Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help remove One System Care [Solved]


  • This topic is locked This topic is locked

#31
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Let's proceed with some further scans. :thumbsup:


Step 1: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Junkware Removal Tool Log

AdwCleaner Log

  • 0

Advertisements


#32
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

A few questions...

1) I now have a new homepage: MPC Safe Navigation. What is that? It also took over my start icon.

2) My entire browsing history is cleared. Is that normal?



Thanks so much for all your help!!


I saw this after posting the next set of instructions. That MPC program is being difficult to remove, but we'll get it.

Yes, clearing the browsing history is part of the cleaning process to help remove any infected files in the browser.

You're quite welcome, it's my pleasure to help. :)
  • 0

#33
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Checking for update
 ================================================================
 [                                                              ]
 [         Junkware Removal Tool (JRT) by Malwarebytes          ]
 [                  Version 8.0.7 (07.03.2016)                  ]
 [         Information about this tool can be found at          ]
 [                     www.malwarebytes.com                     ]
 [                                                              ]
 [           This software is free to download and use          ]
 [                                                              ]
 [      Please save any unsaved work before proceeding as       ]
 [  the program will terminate most applications during cleanup ]
 [                                                              ]
 [                                                              ]
 [                       ** DISCLAIMER **                       ]
 [                                                              ]
 [           This software is provided "as is" without          ]
 [        warranty of any kind. You may use this software       ]
 [                       at your own risk.                      ]
 [                                                              ]
 [     Click the [X] in the top-right corner of this window     ]
 [                if you wish to exit. Otherwise,               ]
 ================================================================
 
Press any key to continue . . .
 
Creating restore point... SUCCESS
(*       )  Processes
(**      )  Startup - Logon
(***     )  Startup - Scheduled Tasks
(****    )  Services
(*****   )  File System
(******  )  Browsers

  • 0

#34
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64 
Ran by Admin (Administrator) on Sun 08/28/2016 at 14:20:21.31
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 74 
 
Failed to delete: C:\WINDOWS\system32\drivers\cherimoya.sys (File) 
Failed to delete: C:\Program Files (x86)\mpc cleaner (Folder) 
Failed to delete: C:\Program Files\slimservice (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-0137-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-0183-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-0263-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-0415-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-0643-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-0975-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-09b3-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-09e5-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-0da1-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1025-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1277-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-14c7-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-15a1-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1781-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1797-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1a71-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1cb3-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1d01-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-1e93-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-23b1-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-23c5-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-2cf1-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-30c7-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-39a3-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-3c13-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-3c85-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-4427-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-4717-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-4733-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-4aa3-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-4cb1-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-4fa7-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-5987-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-5a57-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-5ad5-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-5b65-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-5fa1-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-5fc1-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-6363-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-63a3-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-6d17-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-6eb1-1 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-7065-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-7181-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-7b25-0 (Folder) 
Successfully deleted: C:\ProgramData\9f572a7f-7e67-1 (Folder) 
Successfully deleted: C:\ProgramData\cloudprinter (Folder) 
Successfully deleted: C:\ProgramData\slimware utilities inc (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\mpc (Folder) 
Successfully deleted: C:\ProgramData\Start Menu\Programs\slimcleaner plus (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\downloaded installers (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\iac (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\pokki (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\slimware utilities inc (Folder) 
Successfully deleted: C:\Users\Admin\AppData\Local\torch (Folder) 
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\allin1convert_8hei (Folder) 
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\company (Folder) 
Successfully deleted: C:\Users\Admin\Appdata\LocalLow\fromdoctopdf_65ei (Folder) 
Successfully deleted: C:\Users\Admin\Desktop\mpc adcleaner.lnk (Shortcut) 
Successfully deleted: C:\Users\Public\Desktop\launch one system care.lnk (Shortcut) 
Successfully deleted: C:\Users\Public\Desktop\mpc adcleaner.lnk (Shortcut) 
Successfully deleted: C:\Users\Public\Desktop\mpc cleaner.lnk (Shortcut) 
Successfully deleted: C:\Users\Public\Desktop\slimcleaner plus.lnk (Shortcut) 
Successfully deleted: C:\WINDOWS\SysWOW64\findit.xml (File) 
Successfully deleted: C:\Program Files\slimcleaner plus (Folder) 
Successfully deleted: C:\WINDOWS\prefetch\ANCIENT RUNES FONT FREE.EXE-8D5C6229.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-B25C45A8.pf (File) 
Successfully repaired: C:\ProgramData\Microsoft\windows\Start Menu\Programs\Google Chrome.lnk (Shortcut)
Successfully repaired: C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk (Shortcut)
Successfully repaired: C:\Users\Public\Desktop\Google Chrome.lnk (Shortcut)
 
 
 
Registry: 8 
 
Failed to delete: HKLM\SYSTEM\CurrentControlSet\services\MPCKpt (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Itibiti.exe (Registry Value) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\cherimoya (Registry Key) 
Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\SlimService (Registry Key) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8e15dd2e-acf8-4a20-a651-e5935f75a867} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl\\Default (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/28/2016 at 14:23:41.23
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  • 0

#35
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
# AdwCleaner v6.010 - Logfile created 28/08/2016 at 14:30:48
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-28.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Admin - PC
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: cherimoya
[-] Service deleted: MPCProtectService
[-] Service deleted: MPCKpt
[-] Service deleted: CloudPrinter
[-] Service deleted: SlimService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\E024F3D6-1464813486-E211-99E9-008CFA69ED28
[-] Folder deleted: C:\Users\Admin\AppData\Local\Shortcut Installer
[-] Folder deleted: C:\Users\Admin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\One System Care
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\MCorp
[-] Folder deleted: C:\Users\Admin\Favorites\StumbleUpon
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC Desktop
[-] Folder deleted: C:\Program Files\slimservice
[#] Folder deleted on reboot: C:\Program Files\SlimService
[-] Folder deleted: C:\ProgramData\Quoteexs
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Quoteexs
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
[#] Folder deleted on reboot: C:\Program Files (x86)\MPC Cleaner
[#] Folder deleted on reboot: C:\Users\Admin\AppData\Roaming\MCorp
[-] Folder deleted: C:\uninst
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Admin\Desktop\MPC Desktop.lnk
[-] File deleted: C:\Users\Admin\Desktop\Amazon Deal of the Day.url
[#] File deleted: C:\WINDOWS\SysNative\drivers\cherimoya.sys
[#] File deleted: C:\WINDOWS\SysNative\drivers\MPCKpt.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\bsdpr64.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\bsdpf64.sys
[-] File deleted: C:\Users\Public\Desktop\MPC Desktop.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\allin1convert.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5e58cda9-3b21-4611-a859-26ee28950e61}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6874fade-02c8-4181-831a-fc7486cf1d74}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{70F535BB-1118-418E-A97C-B401C1437CD1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{495FAF3A-47EB-42C3-8EA6-0DD98FC62F0E}
[-] Key deleted: HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key deleted: HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key deleted: HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key deleted: HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key deleted: HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key deleted: HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key deleted: HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key deleted: HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key deleted: HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08AE5E13-70CC-4FBB-AD00-EF4B90A44451}
[-] Key deleted: [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: [x64] HKLM\SOFTWARE\WebDiscoverBrowser
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKU\.DEFAULT\Software\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Pokki
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\torch
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Wizzlabs
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\MICROSOFT\IDSC
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\mtQuoteex
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\AppDataLow\Software\TidyNetwork
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[#] Key deleted on reboot: HKU\S-1-5-18\Software\WebDiscoverBrowser
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\Pokki
[#] Key deleted on reboot: HKCU\Software\torch
[#] Key deleted on reboot: HKCU\Software\WebDiscoverBrowser
[#] Key deleted on reboot: HKCU\Software\Wizzlabs
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\IDSC
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\mtQuoteex
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\TidyNetwork
[-] Key deleted: HKLM\SOFTWARE\DataMngr
[-] Key deleted: HKLM\SOFTWARE\MPC
[-] Key deleted: HKLM\SOFTWARE\MPC AdCleaner
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\torch
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[-] Key deleted: HKLM\SOFTWARE\mtQuoteex
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0c703bfc-be9a-4d78-8410-9362f435f7f7} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{41ef520c-d253-11e5-9d89-806e6f6e6963} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a4083a91-22d3-11e6-9d8d-806e6f6e6963} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ed44b5e9-7a03-46b1-866b-4477a072285d} [NameServer]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ShopAtHomeUpdater]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ShopAtHomeWatcher]
[-] Key deleted: HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Value deleted: HKCU\Environment [SNF]
[-] Value deleted: HKCU\Environment [SNP]
[#] Key deleted on reboot: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pinhfkamckbogjgmbmdkdebbbpnmlaef
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: Firewall rules cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [13186 Bytes] - [28/08/2016 14:30:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [12304 Bytes] - [28/08/2016 14:28:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13334 Bytes] ##########

  • 0

#36
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
# AdwCleaner v6.010 - Logfile created 28/08/2016 at 14:30:48
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-28.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Admin - PC
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: cherimoya
[-] Service deleted: MPCProtectService
[-] Service deleted: MPCKpt
[-] Service deleted: CloudPrinter
[-] Service deleted: SlimService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\E024F3D6-1464813486-E211-99E9-008CFA69ED28
[-] Folder deleted: C:\Users\Admin\AppData\Local\Shortcut Installer
[-] Folder deleted: C:\Users\Admin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\One System Care
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\MCorp
[-] Folder deleted: C:\Users\Admin\Favorites\StumbleUpon
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC Desktop
[-] Folder deleted: C:\Program Files\slimservice
[#] Folder deleted on reboot: C:\Program Files\SlimService
[-] Folder deleted: C:\ProgramData\Quoteexs
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Quoteexs
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
[#] Folder deleted on reboot: C:\Program Files (x86)\MPC Cleaner
[#] Folder deleted on reboot: C:\Users\Admin\AppData\Roaming\MCorp
[-] Folder deleted: C:\uninst
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Admin\Desktop\MPC Desktop.lnk
[-] File deleted: C:\Users\Admin\Desktop\Amazon Deal of the Day.url
[#] File deleted: C:\WINDOWS\SysNative\drivers\cherimoya.sys
[#] File deleted: C:\WINDOWS\SysNative\drivers\MPCKpt.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\bsdpr64.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\bsdpf64.sys
[-] File deleted: C:\Users\Public\Desktop\MPC Desktop.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\allin1convert.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5e58cda9-3b21-4611-a859-26ee28950e61}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6874fade-02c8-4181-831a-fc7486cf1d74}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{70F535BB-1118-418E-A97C-B401C1437CD1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{495FAF3A-47EB-42C3-8EA6-0DD98FC62F0E}
[-] Key deleted: HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key deleted: HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key deleted: HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key deleted: HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key deleted: HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key deleted: HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key deleted: HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key deleted: HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key deleted: HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08AE5E13-70CC-4FBB-AD00-EF4B90A44451}
[-] Key deleted: [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: [x64] HKLM\SOFTWARE\WebDiscoverBrowser
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKU\.DEFAULT\Software\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Pokki
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\torch
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Wizzlabs
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\MICROSOFT\IDSC
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\mtQuoteex
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\AppDataLow\Software\TidyNetwork
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[#] Key deleted on reboot: HKU\S-1-5-18\Software\WebDiscoverBrowser
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\Pokki
[#] Key deleted on reboot: HKCU\Software\torch
[#] Key deleted on reboot: HKCU\Software\WebDiscoverBrowser
[#] Key deleted on reboot: HKCU\Software\Wizzlabs
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\IDSC
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\mtQuoteex
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\TidyNetwork
[-] Key deleted: HKLM\SOFTWARE\DataMngr
[-] Key deleted: HKLM\SOFTWARE\MPC
[-] Key deleted: HKLM\SOFTWARE\MPC AdCleaner
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\torch
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[-] Key deleted: HKLM\SOFTWARE\mtQuoteex
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0c703bfc-be9a-4d78-8410-9362f435f7f7} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{41ef520c-d253-11e5-9d89-806e6f6e6963} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a4083a91-22d3-11e6-9d8d-806e6f6e6963} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ed44b5e9-7a03-46b1-866b-4477a072285d} [NameServer]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ShopAtHomeUpdater]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ShopAtHomeWatcher]
[-] Key deleted: HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Value deleted: HKCU\Environment [SNF]
[-] Value deleted: HKCU\Environment [SNP]
[#] Key deleted on reboot: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pinhfkamckbogjgmbmdkdebbbpnmlaef
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: Firewall rules cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [13186 Bytes] - [28/08/2016 14:30:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [12304 Bytes] - [28/08/2016 14:28:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13334 Bytes] ##########

  • 0

#37
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
# AdwCleaner v6.010 - Logfile created 28/08/2016 at 14:30:48
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-28.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Admin - PC
# Running from : C:\Users\Admin\Downloads\AdwCleaner.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
[-] Service deleted: cherimoya
[-] Service deleted: MPCProtectService
[-] Service deleted: MPCKpt
[-] Service deleted: CloudPrinter
[-] Service deleted: SlimService
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Program Files (x86)\E024F3D6-1464813486-E211-99E9-008CFA69ED28
[-] Folder deleted: C:\Users\Admin\AppData\Local\Shortcut Installer
[-] Folder deleted: C:\Users\Admin\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\One System Care
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\MCorp
[-] Folder deleted: C:\Users\Admin\Favorites\StumbleUpon
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[-] Folder deleted: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MPC Desktop
[-] Folder deleted: C:\Program Files\slimservice
[#] Folder deleted on reboot: C:\Program Files\SlimService
[-] Folder deleted: C:\ProgramData\Quoteexs
[#] Folder deleted on reboot: C:\ProgramData\Application Data\Quoteexs
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
[#] Folder deleted on reboot: C:\Program Files (x86)\MPC Cleaner
[#] Folder deleted on reboot: C:\Users\Admin\AppData\Roaming\MCorp
[-] Folder deleted: C:\uninst
[-] Folder deleted: C:\Users\Default User\AppData\Local\Pokki
[#] Folder deleted on reboot: C:\Users\Default\AppData\Local\Pokki
[-] Folder deleted: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pinhfkamckbogjgmbmdkdebbbpnmlaef
 
 
***** [ Files ] *****
 
[-] File deleted: C:\Users\Admin\Desktop\MPC Desktop.lnk
[-] File deleted: C:\Users\Admin\Desktop\Amazon Deal of the Day.url
[#] File deleted: C:\WINDOWS\SysNative\drivers\cherimoya.sys
[#] File deleted: C:\WINDOWS\SysNative\drivers\MPCKpt.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\bsdpr64.sys
[-] File deleted: C:\WINDOWS\SysNative\drivers\bsdpf64.sys
[-] File deleted: C:\Users\Public\Desktop\MPC Desktop.lnk
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_b52b7a05ea010d22183cece45cbb6e86cf917a76
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\allin1convert.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\citysearch.com
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5e58cda9-3b21-4611-a859-26ee28950e61}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6874fade-02c8-4181-831a-fc7486cf1d74}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Application Hosting
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.CookiesManager
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.CookiesManager.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.hxxpHandle302.1
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker
[#] Key deleted on reboot: HKCU\Software\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{70F535BB-1118-418E-A97C-B401C1437CD1}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{495FAF3A-47EB-42C3-8EA6-0DD98FC62F0E}
[-] Key deleted: HKCU\Software\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key deleted: HKCU\Software\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key deleted: HKCU\Software\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key deleted: HKCU\Software\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key deleted: HKCU\Software\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key deleted: HKCU\Software\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key deleted: HKCU\Software\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key deleted: HKCU\Software\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key deleted: HKCU\Software\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key deleted: HKCU\Software\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key deleted: HKCU\Software\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key deleted: HKCU\Software\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[#] Key deleted on reboot: HKCU\Software\Classes\TypeLib\{B944FF5E-EC87-4E1E-8C49-2FF3BC573997}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08AE5E13-70CC-4FBB-AD00-EF4B90A44451}
[-] Key deleted: [x64] HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[-] Key deleted: [x64] HKLM\SOFTWARE\WebDiscoverBrowser
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\{1f7ee1a8-4436-4ffc-b97b-b5b01e87d3d2}
[-] Key deleted: HKU\.DEFAULT\Software\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\One System Care
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Pokki
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\torch
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\WebDiscoverBrowser
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Wizzlabs
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\MICROSOFT\IDSC
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\INSTALLPATH\STATUS
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\mtQuoteex
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\AppDataLow\Software\TidyNetwork
[-] Key deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[#] Key deleted on reboot: HKU\S-1-5-18\Software\WebDiscoverBrowser
[#] Key deleted on reboot: HKCU\Software\One System Care
[#] Key deleted on reboot: HKCU\Software\Pokki
[#] Key deleted on reboot: HKCU\Software\torch
[#] Key deleted on reboot: HKCU\Software\WebDiscoverBrowser
[#] Key deleted on reboot: HKCU\Software\Wizzlabs
[#] Key deleted on reboot: HKCU\Software\MICROSOFT\IDSC
[#] Key deleted on reboot: HKCU\Software\INSTALLPATH\STATUS
[#] Key deleted on reboot: HKCU\Software\mtQuoteex
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\TidyNetwork
[-] Key deleted: HKLM\SOFTWARE\DataMngr
[-] Key deleted: HKLM\SOFTWARE\MPC
[-] Key deleted: HKLM\SOFTWARE\MPC AdCleaner
[-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key deleted: HKLM\SOFTWARE\torch
[#] Key deleted on reboot: HKLM\SOFTWARE\Datamngr
[-] Key deleted: HKLM\SOFTWARE\mtQuoteex
[#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key deleted: HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[#] Key deleted on reboot: HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0c703bfc-be9a-4d78-8410-9362f435f7f7} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{41ef520c-d253-11e5-9d89-806e6f6e6963} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{8718928d-cbeb-45ea-a621-800a9249001d} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{a4083a91-22d3-11e6-9d8d-806e6f6e6963} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f} [NameServer]
[-] Data restored: HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{ed44b5e9-7a03-46b1-866b-4477a072285d} [NameServer]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ShopAtHomeUpdater]
[-] Value deleted: HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [ShopAtHomeWatcher]
[-] Key deleted: HKCU\Software\Classes\AppID\ShopAtHomeHelper.EXE
[-] Value deleted: HKCU\Environment [SNF]
[-] Value deleted: HKCU\Environment [SNP]
[#] Key deleted on reboot: HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Quoteex.exe
[-] Key deleted: HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Quoteex.exe
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pinhfkamckbogjgmbmdkdebbbpnmlaef
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: Proxy settings cleared
:: TCP/IP settings cleared
:: Firewall rules cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [13186 Bytes] - [28/08/2016 14:30:48]
C:\AdwCleaner\AdwCleaner[S0].txt - [12304 Bytes] - [28/08/2016 14:28:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [13334 Bytes] ##########

  • 0

#38
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

It's looking good, let's get a fresh set of FRST Logs, and we'll go from there. :)

Step 1: Fresh FRST Logs
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#39
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2016 Ran by Admin (28-08-2016 14:43:39) Running from C:\Users\Admin\Downloads Windows 10 Home Version 1511 (X64) (2016-05-26 03:13:37) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Admin (S-1-5-21-111038216-3123894467-4160015040-1001 - Administrator - Enabled) => C:\Users\Admin Administrator (S-1-5-21-111038216-3123894467-4160015040-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-111038216-3123894467-4160015040-503 - Limited - Disabled) Guest (S-1-5-21-111038216-3123894467-4160015040-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-111038216-3123894467-4160015040-1003 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Reader XI (11.0.17) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated) Amazon Music (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite) Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.13 - Crawler, LLC) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.) DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.) Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.) iExplorer 3.9.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC) Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation) Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden McAfee Online Backup (x32 Version: - McAfee, Inc.) Hidden McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.) Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.) Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation) Polar FlowSync version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy) Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.43 - NCH Software) Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.) QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.) Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.) Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.) Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.) SlimCleaner Plus (HKLM\...\{5F5EF771-2B0B-401C-969C-38399DF75D35}) (Version: 1.3.1 - SlimWare Utilities, Inc.) Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.79 - NCH Software) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated) Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.7.1.0 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.7.1.0 - Tansee, Inc.) Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba) TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA) TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation) Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.) TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation) TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation) TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation) TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation) TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA) TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation) TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation) TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation) TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation) TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation) TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA) TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation) TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA) Unity Web Player (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\UnityWebPlayer) (Version: - Unity Technologies ApS) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent) WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll () CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0283D2D4-5E6C-4CAE-9A29-6FEA7F286D67} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {0906D094-C9DB-43B3-A07B-AD1308CDC1F4} - System32\Tasks\{E251CBDE-43F8-4687-8EBD-A9D105E0E7F6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Duoing\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Duoing\uninstall.dat" -a uninstallme 22F37957-567D-4FA3-BDAB-44EDF530BEBF DeviceId=c5b1ba4c-4b68-2533-9506-9f984418c49c BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1E48E2FF-EA0E-4E2E-A78F-4D45CFDDB748} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe Task: {33C945A7-EE7B-451D-B478-243521702D3C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe Task: {3E56BA12-30DE-46D9-9421-F01A7518E141} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation) Task: {41E580E5-EF9D-40EF-A93C-EBAC2D3D2748} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {80EE587C-B040-4A76-88A9-ECE891C258E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {8E1B2D22-26C3-44B0-B268-6B98B523D55F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated) Task: {CF28A7C0-3097-4175-BC54-DE8FE7F9925B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe Task: {D92B3E3B-351B-403F-A543-62546B6DE219} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation) Task: {F68BB389-E4FF-47CB-A633-F7E6BCCF3464} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) Shortcut: C:\Users\Admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe 2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-26 08:54 - 2016-05-26 08:55 - 00959168 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll 2016-05-26 10:07 - 2016-05-26 10:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-12 16:58 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-12 16:56 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-12 16:56 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-12 16:56 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-12 16:56 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll 2015-06-18 20:07 - 2015-07-06 10:47 - 05886784 _____ () C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe 2010-06-01 03:05 - 2010-06-01 03:05 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll 2016-06-03 09:36 - 2016-06-03 09:36 - 01984000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\6e466c96c9465d623ab011de004da48f\Windows.UI.ni.dll 2016-05-31 17:13 - 2016-05-31 17:13 - 00497664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\0c168de19f2576f13020da2bdb2a6d56\Windows.Foundation.ni.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-05-26 10:07 - 2016-05-26 10:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-05-26 10:07 - 2016-05-26 10:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2016-08-08 12:16 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-08 12:16 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll 2015-01-16 10:33 - 2013-08-25 21:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll 2015-01-16 10:33 - 2013-08-25 21:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll 2015-01-16 10:33 - 2014-11-11 11:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll 2015-01-16 10:33 - 2013-08-25 21:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll 2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll 2013-08-05 11:57 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll 2009-02-26 13:46 - 2009-02-26 13:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll 2011-06-22 11:46 - 2011-06-22 11:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll 2015-11-11 04:41 - 2015-11-11 04:41 - 00756376 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2016-07-07 18:56 - 00001626 ____A C:\WINDOWS\system32\Drivers\etc\hosts 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net 107.178.255.88 www.google-analytics.com 107.178.255.88 www.statcounter.com 107.178.255.88 statcounter.com 107.178.255.88 ssl.google-analytics.com 107.178.255.88 partner.googleadservices.com 107.178.255.88 google-analytics.com 107.178.248.130 static.doubleclick.net 107.178.247.130 connect.facebook.net127.0.0.1 down.baidu2016.com 127.0.0.1 123.sogou.com 127.0.0.1 www.czzsyzgm.com 127.0.0.1 www.czzsyzxl.com 127.0.0.1 union.baidu2019.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper DNS Servers: 68.105.28.11 - 68.105.29.11 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run: => "RTHDVCPL" HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{509760E0-50DE-4DA2-94CF-9080A463BDC3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [UDP Query User{19113267-15C7-4C8A-906D-169D8FDC6A32}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe FirewallRules: [TCP Query User{E79ECF8B-5182-4862-9952-078910C24D4E}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe FirewallRules: [UDP Query User{5D94D78A-2528-40B1-9E10-B22B4EFA9F1B}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe ==================== Restore Points ========================= 28-08-2016 13:39:14 Restore Point Created by FRST 28-08-2016 14:20:21 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/28/2016 02:35:14 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {79d75c54-7c46-4c95-9807-d2803831e2f5} Error: (08/28/2016 02:34:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1. Parameter name: dueTime Stack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (08/28/2016 02:20:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/28/2016 01:51:45 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {18635296-6488-4bbe-b246-f1fb997a2658} Error: (08/28/2016 01:51:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: ) Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1. Parameter name: dueTime Stack Trace: at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period) at System.Timers.Timer.set_Enabled(Boolean value) at SnappCloud.ActivationReminder.AraClient.PostInit() at SnappCloud.ActivationReminder.Program.Main(String[] args) Error: (08/28/2016 01:50:15 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (08/28/2016 01:49:54 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: SearchUI.exe, version: 10.0.10586.494, time stamp: 0x5775e69a Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.545, time stamp: 0x57a1bca1 Exception code: 0xc000027b Fault offset: 0x00000000006fd01b Faulting process id: 0x1328 Faulting application start time: 0x01d2016db418ccae Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll Report Id: 9385c972-a52b-4ca1-85d7-3fb2e80d0166 Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy Faulting package-relative application ID: CortanaUI Error: (08/28/2016 01:39:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol. System Error: Access is denied. . Error: (08/28/2016 01:39:14 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {6c01c545-84ff-4e97-8fa8-29657b6b160c} Error: (08/28/2016 01:34:24 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: 844: ERROR: read_msg errno 0 (The operation completed successfully.) System errors: ============= Error: (08/28/2016 02:35:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the file specified. Error: (08/28/2016 02:31:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Modules Installer service failed to start due to the following error: The system cannot find the path specified. Error: (08/28/2016 02:31:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_3db45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 02:31:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_3db45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 02:31:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_3db45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 02:31:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_3db45 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (08/28/2016 02:31:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The McAfee Validation Trust Protection Service service terminated unexpectedly. It has done this 1 time(s). Error: (08/28/2016 02:30:33 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the CarboniteService service, but this action failed with the following error: An instance of the service is already running. Error: (08/28/2016 02:30:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: ) Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. Error: (08/28/2016 02:29:36 PM) (Source: Service Control Manager) (EventID: 7006) (User: ) Description: The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied. CodeIntegrity: =================================== Date: 2016-08-25 21:24:45.096 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:45.065 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:45.028 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:44.966 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:33.786 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:33.734 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:33.685 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:33.651 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:33.651 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. Date: 2016-08-25 21:24:33.616 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements. ==================== Memory info =========================== Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz Percentage of memory in use: 31% Total physical RAM: 8071.27 MB Available physical RAM: 5518.98 MB Total Virtual: 10631.27 MB Available Virtual: 8032.1 MB ==================== Drives ================================ Drive c: (TI10664600G) (Fixed) (Total:685.68 GB) (Free:614.42 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  • 0

#40
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2016
Ran by Admin (administrator) on PC (28-08-2016 14:42:44)
Running from C:\Users\Admin\Downloads
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-29] (Google Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Amazon Music] => C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-29] (Skype Technologies S.A.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Policies\Explorer: [Run] "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-06-30] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MOBK400] -> {73552f1f-bf89-9213-24d3-b502f837bb93} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4002] -> {81d6082a-73e9-8567-a371-6ad62982aca6} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4003] -> {44391887-365b-8585-2ab9-799a50b9ef5e} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013-09-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmc.lnk [2014-10-17]
ShortcutTarget: mmc.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2013-09-14]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2013-02-05] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-111038216-3123894467-4160015040-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-04] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgYt6OamqXKYn1DthkJqVHn0gLel593R8c3wLrVWKnwM-gHYKF_AHekPG8H4NleLe70_w7P_EO9H3i3ICfNxI_PJGO5w,,
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-09]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Honey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-28]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-08-23] (DotC United Inc)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-23] (DotC United Inc)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-28 14:42 - 2016-08-28 14:42 - 02396672 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-08-28 14:42 - 2016-08-28 14:42 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2016-08-28 14:38 - 2016-08-28 14:38 - 00000000 ____D C:\Users\Admin\AppData\Roaming\MCorp
2016-08-28 14:35 - 2016-08-28 14:35 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner (3).exe
2016-08-28 14:34 - 2016-08-28 14:34 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT (3).exe
2016-08-28 14:29 - 2016-08-28 14:29 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner (2).exe
2016-08-28 14:29 - 2016-08-28 14:29 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT (2).exe
2016-08-28 14:26 - 2016-08-28 14:26 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner (1).exe
2016-08-28 14:26 - 2016-08-28 14:26 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT (1).exe
2016-08-28 14:23 - 2016-08-28 14:23 - 00006581 _____ C:\Users\Admin\Desktop\JRT.txt
2016-08-28 14:22 - 2016-08-28 14:30 - 00000000 ____D C:\AdwCleaner
2016-08-28 14:22 - 2016-08-28 14:22 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2016-08-28 14:22 - 2016-08-28 14:22 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT.exe
2016-08-28 14:20 - 2016-08-28 14:20 - 03826240 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2016-08-28 14:18 - 2016-08-28 14:19 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2016-08-28 13:40 - 2016-08-28 13:40 - 00000334 _____ C:\Users\Admin\Downloads\Fixlog.txt
2016-08-28 13:39 - 2016-08-28 13:46 - 00027641 _____ C:\Users\Admin\Desktop\Fixlog.txt
2016-08-28 11:41 - 2016-08-28 11:43 - 00001551 _____ C:\Users\Admin\Desktop\Search.txt
2016-08-27 10:45 - 2016-08-28 14:01 - 00035684 _____ C:\Users\Admin\Downloads\Addition.txt
2016-08-27 10:43 - 2016-08-28 14:42 - 00023455 _____ C:\Users\Admin\Downloads\FRST.txt
2016-08-27 10:43 - 2016-08-28 14:42 - 00000000 ____D C:\FRST
2016-08-27 10:41 - 2016-08-28 11:41 - 02396672 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-08-27 10:38 - 2016-08-27 10:38 - 00001090 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-27 10:37 - 2016-08-27 10:38 - 11374528 _____ (VS Revo Group ) C:\Users\Admin\Downloads\RevoUninProSetup.exe
2016-08-27 10:37 - 2016-08-27 10:38 - 07093624 _____ (VS Revo Group ) C:\Users\Admin\Downloads\revosetup.exe
2016-08-17 10:10 - 2016-08-17 10:10 - 00002364 _____ C:\Users\Admin\Downloads\Reminder_Register_for_Marriott_Rewards_MegaBonus.ics
2016-08-15 19:32 - 2016-08-15 19:32 - 00000217 _____ C:\Users\Admin\Downloads\Welcome_Numbers_1-20.ics
2016-08-11 19:58 - 2016-08-11 19:59 - 90601382 _____ C:\Users\Admin\Downloads\photos.zip
2016-08-11 18:57 - 2016-08-11 18:57 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-10 20:53 - 2016-08-10 20:53 - 00404992 _____ C:\Users\Admin\Downloads\BTSN 2012.ppt
2016-08-10 10:26 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:26 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:26 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:26 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:26 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:26 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:26 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:26 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:26 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:25 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:25 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:25 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:25 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:25 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:25 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:25 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:25 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:25 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:25 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:25 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:25 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:25 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:25 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:25 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:25 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:25 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:25 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:25 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:25 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:25 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:25 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:25 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:25 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:25 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:25 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:25 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:25 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:25 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:25 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:25 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:25 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:25 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:25 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:25 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-04 14:33 - 2016-08-04 14:33 - 02323528 _____ C:\Users\Admin\Downloads\How to Download CDs 2016.pdf
2016-07-29 17:34 - 2016-07-29 17:34 - 00000000 ____D C:\Users\Admin\Documents\New folder
2016-07-29 17:32 - 2016-07-29 17:32 - 00116975 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (2).pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design.pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (1).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-28 14:36 - 2016-01-04 11:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-08-28 14:34 - 2015-03-16 12:01 - 00000000 ____D C:\Users\Admin\Tracing
2016-08-28 14:33 - 2016-06-01 13:40 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-08-28 14:33 - 2016-05-25 20:15 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2016-08-28 14:32 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-28 14:31 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-28 14:23 - 2016-02-09 10:03 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-28 14:23 - 2016-02-09 10:03 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-28 13:52 - 2016-05-25 17:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-28 13:52 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-28 13:40 - 2016-05-25 17:00 - 00000000 ____D C:\Users\Admin
2016-08-28 10:28 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 10:12 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-24 13:13 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 14:12 - 2016-02-01 10:57 - 00000000 ____D C:\Users\Admin\Documents\Parent2Parent
2016-08-23 13:14 - 2016-06-01 13:40 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-08-20 12:32 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Positive Discipline
2016-08-19 11:18 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-18 20:08 - 2016-02-13 06:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-18 19:23 - 2016-02-13 06:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-12 11:45 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Parenting
2016-08-11 18:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 18:58 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-11 18:56 - 2013-10-07 12:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 18:35 - 2013-10-07 12:42 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-06-01 13:39 - 2016-06-01 13:39 - 6859776 _____ () C:\Users\Admin\AppData\Roaming\agent.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0054272 _____ () C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0067776 _____ () C:\Users\Admin\AppData\Roaming\Config.xml
2016-06-01 13:39 - 2016-06-01 13:38 - 0782848 _____ () C:\Users\Admin\AppData\Roaming\FaseRonfresh.exe
2016-06-01 13:39 - 2016-06-01 13:39 - 1756999 _____ () C:\Users\Admin\AppData\Roaming\FaseRonfresh.tst
2016-06-01 13:39 - 2016-06-01 13:38 - 0782848 _____ () C:\Users\Admin\AppData\Roaming\Faxrantop.exe
2016-06-01 13:39 - 2016-06-01 13:39 - 0072820 _____ () C:\Users\Admin\AppData\Roaming\Faxrantop.tst
2016-06-01 13:38 - 2016-06-01 13:39 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\InstallationConfiguration.xml
2016-06-01 13:38 - 2016-06-01 13:38 - 0128512 _____ () C:\Users\Admin\AppData\Roaming\Installer.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0848437 _____ () C:\Users\Admin\AppData\Roaming\Jayzap.bin
2016-06-01 13:39 - 2016-06-01 13:39 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\lobby.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\Main.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0005568 _____ () C:\Users\Admin\AppData\Roaming\md.xml
2016-06-01 13:39 - 2016-06-01 13:39 - 0126464 _____ () C:\Users\Admin\AppData\Roaming\noah.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 2279413 _____ () C:\Users\Admin\AppData\Roaming\Tanruntom.bin
2016-06-01 13:39 - 2016-06-01 13:39 - 0032038 _____ () C:\Users\Admin\AppData\Roaming\uninstall_temp.ico
2015-01-12 13:06 - 2015-06-21 14:54 - 0006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-01 11:17 - 2013-10-01 11:17 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-21 11:06
 
==================== End of FRST.txt ============================

  • 0

Advertisements


#41
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

A side note - I thought I had virus protection on this computer, but doesn't look like I do? Suggestions? Thank you again!!


  • 0

#42
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Hi there - I'm going to need to step away from my computer for a bit (need to pick up my daughter), but should be back in a few hours...


  • 0

#43
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

A side note - I thought I had virus protection on this computer, but doesn't look like I do? Suggestions? Thank you again!!


You do have Windows Defender, but it's currently disabled. We can install a new anti-virus when finished and leave WD disabled. :thumbsup:

Hi there - I'm going to need to step away from my computer for a bit (need to pick up my daughter), but should be back in a few hours...


No worries, we do this on the schedule that works the best for you. :)
  • 0

#44
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Hi there - I'm back. Ready to work. :-)


  • 0

#45
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Hi there - I'm back. Ready to work. :-)


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP