Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help remove One System Care [Solved]


  • This topic is locked This topic is locked

#16
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Let's get started. :thumbsup:


Step 1: Turn on System Restore

The log is showing that your System Restore has been shut down. Please enable it by following the instructions found at the link below.

http://www.thewindow...restore-windows


Step 2: Program Uninstalls

Please uninstall the following programs from your machine as they are adware/malware related. If one of the programs fails to uninstall, please move on to the next one in the list.
  • Allin1Convert Internet Explorer Toolbar
  • Itibiti RTC
Step 3: Fix with FRST

Please make sure that FRST64 and the fixlist.txt are both on the Desktop or the fix will not work.
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

Start
CreateRestorePoint:
CloseProcesses:
() C:\ProgramData\Logic Handler\set.exe
C:\ProgramData\Logic Handler
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
C:\Program Files (x86)\MPC Cleaner
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iytotriha.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iaeridgi.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
C:\Users\Admin\AppData\Roaming\Veotquhn
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
C:\Program Files (x86)\MPC Cleaner
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
C:\Program Files (x86)\CStart8
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
C:\Program Files (x86)\OneSystemCare
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKLM-x32\...\Run: [Allin1Convert EPM Support] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hmedint.exe [12872 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 32-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE [225864 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 64-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe [258632 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert Search Scope Monitor] => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h
C:\Program Files (x86)\Allin1Convert_8h
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Caster] => C:\Program Files (x86)\Max Driver Updater\wizzcaster.exe
C:\Program Files (x86)\Max Driver Updater
ShortcutTarget: mmc.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Command Processor: "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe" <===== ATTENTION
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {15848FFC-7A1E-483C-A0F8-5028A1EF9123} URL =
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
BHO-x32: Search Assistant BHO -> {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll [2015-04-24] (Mindspark)
BHO-x32: Toolbar BHO -> {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
Toolbar: HKLM-x32 - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgYt6OamqXKYn1DthkJqVHn0gLel593R8c3wLrVWKnwM-gHYKF_AHekPG8H4NleLe70_w7P_EO9H3i3ICfNxI_PJGO5w,,
R2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [90696 2015-04-24] (Mindspark)
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-06-01] (DotC United Inc)
R2 Ulifumeul; C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
S2 Jaezrui; "C:\Users\Admin\AppData\Roaming\LoctywReet\Nackyrl.exe" -cms [X]
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-06-01] (DotC United Inc)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
C:\Users\Public\Desktop\MPC Cleaner.lnk
C:\Program Files (x86)\MPC Cleaner
C:\Users\Admin\PPPlus-Janell-Bitton-20140516-0428.dat
C:\Users\Admin\PPPlus-Janell-Bitton-20140619-1747.dat
Task: {1FF6E7DD-F4FF-4E2D-99FE-B301384E5DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2BFB0FAF-3DC3-44AC-9312-EA9D447F6780} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {2E0690A7-E219-4CE4-B391-0CB567E412A4} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {1DCC22CA-1633-4F2F-93EB-A1B8ECCF0FA8} - System32\Tasks\TidyNetwork Update => C:\Users\Admin\AppData\Local\TidyNetwork\update.exe
C:\Users\Admin\AppData\Local\TidyNetwork
Task: {3D1AB0C4-AAAA-45C1-84C5-14353D4C2FDC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4413B86C-ACC9-416E-BFC2-11237F7998F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {52C327BA-FEF6-4BA8-AA6F-4673F518CBA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5E14951C-E203-4F9F-BA5B-D62A852E4418} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {88D68C9A-55B7-4AA4-9354-0FCDAB4AA6CF} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {8E2092C1-25BD-4D63-B3E5-7AD498A7AF30} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A4612174-B5D8-4570-BDCD-80C7EB08933B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A6D55643-93E0-4723-97BA-B9DA690A8CA7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B033ECB8-AA10-4210-9A43-34663851A4A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B5E0244D-A713-4DF9-A636-830B01587A29} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C39305B1-F38F-42AA-8924-F84CC098FCBF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE35D1C9-C0E8-4A8B-98BE-52CAD7873E41} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D406B8AD-A207-47CE-AE7A-1B2408FF0762} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D60CAFA9-0B4D-4A30-A1C7-4F55C43F8857} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-05-04] () <==== ATTENTION
Task: {D8C9DFDE-69F9-4015-B3C4-4BAC07BF3719} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => <==== ATTENTION
Replace: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll C:\WINDOWS\SysWOW64\dnsapi.dll
Replace: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll C:\Windows\System32\dnsapi.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 4: Fresh FRST Scans
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

Advertisements


#17
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Step 1 - done

Step 2 - Unistalled allinone, but can't find Itibiti...


  • 0

#18
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Step 1 - done
Step 2 - Unistalled allinone, but can't find Itibiti...


No worries, the FRST fix will remove what I see of it. Proceed with the rest of the steps. :thumbsup:
  • 0

#19
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Also, can't find fixlist.txt.  Did PC search and still can't find.


  • 0

#20
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Also, can't find fixlist.txt.  Did PC search and still can't find.


  • 0

#21
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Think I figured out the fixlist thing - had to create it first.:-) 


  • 0

#22
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
 
Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 28-08-2016 13:40:38)
 
==> ATTENTION: System is not rebooted.
"C:\Program Files (x86)\MPC Cleaner" => Could not move
"C:\Program Files (x86)\MPC Cleaner" => Could not move
"C:\Program Files (x86)\MPC Cleaner" => Could not move
 
==== End of Fixlog 13:40:44 ====

  • 0

#23
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Something is not right with the fixlog, let's try it again.

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
Right-click in the open notepad and select Paste).
Save it on the desktop as fixlist.txt

Please make sure FRST64.exe is on the Desktop with the fixlist, start FRST and then press Fix

The machine will process the fix and then ask to reboot the machine. Reboot and when the reboot is complete, a log will open called fixlog.txt

Please post it in your next reply, along with the fresh FRST scans in Step #4. :thumbsup:
 

Start
CreateRestorePoint:
CloseProcesses:
() C:\ProgramData\Logic Handler\set.exe
C:\ProgramData\Logic Handler
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
C:\Program Files (x86)\MPC Cleaner
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iytotriha.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iaeridgi.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
C:\Users\Admin\AppData\Roaming\Veotquhn
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
C:\Program Files (x86)\MPC Cleaner
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
C:\Program Files (x86)\CStart8
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
C:\Program Files (x86)\OneSystemCare
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKLM-x32\...\Run: [Allin1Convert EPM Support] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hmedint.exe [12872 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 32-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE [225864 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 64-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe [258632 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert Search Scope Monitor] => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h
C:\Program Files (x86)\Allin1Convert_8h
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Caster] => C:\Program Files (x86)\Max Driver Updater\wizzcaster.exe
C:\Program Files (x86)\Max Driver Updater
ShortcutTarget: mmc.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Command Processor: "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe" <===== ATTENTION
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {15848FFC-7A1E-483C-A0F8-5028A1EF9123} URL =
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
BHO-x32: Search Assistant BHO -> {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll [2015-04-24] (Mindspark)
BHO-x32: Toolbar BHO -> {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
Toolbar: HKLM-x32 - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgYt6OamqXKYn1DthkJqVHn0gLel593R8c3wLrVWKnwM-gHYKF_AHekPG8H4NleLe70_w7P_EO9H3i3ICfNxI_PJGO5w,,
R2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [90696 2015-04-24] (Mindspark)
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-06-01] (DotC United Inc)
R2 Ulifumeul; C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
S2 Jaezrui; "C:\Users\Admin\AppData\Roaming\LoctywReet\Nackyrl.exe" -cms [X]
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-06-01] (DotC United Inc)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
C:\Users\Public\Desktop\MPC Cleaner.lnk
C:\Program Files (x86)\MPC Cleaner
C:\Users\Admin\PPPlus-Janell-Bitton-20140516-0428.dat
C:\Users\Admin\PPPlus-Janell-Bitton-20140619-1747.dat
Task: {1FF6E7DD-F4FF-4E2D-99FE-B301384E5DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2BFB0FAF-3DC3-44AC-9312-EA9D447F6780} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {2E0690A7-E219-4CE4-B391-0CB567E412A4} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {1DCC22CA-1633-4F2F-93EB-A1B8ECCF0FA8} - System32\Tasks\TidyNetwork Update => C:\Users\Admin\AppData\Local\TidyNetwork\update.exe
C:\Users\Admin\AppData\Local\TidyNetwork
Task: {3D1AB0C4-AAAA-45C1-84C5-14353D4C2FDC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4413B86C-ACC9-416E-BFC2-11237F7998F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {52C327BA-FEF6-4BA8-AA6F-4673F518CBA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5E14951C-E203-4F9F-BA5B-D62A852E4418} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {88D68C9A-55B7-4AA4-9354-0FCDAB4AA6CF} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {8E2092C1-25BD-4D63-B3E5-7AD498A7AF30} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A4612174-B5D8-4570-BDCD-80C7EB08933B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A6D55643-93E0-4723-97BA-B9DA690A8CA7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B033ECB8-AA10-4210-9A43-34663851A4A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B5E0244D-A713-4DF9-A636-830B01587A29} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C39305B1-F38F-42AA-8924-F84CC098FCBF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE35D1C9-C0E8-4A8B-98BE-52CAD7873E41} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D406B8AD-A207-47CE-AE7A-1B2408FF0762} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D60CAFA9-0B4D-4A30-A1C7-4F55C43F8857} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-05-04] () <==== ATTENTION
Task: {D8C9DFDE-69F9-4015-B3C4-4BAC07BF3719} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => <==== ATTENTION
Replace: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll C:\WINDOWS\SysWOW64\dnsapi.dll
Replace: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll C:\Windows\System32\dnsapi.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


  • 0

#24
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Is this what you're looking for? It did restart, but log didn't pop up - I had to search for it...

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Admin (28-08-2016 13:39:13) Run:1
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
() C:\ProgramData\Logic Handler\set.exe
C:\ProgramData\Logic Handler
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
C:\Program Files (x86)\MPC Cleaner
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iytotriha.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Iaeridgi.exe
() C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
C:\Users\Admin\AppData\Roaming\Veotquhn
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
C:\Program Files (x86)\MPC Cleaner
(Crawler.com) C:\Program Files (x86)\CStart8\CStart8Tray64.exe
C:\Program Files (x86)\CStart8
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE
(Mindspark) C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe
() C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe
C:\Program Files (x86)\OneSystemCare
HKLM-x32\...\Run: [CStart8] => C:\Program Files (x86)\CStart8\CStart8Tray64.exe [3138656 2013-10-04] (Crawler.com)
HKLM-x32\...\Run: [Allin1Convert EPM Support] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hmedint.exe [12872 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 32-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE [225864 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert AppIntegrator 64-bit] => C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe [258632 2015-04-24] (Mindspark)
HKLM-x32\...\Run: [Allin1Convert Search Scope Monitor] => "C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hsrchmn.exe" /m=2 /w /h
C:\Program Files (x86)\Allin1Convert_8h
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Caster] => C:\Program Files (x86)\Max Driver Updater\wizzcaster.exe
C:\Program Files (x86)\Max Driver Updater
ShortcutTarget: mmc.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Command Processor: "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe" <===== ATTENTION
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
URLSearchHook: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 - (No Name) - {5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll (Mindspark)
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {15848FFC-7A1E-483C-A0F8-5028A1EF9123} URL =
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {75b4241f-171e-44a3-bf44-23613b6e3e03} URL = hxxp://search.tb.ask.com/search/GGmain.jhtml?p2=^AYY^xdm353^S12761^us&ptb=B3C28388-C465-4866-8008-EE0C13E55BF6&ind=2015042417&n=781b1b71&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=410&v=n15946-717&apn_uid=1040329114494264&apn_dtid=BND410&o=APN10649&apn_ptnrs=AGA&q={searchTerms}
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgeZQe0qbjrAhUjiwT9lVE12_K8FqvuQ7cZKzwzbOlXFx-Tqppl5Kc1sbCldA5qXZFgeyXnMMfff6322g_re1wBgcmdQ,,&q={searchTerms}
BHO-x32: Search Assistant BHO -> {a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hSrcAs.dll [2015-04-24] (Mindspark)
BHO-x32: Toolbar BHO -> {fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} -> C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
Toolbar: HKLM-x32 - Allin1Convert - {cd1a63ba-a08c-431b-9a34-f240aadc728d} - C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbar.dll [2015-04-24] (Mindspark)
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgYt6OamqXKYn1DthkJqVHn0gLel593R8c3wLrVWKnwM-gHYKF_AHekPG8H4NleLe70_w7P_EO9H3i3ICfNxI_PJGO5w,,
R2 Allin1Convert_8hService; C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe [90696 2015-04-24] (Mindspark)
R2 backlh; C:\ProgramData\Logic Handler\set.exe [2089472 2016-05-15] () [File not signed]
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-06-01] (DotC United Inc)
R2 Ulifumeul; C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe
S2 Jaezrui; "C:\Users\Admin\AppData\Roaming\LoctywReet\Nackyrl.exe" -cms [X]
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-06-01] (DotC United Inc)
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
C:\Users\Public\Desktop\MPC Cleaner.lnk
C:\Program Files (x86)\MPC Cleaner
C:\Users\Admin\PPPlus-Janell-Bitton-20140516-0428.dat
C:\Users\Admin\PPPlus-Janell-Bitton-20140619-1747.dat
Task: {1FF6E7DD-F4FF-4E2D-99FE-B301384E5DF9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2BFB0FAF-3DC3-44AC-9312-EA9D447F6780} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {2E0690A7-E219-4CE4-B391-0CB567E412A4} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {1DCC22CA-1633-4F2F-93EB-A1B8ECCF0FA8} - System32\Tasks\TidyNetwork Update => C:\Users\Admin\AppData\Local\TidyNetwork\update.exe
C:\Users\Admin\AppData\Local\TidyNetwork
Task: {3D1AB0C4-AAAA-45C1-84C5-14353D4C2FDC} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {4413B86C-ACC9-416E-BFC2-11237F7998F9} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {52C327BA-FEF6-4BA8-AA6F-4673F518CBA1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5E14951C-E203-4F9F-BA5B-D62A852E4418} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {88D68C9A-55B7-4AA4-9354-0FCDAB4AA6CF} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-05-04] () <==== ATTENTION
Task: {8E2092C1-25BD-4D63-B3E5-7AD498A7AF30} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {A4612174-B5D8-4570-BDCD-80C7EB08933B} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {A6D55643-93E0-4723-97BA-B9DA690A8CA7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {B033ECB8-AA10-4210-9A43-34663851A4A6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B5E0244D-A713-4DF9-A636-830B01587A29} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {C39305B1-F38F-42AA-8924-F84CC098FCBF} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE35D1C9-C0E8-4A8B-98BE-52CAD7873E41} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {D406B8AD-A207-47CE-AE7A-1B2408FF0762} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D60CAFA9-0B4D-4A30-A1C7-4F55C43F8857} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-05-04] () <==== ATTENTION
Task: {D8C9DFDE-69F9-4015-B3C4-4BAC07BF3719} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\One System CarePeriod.job => <==== ATTENTION
Replace: C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll C:\WINDOWS\SysWOW64\dnsapi.dll
Replace: C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll C:\Windows\System32\dnsapi.dll
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\ProgramData\Logic Handler\set.exe => Could not close process
C:\ProgramData\Logic Handler => moved successfully
C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe => Could not close process
 
"C:\Program Files (x86)\MPC Cleaner" folder move:
 
Could not move "C:\Program Files (x86)\MPC Cleaner" => Scheduled to move on reboot.
 
C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\8hbarsvc.exe => No running process found
C:\Users\Admin\AppData\Roaming\Veotquhn\Iytotriha.exe => No running process found
C:\Users\Admin\AppData\Roaming\Veotquhn\Iaeridgi.exe => No running process found
C:\Users\Admin\AppData\Roaming\Veotquhn\Veotquhn.exe => No running process found
C:\Users\Admin\AppData\Roaming\Veotquhn => moved successfully
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe => Could not close process
C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe => No running process found
 
"C:\Program Files (x86)\MPC Cleaner" folder move:
 
Could not move "C:\Program Files (x86)\MPC Cleaner" => Scheduled to move on reboot.
 
C:\Program Files (x86)\CStart8\CStart8Tray64.exe => No running process found
C:\Program Files (x86)\CStart8 => moved successfully
C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\APPINTEGRATOR.EXE => No running process found
C:\Program Files (x86)\Allin1Convert_8h\bar\1.bin\AppIntegrator64.exe => No running process found
C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe => No running process found
C:\Program Files (x86)\OneSystemCare => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\CStart8 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Allin1Convert EPM Support => value not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Allin1Convert AppIntegrator 32-bit => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Allin1Convert AppIntegrator 64-bit => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Allin1Convert Search Scope Monitor => value not found.
C:\Program Files (x86)\Allin1Convert_8h => moved successfully
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Caster => value removed successfully
C:\Program Files (x86)\Max Driver Updater => moved successfully
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe => not found.
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Command Processor\\AutoRun => value removed successfully
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{5bcf818d-78c8-41b8-ba89-65c5fdac4fc4} => value not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}" => key removed successfully
HKCR\Wow6432Node\CLSID\{75b4241f-171e-44a3-bf44-23613b6e3e03} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}" => key removed successfully
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} => key not found. 
"HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{15848FFC-7A1E-483C-A0F8-5028A1EF9123}" => key removed successfully
HKCR\CLSID\{15848FFC-7A1E-483C-A0F8-5028A1EF9123} => key not found. 
"HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{75b4241f-171e-44a3-bf44-23613b6e3e03}" => key removed successfully
HKCR\CLSID\{75b4241f-171e-44a3-bf44-23613b6e3e03} => key not found. 
"HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}" => key removed successfully
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410} => key not found. 
"HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} => key not found. 
HKCR\Wow6432Node\CLSID\{a4c2fb10-84c3-44eb-9f9e-860fa1d9a797} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} => key not found. 
HKCR\Wow6432Node\CLSID\{fbcbc43a-dca9-4192-a4c8-b57fd0f77d4d} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{cd1a63ba-a08c-431b-9a34-f240aadc728d} => value not found.
HKCR\Wow6432Node\CLSID\{cd1a63ba-a08c-431b-9a34-f240aadc728d} => key not found. 
Chrome HomePage => removed successfully
Allin1Convert_8hService => service not found.
backlh => service removed successfully
MPCProtectService => Unable to stop service.
MPCProtectService => service could not remove
Ulifumeul => service removed successfully
Jaezrui => service removed successfully
MPCKpt => Unable to stop service.
MPCKpt => service could not remove
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC => moved successfully
C:\Users\Public\Desktop\MPC Cleaner.lnk => moved successfully
 
"C:\Program Files (x86)\MPC Cleaner" folder move:
 
Could not move "C:\Program Files (x86)\MPC Cleaner" => Scheduled to move on reboot.
 
C:\Users\Admin\PPPlus-Janell-Bitton-20140516-0428.dat => moved successfully
C:\Users\Admin\PPPlus-Janell-Bitton-20140619-1747.dat => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1FF6E7DD-F4FF-4E2D-99FE-B301384E5DF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1FF6E7DD-F4FF-4E2D-99FE-B301384E5DF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2BFB0FAF-3DC3-44AC-9312-EA9D447F6780}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BFB0FAF-3DC3-44AC-9312-EA9D447F6780}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Monitor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E0690A7-E219-4CE4-B391-0CB567E412A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E0690A7-E219-4CE4-B391-0CB567E412A4}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Run Delay => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Run Delay" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1DCC22CA-1633-4F2F-93EB-A1B8ECCF0FA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DCC22CA-1633-4F2F-93EB-A1B8ECCF0FA8}" => key removed successfully
C:\WINDOWS\System32\Tasks\TidyNetwork Update => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TidyNetwork Update" => key removed successfully
"C:\Users\Admin\AppData\Local\TidyNetwork" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D1AB0C4-AAAA-45C1-84C5-14353D4C2FDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D1AB0C4-AAAA-45C1-84C5-14353D4C2FDC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4413B86C-ACC9-416E-BFC2-11237F7998F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4413B86C-ACC9-416E-BFC2-11237F7998F9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{52C327BA-FEF6-4BA8-AA6F-4673F518CBA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52C327BA-FEF6-4BA8-AA6F-4673F518CBA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E14951C-E203-4F9F-BA5B-D62A852E4418}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E14951C-E203-4F9F-BA5B-D62A852E4418}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88D68C9A-55B7-4AA4-9354-0FCDAB4AA6CF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88D68C9A-55B7-4AA4-9354-0FCDAB4AA6CF}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System CarePeriod => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8E2092C1-25BD-4D63-B3E5-7AD498A7AF30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E2092C1-25BD-4D63-B3E5-7AD498A7AF30}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4612174-B5D8-4570-BDCD-80C7EB08933B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4612174-B5D8-4570-BDCD-80C7EB08933B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A6D55643-93E0-4723-97BA-B9DA690A8CA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A6D55643-93E0-4723-97BA-B9DA690A8CA7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B033ECB8-AA10-4210-9A43-34663851A4A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B033ECB8-AA10-4210-9A43-34663851A4A6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5E0244D-A713-4DF9-A636-830B01587A29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5E0244D-A713-4DF9-A636-830B01587A29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C39305B1-F38F-42AA-8924-F84CC098FCBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C39305B1-F38F-42AA-8924-F84CC098FCBF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE35D1C9-C0E8-4A8B-98BE-52CAD7873E41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE35D1C9-C0E8-4A8B-98BE-52CAD7873E41}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D406B8AD-A207-47CE-AE7A-1B2408FF0762}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D406B8AD-A207-47CE-AE7A-1B2408FF0762}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D60CAFA9-0B4D-4A30-A1C7-4F55C43F8857}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D60CAFA9-0B4D-4A30-A1C7-4F55C43F8857}" => key removed successfully
C:\WINDOWS\System32\Tasks\One System Care Task => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D8C9DFDE-69F9-4015-B3C4-4BAC07BF3719}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C9DFDE-69F9-4015-B3C4-4BAC07BF3719}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => moved successfully
C:\WINDOWS\SysWOW64\dnsapi.dll => moved successfully
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_0d0987cfb6756063\dnsapi.dll copied successfully to C:\WINDOWS\SysWOW64\dnsapi.dll
C:\Windows\System32\dnsapi.dll => moved successfully
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10586.212_none_02b4dd7d82149e68\dnsapi.dll copied successfully to C:\Windows\System32\dnsapi.dll
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 199069812 B
Java, Flash, Steam htmlcache => 315358 B
Windows/system/drivers => 49840500 B
Edge => 5172595 B
Chrome => 867657255 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 1286038 B
NetworkService => 366156 B
Admin => 510675131 B
 
RecycleBin => 2682155698 B
EmptyTemp: => 4 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 13:46:18 ====

  • 0

#25
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Well done :) Please proceed with the Fresh FRST Scans, and we'll continue. :thumbsup:
  • 0

Advertisements


#26
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Admin (28-08-2016 14:00:28)
Running from C:\Users\Admin\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-26 03:13:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-111038216-3123894467-4160015040-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-111038216-3123894467-4160015040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-111038216-3123894467-4160015040-503 - Limited - Disabled)
Guest (S-1-5-21-111038216-3123894467-4160015040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-111038216-3123894467-4160015040-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.13 - Crawler, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iExplorer 3.9.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)
Polar FlowSync version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.43 - NCH Software)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{5F5EF771-2B0B-401C-969C-38399DF75D35}) (Version: 1.3.1 - SlimWare Utilities, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.79 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.7.1.0 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.7.1.0 - Tansee, Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0283D2D4-5E6C-4CAE-9A29-6FEA7F286D67} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {0906D094-C9DB-43B3-A07B-AD1308CDC1F4} - System32\Tasks\{E251CBDE-43F8-4687-8EBD-A9D105E0E7F6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Duoing\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Duoing\uninstall.dat" -a uninstallme 22F37957-567D-4FA3-BDAB-44EDF530BEBF DeviceId=c5b1ba4c-4b68-2533-9506-9f984418c49c BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E48E2FF-EA0E-4E2E-A78F-4D45CFDDB748} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {33C945A7-EE7B-451D-B478-243521702D3C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {3E56BA12-30DE-46D9-9421-F01A7518E141} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {41E580E5-EF9D-40EF-A93C-EBAC2D3D2748} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {80EE587C-B040-4A76-88A9-ECE891C258E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E1B2D22-26C3-44B0-B268-6B98B523D55F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {CF28A7C0-3097-4175-BC54-DE8FE7F9925B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {D92B3E3B-351B-403F-A543-62546B6DE219} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {F68BB389-E4FF-47CB-A633-F7E6BCCF3464} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 08:54 - 2016-05-26 08:55 - 00959168 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 16:58 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-07-12 16:56 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 16:56 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 16:56 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 16:56 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-18 20:07 - 2015-07-06 10:47 - 05886784 _____ () C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-06-01 03:05 - 2010-06-01 03:05 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-28 13:49 - 2016-08-23 13:14 - 00115168 _____ () C:\Program Files (x86)\MPC Cleaner\zlib1.dll
2015-01-16 10:33 - 2014-11-11 11:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-01-16 10:33 - 2013-08-25 21:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-08-05 11:57 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-08-08 12:16 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 12:16 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2015-11-11 04:41 - 2015-11-11 04:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-07-07 18:56 - 00001626 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{1BBC49A2-9751-471C-ABCD-FA9C8767FBF4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A6022EC9-5558-4CD7-9BF5-F75792787AE1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{5205AA1F-B72C-433D-A639-C96FF7A6D16A}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B9601F2F-3C8B-4141-853D-475C4E1AF07E}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
 
==================== Restore Points =========================
 
28-08-2016 13:39:14 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2016 01:51:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {18635296-6488-4bbe-b246-f1fb997a2658}
 
Error: (08/28/2016 01:51:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (08/28/2016 01:50:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/28/2016 01:49:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.494, time stamp: 0x5775e69a
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.545, time stamp: 0x57a1bca1
Exception code: 0xc000027b
Fault offset: 0x00000000006fd01b
Faulting process id: 0x1328
Faulting application start time: 0x01d2016db418ccae
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 9385c972-a52b-4ca1-85d7-3fb2e80d0166
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (08/28/2016 01:39:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/28/2016 01:39:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6c01c545-84ff-4e97-8fa8-29657b6b160c}
 
Error: (08/28/2016 01:34:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 844: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/28/2016 01:34:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/28/2016 01:25:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname PC.local already in use; will try PC-2.local instead
 
Error: (08/28/2016 01:25:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 PC.local. Addr 192.168.0.10
 
 
System errors:
=============
Error: (08/28/2016 01:49:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MPC Core Protect Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/28/2016 01:48:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CloudPrinter service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/28/2016 01:48:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CloudPrinter service to connect.
 
Error: (08/28/2016 01:46:56 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:39:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Validation Trust Protection Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/28/2016 01:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ulifumeul service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-25 21:24:45.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:44.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8071.27 MB
Available physical RAM: 5668.2 MB
Total Virtual: 10631.27 MB
Available Virtual: 8428.3 MB
 
==================== Drives ================================
 
Drive c: (TI10664600G) (Fixed) (Total:685.68 GB) (Free:614.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#27
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Admin (28-08-2016 14:00:28)
Running from C:\Users\Admin\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-26 03:13:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-111038216-3123894467-4160015040-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-111038216-3123894467-4160015040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-111038216-3123894467-4160015040-503 - Limited - Disabled)
Guest (S-1-5-21-111038216-3123894467-4160015040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-111038216-3123894467-4160015040-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.13 - Crawler, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iExplorer 3.9.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)
Polar FlowSync version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.43 - NCH Software)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{5F5EF771-2B0B-401C-969C-38399DF75D35}) (Version: 1.3.1 - SlimWare Utilities, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.79 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.7.1.0 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.7.1.0 - Tansee, Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0283D2D4-5E6C-4CAE-9A29-6FEA7F286D67} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {0906D094-C9DB-43B3-A07B-AD1308CDC1F4} - System32\Tasks\{E251CBDE-43F8-4687-8EBD-A9D105E0E7F6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Duoing\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Duoing\uninstall.dat" -a uninstallme 22F37957-567D-4FA3-BDAB-44EDF530BEBF DeviceId=c5b1ba4c-4b68-2533-9506-9f984418c49c BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E48E2FF-EA0E-4E2E-A78F-4D45CFDDB748} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {33C945A7-EE7B-451D-B478-243521702D3C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {3E56BA12-30DE-46D9-9421-F01A7518E141} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {41E580E5-EF9D-40EF-A93C-EBAC2D3D2748} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {80EE587C-B040-4A76-88A9-ECE891C258E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E1B2D22-26C3-44B0-B268-6B98B523D55F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {CF28A7C0-3097-4175-BC54-DE8FE7F9925B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {D92B3E3B-351B-403F-A543-62546B6DE219} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {F68BB389-E4FF-47CB-A633-F7E6BCCF3464} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 08:54 - 2016-05-26 08:55 - 00959168 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 16:58 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-07-12 16:56 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 16:56 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 16:56 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 16:56 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-18 20:07 - 2015-07-06 10:47 - 05886784 _____ () C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-06-01 03:05 - 2010-06-01 03:05 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-28 13:49 - 2016-08-23 13:14 - 00115168 _____ () C:\Program Files (x86)\MPC Cleaner\zlib1.dll
2015-01-16 10:33 - 2014-11-11 11:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-01-16 10:33 - 2013-08-25 21:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-08-05 11:57 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-08-08 12:16 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 12:16 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2015-11-11 04:41 - 2015-11-11 04:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-07-07 18:56 - 00001626 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{1BBC49A2-9751-471C-ABCD-FA9C8767FBF4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A6022EC9-5558-4CD7-9BF5-F75792787AE1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{5205AA1F-B72C-433D-A639-C96FF7A6D16A}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B9601F2F-3C8B-4141-853D-475C4E1AF07E}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
 
==================== Restore Points =========================
 
28-08-2016 13:39:14 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2016 01:51:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {18635296-6488-4bbe-b246-f1fb997a2658}
 
Error: (08/28/2016 01:51:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (08/28/2016 01:50:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/28/2016 01:49:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.494, time stamp: 0x5775e69a
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.545, time stamp: 0x57a1bca1
Exception code: 0xc000027b
Fault offset: 0x00000000006fd01b
Faulting process id: 0x1328
Faulting application start time: 0x01d2016db418ccae
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 9385c972-a52b-4ca1-85d7-3fb2e80d0166
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (08/28/2016 01:39:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/28/2016 01:39:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6c01c545-84ff-4e97-8fa8-29657b6b160c}
 
Error: (08/28/2016 01:34:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 844: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/28/2016 01:34:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/28/2016 01:25:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname PC.local already in use; will try PC-2.local instead
 
Error: (08/28/2016 01:25:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 PC.local. Addr 192.168.0.10
 
 
System errors:
=============
Error: (08/28/2016 01:49:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MPC Core Protect Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/28/2016 01:48:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CloudPrinter service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/28/2016 01:48:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CloudPrinter service to connect.
 
Error: (08/28/2016 01:46:56 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:39:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Validation Trust Protection Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/28/2016 01:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ulifumeul service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-25 21:24:45.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:44.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8071.27 MB
Available physical RAM: 5668.2 MB
Total Virtual: 10631.27 MB
Available Virtual: 8428.3 MB
 
==================== Drives ================================
 
Drive c: (TI10664600G) (Fixed) (Total:685.68 GB) (Free:614.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#28
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-08-2016
Ran by Admin (28-08-2016 14:00:28)
Running from C:\Users\Admin\Downloads
Windows 10 Home Version 1511 (X64) (2016-05-26 03:13:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-111038216-3123894467-4160015040-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-111038216-3123894467-4160015040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-111038216-3123894467-4160015040-503 - Limited - Disabled)
Guest (S-1-5-21-111038216-3123894467-4160015040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-111038216-3123894467-4160015040-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.13 - Crawler, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iExplorer 3.9.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pokki (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki) (Version: 0.262.11.408 - Pokki)
Polar FlowSync version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.43 - NCH Software)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{5F5EF771-2B0B-401C-969C-38399DF75D35}) (Version: 1.3.1 - SlimWare Utilities, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.79 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.7.1.0 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.7.1.0 - Tansee, Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
Toshiba Start (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76) (Version: 1.0.0.0 - Pokki)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0283D2D4-5E6C-4CAE-9A29-6FEA7F286D67} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {0906D094-C9DB-43B3-A07B-AD1308CDC1F4} - System32\Tasks\{E251CBDE-43F8-4687-8EBD-A9D105E0E7F6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Duoing\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Duoing\uninstall.dat" -a uninstallme 22F37957-567D-4FA3-BDAB-44EDF530BEBF DeviceId=c5b1ba4c-4b68-2533-9506-9f984418c49c BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E48E2FF-EA0E-4E2E-A78F-4D45CFDDB748} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {33C945A7-EE7B-451D-B478-243521702D3C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {3E56BA12-30DE-46D9-9421-F01A7518E141} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {41E580E5-EF9D-40EF-A93C-EBAC2D3D2748} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {80EE587C-B040-4A76-88A9-ECE891C258E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E1B2D22-26C3-44B0-B268-6B98B523D55F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {CF28A7C0-3097-4175-BC54-DE8FE7F9925B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {D92B3E3B-351B-403F-A543-62546B6DE219} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {F68BB389-E4FF-47CB-A633-F7E6BCCF3464} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
 
ShortcutWithArgument: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 08:54 - 2016-05-26 08:55 - 00959168 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 16:58 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-07-12 16:56 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 16:56 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 16:56 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 16:56 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-18 20:07 - 2015-07-06 10:47 - 05886784 _____ () C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-06-01 03:05 - 2010-06-01 03:05 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-08-28 13:49 - 2016-08-23 13:14 - 00115168 _____ () C:\Program Files (x86)\MPC Cleaner\zlib1.dll
2015-01-16 10:33 - 2014-11-11 11:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-01-16 10:33 - 2013-08-25 21:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2013-08-05 11:57 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2016-08-08 12:16 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 12:16 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2015-11-11 04:41 - 2015-11-11 04:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 06:25 - 2016-07-07 18:56 - 00001626 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net
107.178.255.88 www.google-analytics.com
107.178.255.88 www.statcounter.com
107.178.255.88 statcounter.com
107.178.255.88 ssl.google-analytics.com
107.178.255.88 partner.googleadservices.com
107.178.255.88 google-analytics.com
107.178.248.130 static.doubleclick.net
107.178.247.130 connect.facebook.net127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 104.197.191.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{1BBC49A2-9751-471C-ABCD-FA9C8767FBF4}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{A6022EC9-5558-4CD7-9BF5-F75792787AE1}C:\program files (x86)\google\chrome\application\chrome.exe] => (Allow) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{5205AA1F-B72C-433D-A639-C96FF7A6D16A}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B9601F2F-3C8B-4141-853D-475C4E1AF07E}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
 
==================== Restore Points =========================
 
28-08-2016 13:39:14 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2016 01:51:45 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {18635296-6488-4bbe-b246-f1fb997a2658}
 
Error: (08/28/2016 01:51:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (08/28/2016 01:50:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/28/2016 01:49:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.494, time stamp: 0x5775e69a
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.545, time stamp: 0x57a1bca1
Exception code: 0xc000027b
Fault offset: 0x00000000006fd01b
Faulting process id: 0x1328
Faulting application start time: 0x01d2016db418ccae
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: 9385c972-a52b-4ca1-85d7-3fb2e80d0166
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI
 
Error: (08/28/2016 01:39:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/28/2016 01:39:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {6c01c545-84ff-4e97-8fa8-29657b6b160c}
 
Error: (08/28/2016 01:34:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: 844: ERROR: read_msg errno 0 (The operation completed successfully.)
 
Error: (08/28/2016 01:34:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: mDNSPlatformReadTCP - recv: 10053
 
Error: (08/28/2016 01:25:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname PC.local already in use; will try PC-2.local instead
 
Error: (08/28/2016 01:25:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 PC.local. Addr 192.168.0.10
 
 
System errors:
=============
Error: (08/28/2016 01:49:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MPC Core Protect Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/28/2016 01:48:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CloudPrinter service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
Error: (08/28/2016 01:48:42 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the CloudPrinter service to connect.
 
Error: (08/28/2016 01:46:56 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:46:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_83849b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2016 01:39:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Validation Trust Protection Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (08/28/2016 01:39:58 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ulifumeul service failed to start due to the following error: 
%%2 = The system cannot find the file specified.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-25 21:24:45.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:44.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8071.27 MB
Available physical RAM: 5668.2 MB
Total Virtual: 10631.27 MB
Available Virtual: 8428.3 MB
 
==================== Drives ================================
 
Drive c: (TI10664600G) (Fixed) (Total:685.68 GB) (Free:614.73 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#29
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 27-08-2016
Ran by Admin (administrator) on PC (28-08-2016 13:59:05)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(SlimWare Utilities, Inc.) C:\Program Files\SlimService\SlimServiceFactory.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\AdCleaner.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCDesktop.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\AdxEngine.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
() C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.486_none_7640e086266ea227\TiWorker.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-29] (Google Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Amazon Music] => C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-29] (Skype Technologies S.A.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Itibiti.exe] => C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Policies\Explorer: [Run] "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-06-30] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MOBK400] -> {73552f1f-bf89-9213-24d3-b502f837bb93} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4002] -> {81d6082a-73e9-8567-a371-6ad62982aca6} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4003] -> {44391887-365b-8585-2ab9-799a50b9ef5e} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-09-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmc.lnk [2014-10-17]
ShortcutTarget: mmc.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-09-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{0c703bfc-be9a-4d78-8410-9362f435f7f7}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{41ef520c-d253-11e5-9d89-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{a4083a91-22d3-11e6-9d8d-806e6f6e6963}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f}: [NameServer] 104.197.191.4
Tcpip\..\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{ed44b5e9-7a03-46b1-866b-4477a072285d}: [NameServer] 104.197.191.4
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> {8e15dd2e-acf8-4a20-a651-e5935f75a867} URL = hxxp://isearch.shopathome.com?user_id={675d90a4-435b-4f52-9047-adadd987fc82}&q={searchTerms}
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2013-02-05] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-111038216-3123894467-4160015040-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-04] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgYt6OamqXKYn1DthkJqVHn0gLel593R8c3wLrVWKnwM-gHYKF_AHekPG8H4NleLe70_w7P_EO9H3i3ICfNxI_PJGO5w,,
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-09]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Honey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-28]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Bazz Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef [2016-08-18]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [782848 2016-06-01] () [File not signed]
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-08-23] (DotC United Inc)
R2 SlimService; C:\Program Files\SlimService\SlimServiceFactory.exe [244504 2015-04-15] (SlimWare Utilities, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R1 cherimoya; C:\Windows\System32\drivers\cherimoya.sys [65344 2016-06-01] (Windows ® Win 7 DDK provider)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-23] (DotC United Inc)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-28 13:50 - 2016-08-28 13:50 - 00001864 _____ C:\Users\Public\Desktop\MPC Desktop.lnk
2016-08-28 13:50 - 2016-08-28 13:50 - 00001857 _____ C:\Users\Public\Desktop\MPC AdCleaner.lnk
2016-08-28 13:50 - 2016-08-28 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
2016-08-28 13:50 - 2016-08-28 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
2016-08-28 13:50 - 2016-08-28 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-08-28 13:49 - 2016-08-28 13:50 - 00001809 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-08-28 13:49 - 2016-08-28 13:49 - 00001936 _____ C:\Users\Admin\Desktop\MPC Desktop.lnk
2016-08-28 13:49 - 2016-08-28 13:49 - 00001929 _____ C:\Users\Admin\Desktop\MPC AdCleaner.lnk
2016-08-28 13:49 - 2016-08-28 13:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC Desktop
2016-08-28 13:49 - 2016-08-28 13:49 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
2016-08-28 13:40 - 2016-08-28 13:40 - 00000334 _____ C:\Users\Admin\Downloads\Fixlog.txt
2016-08-28 13:39 - 2016-08-28 13:46 - 00027641 _____ C:\Users\Admin\Desktop\Fixlog.txt
2016-08-28 13:28 - 2015-04-24 14:43 - 01037896 _____ (Mindspark) C:\Program Files (x86)\8hUninstall Allin1Convert.dll
2016-08-28 13:28 - 2015-04-24 14:43 - 00196488 _____ (Mindspark) C:\Program Files (x86)\8hres.dll
2016-08-28 11:41 - 2016-08-28 11:43 - 00001551 _____ C:\Users\Admin\Desktop\Search.txt
2016-08-27 13:56 - 2016-08-27 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-7e67-1
2016-08-27 13:56 - 2016-08-27 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-09b3-0
2016-08-27 10:45 - 2016-08-27 10:47 - 00041816 _____ C:\Users\Admin\Downloads\Addition.txt
2016-08-27 10:43 - 2016-08-28 14:00 - 00025015 _____ C:\Users\Admin\Downloads\FRST.txt
2016-08-27 10:43 - 2016-08-28 13:59 - 00000000 ____D C:\FRST
2016-08-27 10:42 - 2016-08-27 10:42 - 02396672 _____ (Farbar) C:\Users\Admin\Downloads\FRST64 (1).exe
2016-08-27 10:41 - 2016-08-28 11:41 - 02396672 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-08-27 10:38 - 2016-08-27 10:38 - 00001090 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-27 10:37 - 2016-08-27 10:38 - 11374528 _____ (VS Revo Group ) C:\Users\Admin\Downloads\RevoUninProSetup.exe
2016-08-27 10:37 - 2016-08-27 10:38 - 07093624 _____ (VS Revo Group ) C:\Users\Admin\Downloads\revosetup.exe
2016-08-24 19:56 - 2016-08-24 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-7065-0
2016-08-24 19:56 - 2016-08-24 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-5987-1
2016-08-24 13:56 - 2016-08-24 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-5a57-1
2016-08-24 13:56 - 2016-08-24 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-0975-0
2016-08-24 07:56 - 2016-08-24 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-5fc1-0
2016-08-24 07:56 - 2016-08-24 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-4aa3-1
2016-08-23 13:56 - 2016-08-23 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-5fa1-0
2016-08-23 13:56 - 2016-08-23 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-1cb3-1
2016-08-22 19:56 - 2016-08-22 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-4cb1-1
2016-08-22 19:56 - 2016-08-22 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-1277-0
2016-08-22 13:56 - 2016-08-22 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-5ad5-1
2016-08-22 13:56 - 2016-08-22 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-4733-0
2016-08-21 19:56 - 2016-08-21 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-63a3-0
2016-08-21 19:56 - 2016-08-21 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-1a71-1
2016-08-18 07:56 - 2016-08-18 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-1e93-0
2016-08-18 01:56 - 2016-08-18 01:56 - 00000000 ____D C:\ProgramData\9f572a7f-30c7-0
2016-08-17 10:10 - 2016-08-17 10:10 - 00002364 _____ C:\Users\Admin\Downloads\Reminder_Register_for_Marriott_Rewards_MegaBonus.ics
2016-08-17 07:56 - 2016-08-17 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-0643-0
2016-08-16 19:56 - 2016-08-16 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-0137-0
2016-08-16 07:56 - 2016-08-20 10:47 - 00000000 ____D C:\ProgramData\9f572a7f-39a3-0
2016-08-16 07:56 - 2016-08-16 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-15a1-1
2016-08-15 19:32 - 2016-08-15 19:32 - 00000217 _____ C:\Users\Admin\Downloads\Welcome_Numbers_1-20.ics
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-6eb1-1
2016-08-15 07:56 - 2016-08-15 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-14c7-0
2016-08-14 07:56 - 2016-08-14 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-0da1-1
2016-08-14 07:56 - 2016-08-14 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-0183-0
2016-08-13 13:56 - 2016-08-13 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-4717-0
2016-08-13 13:56 - 2016-08-13 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-1781-1
2016-08-12 07:56 - 2016-08-13 10:59 - 00000000 ____D C:\ProgramData\9f572a7f-5b65-0
2016-08-12 01:56 - 2016-08-13 10:59 - 00000000 ____D C:\ProgramData\9f572a7f-6d17-1
2016-08-12 01:56 - 2016-08-12 01:56 - 00000000 ____D C:\ProgramData\9f572a7f-1797-0
2016-08-11 19:58 - 2016-08-11 19:59 - 90601382 _____ C:\Users\Admin\Downloads\photos.zip
2016-08-11 18:57 - 2016-08-11 18:57 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-10 20:53 - 2016-08-10 20:53 - 00404992 _____ C:\Users\Admin\Downloads\BTSN 2012.ppt
2016-08-10 10:26 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:26 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:26 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:26 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:26 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:26 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:26 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:26 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:26 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:25 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:25 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:25 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:25 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:25 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:25 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:25 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:25 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:25 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:25 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:25 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:25 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:25 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:25 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:25 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:25 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:25 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:25 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:25 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:25 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:25 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:25 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:25 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:25 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:25 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:25 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:25 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:25 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:25 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:25 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:25 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:25 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:25 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:25 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:25 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 13:56 - 2016-08-09 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-1025-0
2016-08-09 13:56 - 2016-08-09 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-09e5-1
2016-08-04 14:33 - 2016-08-04 14:33 - 02323528 _____ C:\Users\Admin\Downloads\How to Download CDs 2016.pdf
2016-07-31 13:56 - 2016-08-06 10:53 - 00000000 ____D C:\ProgramData\9f572a7f-0415-0
2016-07-29 19:56 - 2016-07-29 19:56 - 00000000 ____D C:\ProgramData\9f572a7f-0263-0
2016-07-29 17:34 - 2016-07-29 17:34 - 00000000 ____D C:\Users\Admin\Documents\New folder
2016-07-29 17:32 - 2016-07-29 17:32 - 00116975 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (2).pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design.pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (1).pdf
2016-07-29 13:56 - 2016-07-29 13:56 - 00000000 ____D C:\ProgramData\9f572a7f-7b25-0
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-28 13:55 - 2016-07-07 19:06 - 00000000 ____D C:\Users\Admin\AppData\Roaming\MCorp
2016-08-28 13:55 - 2016-01-04 11:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-08-28 13:52 - 2016-05-25 17:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-28 13:52 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-28 13:50 - 2016-06-01 13:40 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-08-28 13:50 - 2015-03-16 12:01 - 00000000 ____D C:\Users\Admin\Tracing
2016-08-28 13:49 - 2016-05-25 20:15 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2016-08-28 13:48 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-28 13:47 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-28 13:40 - 2016-05-25 17:00 - 00000000 ____D C:\Users\Admin
2016-08-28 10:28 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 10:12 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-24 13:13 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 14:12 - 2016-02-01 10:57 - 00000000 ____D C:\Users\Admin\Documents\Parent2Parent
2016-08-23 13:14 - 2016-06-01 13:40 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-08-20 12:32 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Positive Discipline
2016-08-19 11:18 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-18 20:08 - 2016-02-13 06:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-18 19:23 - 2016-02-13 06:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-12 11:45 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Parenting
2016-08-11 18:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 18:58 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-11 18:56 - 2013-10-07 12:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 18:35 - 2013-10-07 12:42 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 12:16 - 2016-02-09 10:03 - 00002295 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 12:16 - 2016-02-09 10:03 - 00002283 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-06 10:53 - 2016-07-27 07:56 - 00000000 ____D C:\ProgramData\9f572a7f-4427-1
 
==================== Files in the root of some directories =======
 
2016-08-28 13:28 - 2015-04-24 14:43 - 0196488 _____ (Mindspark) C:\Program Files (x86)\8hres.dll
2016-08-28 13:28 - 2015-04-24 14:43 - 1037896 _____ (Mindspark) C:\Program Files (x86)\8hUninstall Allin1Convert.dll
2016-06-01 13:39 - 2016-06-01 13:39 - 6859776 _____ () C:\Users\Admin\AppData\Roaming\agent.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0054272 _____ () C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0067776 _____ () C:\Users\Admin\AppData\Roaming\Config.xml
2016-06-01 13:39 - 2016-06-01 13:38 - 0782848 _____ () C:\Users\Admin\AppData\Roaming\FaseRonfresh.exe
2016-06-01 13:39 - 2016-06-01 13:39 - 1756999 _____ () C:\Users\Admin\AppData\Roaming\FaseRonfresh.tst
2016-06-01 13:39 - 2016-06-01 13:38 - 0782848 _____ () C:\Users\Admin\AppData\Roaming\Faxrantop.exe
2016-06-01 13:39 - 2016-06-01 13:39 - 0072820 _____ () C:\Users\Admin\AppData\Roaming\Faxrantop.tst
2016-06-01 13:38 - 2016-06-01 13:39 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\InstallationConfiguration.xml
2016-06-01 13:38 - 2016-06-01 13:38 - 0128512 _____ () C:\Users\Admin\AppData\Roaming\Installer.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0848437 _____ () C:\Users\Admin\AppData\Roaming\Jayzap.bin
2016-06-01 13:39 - 2016-06-01 13:39 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\lobby.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\Main.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0005568 _____ () C:\Users\Admin\AppData\Roaming\md.xml
2016-06-01 13:39 - 2016-06-01 13:39 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\noah.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 2279413 _____ () C:\Users\Admin\AppData\Roaming\Tanruntom.bin
2016-06-01 13:39 - 2016-06-01 13:39 - 0032038 _____ () C:\Users\Admin\AppData\Roaming\uninstall_temp.ico
2015-01-12 13:06 - 2015-06-21 14:54 - 0006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-01 11:17 - 2013-10-01 11:17 - 0000057 _____ () C:\ProgramData\Ament.ini
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-21 11:06
 
==================== End of FRST.txt ============================

  • 0

#30
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

A few questions...

1) I now have a new homepage: MPC Safe Navigation. What is that? It also took over my start icon.

2) My entire browsing history is cleared. Is that normal?

 

Thanks so much for all your help!!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP