10:59 - 00000000 ____D C:\ProgramData\9f572a7f-6d17-1
2016-08-12 01:56 - 2016-08-12 01:56 - 00000000 ____D C:\ProgramData\9f572a7f-1797-0
2016-08-11 19:58 - 2016-08-11 19:59 - 90601382 _____ C:\Users\Admin\Downloads\photos.zip
2016-08-11 18:57 - 2016-08-11 18:57 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-10 20:53 - 2016-08-10 20:53 - 00404992 _____ C:\Users\Admin\Downloads\BTSN 2012.ppt
2016-08-10 10:26 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:26 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:26 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:26 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:26 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:26 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:26 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:26 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:26 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:25 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:25 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:25 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:25 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:25 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:25 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:25 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:25 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:25 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:25 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:25 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:25 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:25 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:25 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:25 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:25 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:25 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:25 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:25 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:25 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:25 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:25 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:25 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:25 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:25 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:25 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:25 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:25 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:25 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:25 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:25 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:25 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:25 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:25 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:25 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 13:56 - 2016-08-09 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-1025-0
2016-08-09 13:56 - 2016-08-09 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-09e5-1
2016-08-04 14:33 - 2016-08-04 14:33 - 02323528 _____ C:\Users\Admin\Downloads\How to Download CDs 2016.pdf
2016-07-31 13:56 - 2016-08-06 10:53 - 00000000 ____D C:\ProgramData\9f572a7f-0415-0
2016-07-29 19:56 - 2016-07-29 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-0263-0
2016-07-29 17:34 - 2016-07-29 17:34 - 00000000 ____D C:\Users\Admin\Documents\New folder
2016-07-29 17:32 - 2016-07-29 17:32 - 00116975 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (2).pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design.pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (1).pdf
2016-07-29 13:56 - 2016-07-29 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-7b25-0
2016-07-28 10:46 - 2016-07-28 10:46 - 00000000 ____D C:\Users\Admin\Downloads\New folder
2016-07-28 07:56 - 2016-07-28 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-3c85-0
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-08-27 10:27 - 2016-01-04 11:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-08-27 10:13 - 2014-08-29 10:28 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-27 10:12 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-27 10:12 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-26 17:13 - 2014-08-29 10:28 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-26 11:00 - 2016-06-01 13:51 - 00000282 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2016-08-24 13:16 - 2016-05-25 17:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-24 13:16 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-24 13:13 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 14:12 - 2016-02-01 10:57 - 00000000 ____D C:\Users\Admin\Documents\Parent2Parent
2016-08-23 13:14 - 2016-06-01 13:40 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-08-20 12:32 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Positive Discipline
2016-08-19 11:18 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-18 20:09 - 2015-03-16 12:01 - 00000000 ____D C:\Users\Admin\Tracing
2016-08-18 20:08 - 2016-07-07 19:01 - 00001809 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-08-18 20:08 - 2016-05-25 20:15 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2016-08-18 20:08 - 2016-02-13 06:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-18 19:25 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-18 19:24 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-18 19:23 - 2016-02-13 06:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-12 11:45 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Parenting
2016-08-11 18:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 18:58 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-11 18:56 - 2013-10-07 12:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 18:35 - 2013-10-07 12:42 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 12:16 - 2016-02-09 10:03 - 00002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 12:16 - 2016-02-09 10:03 - 00002283 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-06 10:53 - 2016-07-27 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-4427-1
2016-07-29 01:48 - 2016-05-25 17:00 - 00000000 ____D C:\Users\Admin
2016-07-28 17:08 - 2014-08-29 10:28 - 00003970 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 17:08 - 2014-08-29 10:28 - 00003738 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
==================== Files in the root of some directories =======
2016-06-01 13:39 - 2016-06-01 13:39 - 6859776 _____ () C:\Users\Admin\AppData\Roaming\agent.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0054272 _____ () C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0067776 _____ () C:\Users\Admin\AppData\Roaming\Config.xml
2016-06-01 13:39 - 2016-06-01 13:38 - 0782848 _____ () C:\Users\Admin\AppData\Roaming\FaseRonfresh.exe
2016-06-01 13:39 - 2016-06-01 13:39 - 1756999 _____ () C:\Users\Admin\AppData\Roaming\FaseRonfresh.tst
2016-06-01 13:39 - 2016-06-01 13:38 - 0782848 _____ () C:\Users\Admin\AppData\Roaming\Faxrantop.exe
2016-06-01 13:39 - 2016-06-01 13:39 - 0072820 _____ () C:\Users\Admin\AppData\Roaming\Faxrantop.tst
2016-06-01 13:38 - 2016-06-01 13:39 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\InstallationConfiguration.xml
2016-06-01 13:38 - 2016-06-01 13:38 - 0128512 _____ () C:\Users\Admin\AppData\Roaming\Installer.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0848437 _____ () C:\Users\Admin\AppData\Roaming\Jayzap.bin
2016-06-01 13:39 - 2016-06-01 13:39 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\lobby.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\Main.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0005568 _____ () C:\Users\Admin\AppData\Roaming\md.xml
2016-06-01 13:39 - 2016-06-01 13:39 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\noah.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 2279413 _____ () C:\Users\Admin\AppData\Roaming\Tanruntom.bin
2016-06-01 13:39 - 2016-06-01 13:39 - 0032038 _____ () C:\Users\Admin\AppData\Roaming\uninstall_temp.ico
2015-01-12 13:06 - 2015-06-21 14:54 - 0006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-01 11:17 - 2013-10-01 11:17 - 0000057 _____ () C:\ProgramData\Ament.ini
Files to move or delete:
====================
C:\Users\Admin\PPPlus-Janell-Bitton-20140516-0428.dat
C:\Users\Admin\PPPlus-Janell-Bitton-20140619-1747.dat
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\7DBDO142OV.exe
C:\Users\Admin\AppData\Local\Temp\91MWKQN7XR.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2016-05-25 17:43] - [2016-07-07 18:55] - 0686976 ____A (Microsoft Corporation) 7BFB2943C8F9272F1869D87DBE3D65D5
C:\WINDOWS\SysWOW64\dnsapi.dll
[2016-05-25 17:43] - [2016-07-07 18:55] - 0535080 ____A (Microsoft Corporation) 611225205C580A57DB910AD200172E06
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-08-21 11:06
==================== End of FRST.txt ============================
#3
Posted 27 August 2016 - 04:09 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Hello and welcome to Geeks To Go! My nickname is Pystryker 
, and I will be helping you with your issue today.
Before we get started, I have a few things I need to go over with you
Now, let's get started, shall we?
Hello
Step 1: Post Addition.txt Log
There should be another log entitled Addition.txt that was produced when during the initial run of FRST. It will be located in the same place your ran FRST from, in this case here: C:\Users\Admin\Downloads.
Please post that log as soon as you can. Also, please move FRST64.exe from C:\Users\Admin\Downloads to your Desktop, or future fixes will not work. All tools must be run from the Desktop.
Step 2: Upload file to VirusTotal for Scanning
Please post each of these logs as a separate reply in this thread.
Addition.txt Log
VirusTotal Link
, and I will be helping you with your issue today.Before we get started, I have a few things I need to go over with you
- If you are receiving help for this issue at another forum, please let me know so I can close this thread.
- Please download to and run all requested tools from your Desktop.
- Please do not install any new software during the cleaning process other than the tools I provide for you. This can hinder the cleaning process.
- At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
- If any of your security programs give you a warning about any tool I ask you to use, please do not worry. All the links and tools I provide to you will be safe.
- Please do not run any tools other than the ones I ask you to, when I ask you to. Some of these tools can be very dangerous if used improperly. Also, if you use a tool that I have not requested you use, it can cause false positives, thereby delaying the complete cleaning of your machine.
- This is a complicated process. It requires several steps, patience, and careful following of my instructions in the order they are given to diagnose your problems to get your machine back in working order.
- Please stay with me until the end of all steps and procedures and I declare your system clean. Just because there is a lack of symptoms does not indicate a clean machine. I promise to do the same for you.
- It is impossible for me to know what interactions may happen between your computer's software and the tools we will use to clean your machine. Therefore, I highly recommend you backup any critical personal files on your machine before we start.
- If you have any questions at all, please don't hesitate to ask. There's no such thing as a stupid question when dealing with malware.
- If you are unsure of an instruction I give you, or if something unexpected occurs, Do NOT proceed! Stop and ask for clarification of the instruction or tell me what occurred.
- Please remember, the fixes are for your machine and your machine ONLY! Do not use these fixes on any other machine, each fix is tailor made for your system only. Using a fix on another machine can and will cause serious damage.
- Once we have cleaned your machine, we'll have some cleanup and prevention steps to go through. We will also provide you with some information about how to reduce your chances of infection and get some protections in place to help defend you against this in the future
- Please be patient while I am analyzing your logs. I know you are probably scared and very frustrated with this problem, but I am a volunteer and sometimes life does get in the way.
Now, let's get started, shall we?
Hello
Step 1: Post Addition.txt Log
There should be another log entitled Addition.txt that was produced when during the initial run of FRST. It will be located in the same place your ran FRST from, in this case here: C:\Users\Admin\Downloads.
Please post that log as soon as you can. Also, please move FRST64.exe from C:\Users\Admin\Downloads to your Desktop, or future fixes will not work. All tools must be run from the Desktop.
Step 2: Upload file to VirusTotal for Scanning
- Please go to VirusTotal.org by clicking here
- Please click on Choose File
- When the window opens, navigate to the location listed in the box below and select file that is listed in that location.
C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
- Once you have selected the file, click the blue Scan It! button.
- VirusTotal will scan the file and produce a report for you. Please copy the link the address bar when it shows you the report and post it in your next reply.
Please post each of these logs as a separate reply in this thread.
Addition.txt Log
VirusTotal Link
#4
Posted 28 August 2016 - 11:49 AM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
Hi there! Thanks for walking me through this. Here's the scan you requested...
And this one:
https://www.virustot...sis/1472408771/
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Admin (27-08-2016 10:45:11)
Running from C:\Users\Admin\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-26 03:13:37)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Admin (S-1-5-21-111038216-3123894467-4160015040-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-111038216-3123894467-4160015040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-111038216-3123894467-4160015040-503 - Limited - Disabled)
Guest (S-1-5-21-111038216-3123894467-4160015040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-111038216-3123894467-4160015040-1003 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Reader XI (11.0.17) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Allin1Convert Internet Explorer Toolbar (HKLM-x32\...\Allin1Convert_8hbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION
Amazon Music (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.13 - Crawler, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iExplorer 3.9.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)
Polar FlowSync version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.43 - NCH Software)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{5F5EF771-2B0B-401C-969C-38399DF75D35}) (Version: 1.3.1 - SlimWare Utilities, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.79 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.7.1.0 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.7.1.0 - Tansee, Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0283D2D4-5E6C-4CAE-9A29-6FEA7F286D67} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {0906D094-C9DB-43B3-A07B-AD1308CDC1F4} - System32\Tasks\{E251CBDE-43F8-4687-8EBD-A9D105E0E7F6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Duoing\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Duoing\uninstall.dat" -a uninstallme 22F37957-567D-4FA3-BDAB-44EDF530BEBF DeviceId=c5b1ba4c-4b68-2533-9506-9f984418c49c BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1DCC22CA-1633-4F2F-93EB-A1B8ECCF0FA8} - System32\Tasks\TidyNetwork Update => C:\Users\Admin\AppData\Local\TidyNetwork\update.exe
Task: {1E48E2FF-EA0E-4E2E-A78F-4D45CFDDB748} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {1FF6E7DD-F4FF-4E2D-99FE-B301384E5DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2BFB0FAF-3DC3-44AC-9312-EA9D447F6780} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {2E0690A7-E219-4CE4-B391-0CB567E412A4} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {33C945A7-EE7B-451D-B478-243521702D3C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {3D1AB0C4-AAAA-45C1-84C5-14353D4C2FDC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3E56BA12-30DE-46D9-9421-F01A7518E141} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {41E580E5-EF9D-40EF-A93C-EBAC2D3D2748} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4413B86C-ACC9-416E-BFC2-11237F7998F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {52C327BA-FEF6-4BA8-AA6F-4673F518CBA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5E14951C-E203-4F9F-BA5B-D62A852E4418} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {73C1A910-8A8F-4FA1-B768-26196C867163} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {80EE587C-B040-4A76-88A9-ECE891C258E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {88D68C9A-55B7-4AA4-9354-0FCDAB4AA6CF} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {8E1B2D22-26C3-44B0-B268-6B98B523D55F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {8E2092C1-25BD-4D63-B3E5-7AD498A7AF30} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A4612174-B5D8-4570-BDCD-80C7EB08933B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A6D55643-93E0-4723-97BA-B9DA690A8CA7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B033ECB8-AA10-4210-9A43-34663851A4A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B5E0244D-A713-4DF9-A636-830B01587A29} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C39305B1-F38F-42AA-8924-F84CC098FCBF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE35D1C9-C0E8-4A8B-98BE-52CAD7873E41} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {CF28A7C0-3097-4175-BC54-DE8FE7F9925B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {D406B8AD-A207-47CE-AE7A-1B2408FF0762} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D60CAFA9-0B4D-4A30-A1C7-4F55C43F8857} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-05-04] () <==== ATTENTION
Task: {D8C9DFDE-69F9-4015-B3C4-4BAC07BF3719} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {D92B3E3B-351B-403F-A543-62546B6DE219} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {D9BC7D0A-F7F3-4C4B-9B31-EF8666D7C724} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F68BB389-E4FF-47CB-A633-F7E6BCCF3464} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => <==== ATTENTION
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-06-01 13:39 - 2016-05-15 18:04 - 02089472 _____ () C:\ProgramData\Logic Handler\set.exe
2016-06-01 13:39 - 2016-06-01 13:38 - 00782848 _____ () C:\ProgramData\CloudPrinter\CloudPrinter.exe
2016-06-01 09:53 - 2016-06-01 09:53 - 00170496 _____ () C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
2010-06-01 03:05 - 2010-06-01 03:05 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2016-06-01 09:54 - 2016-06-01 09:54 - 00668672 _____ () C:\Users\Admin\AppData\Roaming\Veotquhn\Iytotriha.dll
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 08:54 - 2016-05-26 08:55 - 00959168 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-06-01 09:54 - 2016-06-01 09:54 - 00143872 _____ () C:\Users\Admin\AppData\Roaming\Veotquhn\Iytotriha.exe
2016-06-01 09:53 - 2016-06-01 09:53 - 00112128 _____ () C:\Users\Admin\AppData\Roaming\Veotquhn\Iaeridgi.exe
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 16:58 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 16:56 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 16:56 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 16:56 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 16:56 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-06-18 20:07 - 2015-07-06 10:47 - 05886784 _____ () C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-05-26 10:07 - 2016-05-26 10:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-03 09:36 - 2016-06-03 09:36 - 01984000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\6e466c96c9465d623ab011de004da48f\Windows.UI.ni.dll
2016-05-31 17:13 - 2016-05-31 17:13 - 00497664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\0c168de19f2576f13020da2bdb2a6d56\Windows.Foundation.ni.dll
2016-05-04 03:16 - 2016-05-04 03:16 - 02725560 _____ () C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
2016-08-27 10:38 - 2016-08-27 10:38 - 01253376 _____ () C:\Users\Admin\AppData\Local\Temp\is-S72D9.tmp\RevoUninProSetup.tmp
2016-08-27 10:38 - 2016-08-27 10:38 - 01253376 _____ () C:\Users\Admin\AppData\Local\Temp\is-RTMHA.tmp\RevoUninProSetup.tmp
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-05 11:57 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-06-01 09:54 - 2016-06-01 09:54 - 00258560 _____ () C:\Users\Admin\AppData\Roaming\Veotquhn\Iaeridgi.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2015-11-11 04:41 - 2015-11-11 04:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2016-05-25 20:24 - 2016-05-25 20:25 - 00679624 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\ClientTelemetry.dll
2015-01-16 10:33 - 2014-11-11 11:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-01-16 10:33 - 2013-08-25 21:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-08 12:16 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 12:16 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-08-08 12:16 - 2016-08-02 16:54 - 17602240 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 06:25 - 2016-07-07 18:56 - 00001626 ____A C:\WINDOWS\system32\Drivers\etc\hosts
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{2AB3F5FC-D15A-4AD5-ABE2-E7E645BA09B4}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{769F8514-EFB9-4F73-BC03-0AECC1E428BC}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{0252BC2E-2CE4-4F27-9C40-6E9DAE98226A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B3D94EE0-0445-456F-9A70-89CD0A763DF4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{92F17ABA-55E5-4BB6-B7CD-8E7F5180741D}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{092E1202-B573-4D32-AF92-534D01E08059}] => (Allow) LPort=1900
FirewallRules: [{1F7C021D-A421-480D-83E1-86556EB20712}] => (Allow) LPort=2869
FirewallRules: [{760A01EE-AA8D-4E1D-A451-82CC2E5A9486}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3460EAB9-BFCC-4E29-ABC2-11D8B3617D6F}] => (Allow) C:\Users\Admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{4067F6F3-1BA1-48F7-BE3B-21E612AFE565}] => (Allow) LPort=5354
FirewallRules: [{46AEFC5F-F3D5-499F-B13A-A2666C6BE5F0}] => (Allow) LPort=5354
FirewallRules: [{3D43EF6D-B1FF-4619-98E1-D9EB0AB81A43}] => (Allow) LPort=5354
FirewallRules: [{21D2602D-487A-457A-9E7B-93FF10DCE012}] => (Allow) LPort=5354
FirewallRules: [{7189ED75-CC8D-4672-A338-71D072FFA2B9}] => (Allow) C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe
FirewallRules: [{202A36E1-6B5C-4301-B7AA-0BEF73D1D717}] => (Allow) C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe
FirewallRules: [{48CB3B8E-804F-4FA4-B7CB-AC8F4AF2D615}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{F737F4AC-8584-4D99-A9B7-0C924856E142}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{08AEC609-9A58-493E-BDE6-5057D32F7103}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{BE662FA5-0EED-4441-9F36-8883D85120EC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F7B6A1BB-5179-44B4-9D7B-20D09D553496}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D36B0594-ECF4-4CF3-ACFF-D025CC693E47}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{1F6BB868-2538-417D-B04C-4DB33B2F2610}] => (Allow) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{ED67655B-D110-4964-A1EB-CC0F11C31CD5}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{619C41A3-FEA6-4E45-BB18-E6AA027EE268}C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\admin\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{5F21A80E-D150-41B3-A55A-AAFEBD5B5E55}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS0333\HPDiagnosticCoreUI.exe
FirewallRules: [{98F54923-9F1B-4968-A620-34C42CCB3EC6}] => (Allow) C:\Users\Admin\AppData\Local\Temp\7zS0333\HPDiagnosticCoreUI.exe
FirewallRules: [{03813196-ECB2-4E53-B2C2-B91C456B0776}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\DeviceSetup.exe
FirewallRules: [{9429CF1B-AA3B-4ACC-AFEA-113A8897231C}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{98DABB9A-28A1-40FC-89E3-D16761EE018A}] => (Allow) C:\Program Files\HP\HP Photosmart 5510d series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{79B944D3-263F-4C8A-8CA2-FC53CCF856AC}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{0CBA50CA-DBFA-493C-9D0D-2B11BB904093}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{19E0861C-08CF-4C63-B7AD-23C742246F49}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [TCP Query User{9B441E93-B9A9-402A-A439-F29DF9AB067F}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [UDP Query User{8C884E03-DCB5-4292-A790-6D20FB2936A4}C:\program files (x86)\itibiti soft phone\itibiti.exe] => (Block) C:\program files (x86)\itibiti soft phone\itibiti.exe
FirewallRules: [{E66C0BE8-5280-473D-9F38-C8C01DE14D3D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
ATTENTION: System Restore is disabled
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/27/2016 10:36:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 736: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (08/27/2016 10:36:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (08/27/2016 10:26:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 936: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (08/27/2016 10:26:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (08/27/2016 10:22:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 936: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (08/27/2016 10:22:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (08/27/2016 10:22:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 936: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (08/27/2016 10:22:05 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
Error: (08/27/2016 10:20:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 848: ERROR: read_msg errno 0 (The operation completed successfully.)
Error: (08/27/2016 10:20:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
System errors:
=============
Error: (08/27/2016 10:09:52 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (08/26/2016 07:12:22 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (08/26/2016 06:48:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (08/26/2016 06:07:00 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 08-BD-43-5F-60-07. Network operations on this system may
be disrupted as a result.
Error: (08/26/2016 03:55:04 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (08/26/2016 10:33:27 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (08/25/2016 10:15:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (08/25/2016 10:05:18 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {F3B4E234-7A68-4E43-B813-E4BA55A065F6}
Error: (08/25/2016 09:21:40 PM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 08-BD-43-5F-60-07. Network operations on this system may
be disrupted as a result.
Error: (08/25/2016 09:27:50 AM) (Source: Tcpip) (EventID: 4199) (User: )
Description: The system detected an address conflict for IP address 0.0.0.0 with the system
having network hardware address 08-BD-43-5F-60-07. Network operations on this system may
be disrupted as a result.
CodeIntegrity:
===================================
Date: 2016-08-25 21:24:45.096
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:45.065
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:45.028
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:44.966
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:33.786
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:33.734
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:33.685
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:33.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:33.651
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
Date: 2016-08-25 21:24:33.616
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
==================== Memory info ===========================
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 65%
Total physical RAM: 8071.27 MB
Available physical RAM: 2795.18 MB
Total Virtual: 10759.27 MB
Available Virtual: 3659.71 MB
==================== Drives ================================
Drive c: (TI10664600G) (Fixed) (Total:685.68 GB) (Free:612.77 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
Partition: GPT.
==================== End of Addition.txt ============================
Edited by lanelly7, 28 August 2016 - 12:30 PM.
#5
Posted 28 August 2016 - 12:04 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Hello
Thank you for the log. Did you upload the file for scanning to VirusTotal per the instructions in Step 2?
Thank you for the log. Did you upload the file for scanning to VirusTotal per the instructions in Step 2?
#6
Posted 28 August 2016 - 12:28 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
#7
Posted 28 August 2016 - 12:28 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
#8
Posted 28 August 2016 - 12:28 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
#9
Posted 28 August 2016 - 12:29 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
#10
Posted 28 August 2016 - 12:30 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
#11
Posted 28 August 2016 - 12:30 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
Posted virus total scan link in post above (wouldn't let me post here)
#12
Posted 28 August 2016 - 12:30 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
Posted virus total scan link in post above (wouldn't let me post here)
#13
Posted 28 August 2016 - 12:31 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
Sorry for all the links, wasn't showing that it posted, but I guess it did....several times. Ooops. -)
#14
Posted 28 August 2016 - 12:39 PM
pystryker
-
- Malware Removal
-
- 3,912 posts
Trusted Helper
Sorry for all the links, wasn't showing that it posted, but I guess it did....several times. Ooops. -)
Hello
No worries, that happens on occasion.
While I'm analyzing your logs, please run this search for me as one of the infections has compromised a Windows file and we need to find a replacement.
Step 1: File Search with FRST
Please start FRST64.exe by double clicking it. When the interface pops up, please enter this file name in the Search Box
dnsapi.dll
Once you've entered the filename, please click the Search Files button. FRST will scan your system and then produce a log called Search.txt
Please post that log in your next reply.
Things I need to see in your next post:
Please post each of these logs as a separate reply in this thread.
Search.txt Log
#15
Posted 28 August 2016 - 12:47 PM
lanelly7
- Topic Starter
-
- Member
-
- 53 posts
Member
Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Admin (28-08-2016 11:41:42)
Running from C:\Users\Admin\Desktop
Boot Mode: Normal
================== Search Files: "dnsapi.dll" =============
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll
[2016-05-25 17:43][2016-05-25 17:43] 0535080 ____A (Microsoft Corporation) 6A7ACABAE92C837F5C1330188EAE36AE [File is digitally signed]
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_2c65f66b01dd8f12\dnsapi.dll
[2015-10-30 00:18][2016-07-28 03:36] 0017780 ____A () 4C8C167B131EBE7A4D94504F82DAD316 [File not signed]
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll
[2016-05-25 17:43][2016-05-25 17:43] 0686976 ____A (Microsoft Corporation) 9A3E17CDB177913C2A111C80F3D0DBB4 [File is digitally signed]
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.0_none_22114c18cd7ccd17\dnsapi.dll
[2015-10-30 00:18][2016-06-03 13:49] 0010782 ____A () E4E48EFBCF7DF993A1377CB0518411BC [File not signed]
C:\Windows\SysWOW64\dnsapi.dll
[2016-05-25 17:43][2016-07-07 18:55] 0535080 ____A (Microsoft Corporation) 611225205C580A57DB910AD200172E06 [File not signed]
C:\Windows\System32\dnsapi.dll
[2016-05-25 17:43][2016-07-07 18:55] 0686976 ____A (Microsoft Corporation) 7BFB2943C8F9272F1869D87DBE3D65D5 [File not signed]
====== End of Search ======
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
