Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help remove One System Care [Solved]


  • This topic is locked This topic is locked

#46
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Hi there - I'm back. Ready to work. :-)


  • 0

Advertisements


#47
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Hello :)

Let's proceed. :thumbsup:

Step 1: Scan with Malwarebytes

Download Malwarebytes Anti-Malware by clicking here.
Start the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.



Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • To view the log file, Show hidden files and folders must be enabled. New logs are appended to the existing log files when multiple scans are run.
  • The path to the log file is the following: C:\users\%userprofile%\appdata\local\temp\log.txt
  • Copy and paste that log as a reply to this topic.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log

  • 0

#48
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Working on step 1, but scan is taking forever...


  • 0

#49
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Working on step 1, but scan is taking forever...


No worries, the ESET scan can sometimes take longer than MBAM. They're very in depth scanners. :thumbsup:
  • 0

#50
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/28/2016
Scan Time: 5:32 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.28.08
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337489
Time Elapsed: 33 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, 1208, Delete-on-Reboot, [a2d6dc74a0fa88ae798b3d7908fcd927]
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, 4316, Delete-on-Reboot, [67119fb15842d95d887cbcfa877dab55]
 
Modules: 37
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [24548ac6c3d7a09603011a9c02028e72], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [24548ac6c3d7a09603011a9c02028e72], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Delete-on-Reboot, [d8a0bd934c4e9c9ac242edc9d133d828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [087056fa227869cdaf5566509a6a15eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [087056fa227869cdaf5566509a6a15eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [90e8e36dbfdb49ed57ad35815ba97c84], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [90e8e36dbfdb49ed57ad35815ba97c84], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [b5c3f55b8e0c3afc669e179ffc08916f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [b5c3f55b8e0c3afc669e179ffc08916f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [bdbb48087a20979f0cf8d9dd37cd38c8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [bdbb48087a20979f0cf8d9dd37cd38c8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, Delete-on-Reboot, [c7b1242cfb9f73c3ac585561788c2ed2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, Delete-on-Reboot, [16620947b3e7b6804cb87244bd472dd3], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, Delete-on-Reboot, [2355fc545149eb4bbf45c9ed5ea69769], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, Delete-on-Reboot, [0d6b064ae0bab58142c28b2b8d77d62a], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, Delete-on-Reboot, [2d4b0d439dfd93a3788c3a7c0afa857b], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, Delete-on-Reboot, [b1c7b0a0c3d744f2e71deec8857f8779], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, Delete-on-Reboot, [ed8b2a266d2d280ea262199dc73df30d], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, Delete-on-Reboot, [96e22f218c0e78bea55f7046ba4a17e9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, Delete-on-Reboot, [5a1eb29e6a30fd39c73df5c1887c4fb1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, Delete-on-Reboot, [b1c7e46c306a3bfb17ed5f57a55f08f8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, Delete-on-Reboot, [8cecee625149f83e7a8a417560a4b050], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
 
Registry Keys: 16
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCProtectService, Delete-on-Reboot, [a2d6dc74a0fa88ae798b3d7908fcd927], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CD1A63BA-A08C-431B-9A34-F240AADC728D}, Quarantined, [3444044c6e2c6acc8ff2a9ee4fb350b0], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CD1A63BA-A08C-431B-9A34-F240AADC728D}, Quarantined, [3444044c6e2c6acc8ff2a9ee4fb350b0], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}, Quarantined, [393f0c449505fa3c245e7c1b689ac13f], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}, Quarantined, [393f0c449505fa3c245e7c1b689ac13f], 
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{08ae5e13-70cc-4fbb-ad00-ef4b90a44451}, Quarantined, [fc7c2d23e7b3c76ffe53d3c3837fa35d], 
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{08AE5E13-70CC-4FBB-AD00-EF4B90A44451}, Quarantined, [fc7c2d23e7b3c76ffe53d3c3837fa35d], 
PUP.Optional.Koyote, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Free mp3 Wma Converter, Quarantined, [de9aa7a94a5024128ab1fa320ef34fb1], 
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [d7a18ec21c7eee488e7107d647bc1de3], 
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32, Quarantined, [1761db75108a48eef7d512e9f112fe02], 
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS, Quarantined, [a7d18ec2603a76c07755c13a13f014ec], 
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32, Quarantined, [98e05ff19a0089ada284877730d36e92], 
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS, Quarantined, [abcd044cacee3105a284b9455fa421df], 
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC, Delete-on-Reboot, [3d3bc38d0a900c2adc970be6d62d728e], 
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC DESKTOP, Quarantined, [7ff95ef24753999df30c3cc25ca726da], 
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Delete-on-Reboot, [df991d3374260333501d0ebb3fc3d62a], 
 
Registry Values: 5
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{08ae5e13-70cc-4fbb-ad00-ef4b90a44451}|AppPath, C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE, Quarantined, [8bed39178d0dc86e72786c71996a5ea2]
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC|Location, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [3d3bc38d0a900c2adc970be6d62d728e]
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC DESKTOP|Location, C:\Program Files (x86)\MPC Cleaner, Quarantined, [7ff95ef24753999df30c3cc25ca726da]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE|ImagePath, "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe", Delete-on-Reboot, [41372b2512883ff7d7739161e71c2fd1]
Trojan.Agent, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe", Quarantined, [d1a7b8983268f93d407221c138ca718f]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 28
PUP.Optional.MCorp, C:\Users\Admin\AppData\Roaming\MCorp\1147, Quarantined, [2751ada3ebaf5adc73dc47b616edb24e], 
PUP.Optional.MCorp, C:\Users\Admin\AppData\Roaming\MCorp, Quarantined, [2751ada3ebaf5adc73dc47b616edb24e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Log, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Module, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule\CommonRule, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule\CommonRule\Module, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule\SpecialRule, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Upgrade, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\AdCleaner, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Desktop, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
 
Files: 64
Rootkit.Agent, C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys, Delete-on-Reboot, [481ae4ba7c3cd795b8cc020a1c473c2f], 
PUP.Optional.MorePowerfulCleaner, C:\WINDOWS\SYSTEM32\drivers\MPCKpt.sys, Delete-on-Reboot, [82fd73b77d493f0e479d82afb2ea76c2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, Delete-on-Reboot, [a2d6dc74a0fa88ae798b3d7908fcd927], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [24548ac6c3d7a09603011a9c02028e72], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Delete-on-Reboot, [d8a0bd934c4e9c9ac242edc9d133d828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [087056fa227869cdaf5566509a6a15eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [90e8e36dbfdb49ed57ad35815ba97c84], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [b5c3f55b8e0c3afc669e179ffc08916f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [bdbb48087a20979f0cf8d9dd37cd38c8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, Delete-on-Reboot, [67119fb15842d95d887cbcfa877dab55], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, Delete-on-Reboot, [c7b1242cfb9f73c3ac585561788c2ed2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, Delete-on-Reboot, [16620947b3e7b6804cb87244bd472dd3], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, Delete-on-Reboot, [2355fc545149eb4bbf45c9ed5ea69769], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, Delete-on-Reboot, [0d6b064ae0bab58142c28b2b8d77d62a], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, Delete-on-Reboot, [2d4b0d439dfd93a3788c3a7c0afa857b], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, Delete-on-Reboot, [b1c7b0a0c3d744f2e71deec8857f8779], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, Delete-on-Reboot, [ed8b2a266d2d280ea262199dc73df30d], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, Delete-on-Reboot, [96e22f218c0e78bea55f7046ba4a17e9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, Delete-on-Reboot, [5a1eb29e6a30fd39c73df5c1887c4fb1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, Delete-on-Reboot, [b1c7e46c306a3bfb17ed5f57a55f08f8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, Delete-on-Reboot, [8cecee625149f83e7a8a417560a4b050], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\FaseRonfresh.exe, Quarantined, [0d6b97b9ddbd6acc27f017ca32cf44bc], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\Faxrantop.exe, Quarantined, [f781450b09917bbb4dcafde442bfae52], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\Jayzap.bin, Quarantined, [cbad5af66f2b12241cd3f36445bff30d], 
PUP.Optional.LogicHandler, C:\Users\Admin\AppData\Roaming\Tanruntom.bin, Quarantined, [02768dc34f4b9e9877763d21ff01c040], 
Adware.PennyBee, C:\Program Files\Obunoquddiv\Onypj64.dll, Quarantined, [83f5d8780199aa8c709a4b8f768bdc24], 
PUP.Optional.Koyote, C:\Program Files (x86)\Free mp3 Wma Converter\Uninstall.exe, Quarantined, [de9aa7a94a5024128ab1fa320ef34fb1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi64.dll, Quarantined, [5424b9978b0f91a57193754161a346ba], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll64.dll, Quarantined, [b3c569e7cbcf44f280846551ac58ab55], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mpc.am_0.localstorage, Delete-on-Reboot, [1464cc845a40bf77825b2a9f14ee02fe], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mpc.am_0.localstorage-journal, Quarantined, [40382828732744f2825bba0f50b2b24e], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat, Quarantined, [6315fe521387b581cea211def50ede22], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\md.xml, Quarantined, [e2962d23dac04aecf87928c7798acd33], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\noah.dat, Quarantined, [265286ca2e6cff37cfa3727d1ce78779], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\uninstall_temp.ico, Quarantined, [97e11e3284166acc0e6528c7dd266b95], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\lobby.dat, Quarantined, [bbbd4010a1f9310596668a65ad56a45c], 
PUP.Optional.Linkury.Gen, C:\Users\Admin\AppData\Roaming\FaseRonfresh.tst, Quarantined, [cdab30205743f73f54d5f20b7e85e21e], 
PUP.Optional.Linkury.Gen, C:\Users\Admin\AppData\Roaming\Faxrantop.tst, Quarantined, [a9cf8fc189113ef8a78248b5020143bd], 
PUP.Optional.MCorp, C:\Users\Admin\AppData\Roaming\MCorp\1147\udpx, Quarantined, [2751ada3ebaf5adc73dc47b616edb24e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\ymlct, Quarantined, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\Clean.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\PlugIn.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\as.db, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\cf.db, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\run.db, Quarantined, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\st.db, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Lang.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Skin.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.Linkury.ACMB1, C:\Users\Admin\AppData\Roaming\Config.xml, Quarantined, [6b0d8bc50a9039fdc7172c708e76e41c], 
PUP.Optional.Linkury.ACMB1, C:\Users\Admin\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [fc7ca1aff7a3dc5a23bc7c20020241bf], 
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\todr\gaf\nysn.dat, Quarantined, [84f440103c5ea78ffbd4e0b9c53f01ff], 
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.247.130 connect.facebook.net), Replaced,[5325bd930298fc3ad5e50d90a26255ab]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
107.178.255.88 www.go), Replaced,[beba3818d4c639fd9e1c3d60bd475da3]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.248.130 static.doubleclick.net), Replaced,[6c0cf15f5f3bf73f9d1e1588a064c040]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
107.178.255.88 www.goog), Replaced,[6c0c064a4a5055e1bcff4d50db29b14f]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.255.88 www.google-analytics.com), Replaced,[abcddf713a6041f500bcd5c80ef610f0]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
107.178.255.88 www.s), Replaced,[bdbb60f0d1c975c19c20029b7490b947]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (gle-analytics.com
107.178.255), Replaced,[a6d2c7894e4c4ee8aa12a5f8c93ba060]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.google-analytics.com
107.178.255.88 w), Replaced,[4a2ee16faeec59dda3199ffe54b0d32d]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
107.178.255.88 www.statcounte), Replaced,[2f4968e8fd9d181edede0499b94b13ed]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (tics.com
107.178.255.88 www.statco), Replaced,[ff79f65a8713b185615bb2ebaf5529d7]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (er.com
107.178.255.88 ssl.google-analy), Replaced,[3840cd8311891d19229acecfff0524dc]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#51
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 8/28/2016
Scan Time: 5:32 PM
Logfile: MBAM.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.28.08
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337489
Time Elapsed: 33 min, 17 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 2
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, 1208, Delete-on-Reboot, [a2d6dc74a0fa88ae798b3d7908fcd927]
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, 4316, Delete-on-Reboot, [67119fb15842d95d887cbcfa877dab55]
 
Modules: 37
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [24548ac6c3d7a09603011a9c02028e72], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [24548ac6c3d7a09603011a9c02028e72], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Delete-on-Reboot, [d8a0bd934c4e9c9ac242edc9d133d828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [087056fa227869cdaf5566509a6a15eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [087056fa227869cdaf5566509a6a15eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [90e8e36dbfdb49ed57ad35815ba97c84], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [90e8e36dbfdb49ed57ad35815ba97c84], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [b5c3f55b8e0c3afc669e179ffc08916f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [b5c3f55b8e0c3afc669e179ffc08916f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [bdbb48087a20979f0cf8d9dd37cd38c8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [bdbb48087a20979f0cf8d9dd37cd38c8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, Delete-on-Reboot, [c7b1242cfb9f73c3ac585561788c2ed2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, Delete-on-Reboot, [16620947b3e7b6804cb87244bd472dd3], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, Delete-on-Reboot, [2355fc545149eb4bbf45c9ed5ea69769], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, Delete-on-Reboot, [0d6b064ae0bab58142c28b2b8d77d62a], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, Delete-on-Reboot, [2d4b0d439dfd93a3788c3a7c0afa857b], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, Delete-on-Reboot, [b1c7b0a0c3d744f2e71deec8857f8779], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, Delete-on-Reboot, [ed8b2a266d2d280ea262199dc73df30d], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, Delete-on-Reboot, [96e22f218c0e78bea55f7046ba4a17e9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, Delete-on-Reboot, [5a1eb29e6a30fd39c73df5c1887c4fb1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, Delete-on-Reboot, [b1c7e46c306a3bfb17ed5f57a55f08f8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, Delete-on-Reboot, [8cecee625149f83e7a8a417560a4b050], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
 
Registry Keys: 16
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCProtectService, Delete-on-Reboot, [a2d6dc74a0fa88ae798b3d7908fcd927], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{CD1A63BA-A08C-431B-9A34-F240AADC728D}, Quarantined, [3444044c6e2c6acc8ff2a9ee4fb350b0], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{CD1A63BA-A08C-431B-9A34-F240AADC728D}, Quarantined, [3444044c6e2c6acc8ff2a9ee4fb350b0], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}, Quarantined, [393f0c449505fa3c245e7c1b689ac13f], 
PUP.Optional.MindSpark, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{FBCBC43A-DCA9-4192-A4C8-B57FD0F77D4D}, Quarantined, [393f0c449505fa3c245e7c1b689ac13f], 
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{08ae5e13-70cc-4fbb-ad00-ef4b90a44451}, Quarantined, [fc7c2d23e7b3c76ffe53d3c3837fa35d], 
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{08AE5E13-70CC-4FBB-AD00-EF4B90A44451}, Quarantined, [fc7c2d23e7b3c76ffe53d3c3837fa35d], 
PUP.Optional.Koyote, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Free mp3 Wma Converter, Quarantined, [de9aa7a94a5024128ab1fa320ef34fb1], 
PUP.Optional.DataMngr.AppFlsh, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\${dtUserElevationPolicyID}, Quarantined, [d7a18ec21c7eee488e7107d647bc1de3], 
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASAPI32, Quarantined, [1761db75108a48eef7d512e9f112fe02], 
PUP.Optional.IDSCProduct, HKLM\SOFTWARE\MICROSOFT\TRACING\idscservice_RASMANCS, Quarantined, [a7d18ec2603a76c07755c13a13f014ec], 
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASAPI32, Quarantined, [98e05ff19a0089ada284877730d36e92], 
PUP.Optional.WizzCaster, HKLM\SOFTWARE\MICROSOFT\TRACING\wizzcaster_RASMANCS, Quarantined, [abcd044cacee3105a284b9455fa421df], 
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC, Delete-on-Reboot, [3d3bc38d0a900c2adc970be6d62d728e], 
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC DESKTOP, Quarantined, [7ff95ef24753999df30c3cc25ca726da], 
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKpt, Delete-on-Reboot, [df991d3374260333501d0ebb3fc3d62a], 
 
Registry Values: 5
PUP.Optional.Bandoo.AppFlsh, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{08ae5e13-70cc-4fbb-ad00-ef4b90a44451}|AppPath, C:\PROGRA~2\MOVIES~1\Datamngr\SRTOOL~1\IE, Quarantined, [8bed39178d0dc86e72786c71996a5ea2]
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC|Location, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [3d3bc38d0a900c2adc970be6d62d728e]
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC DESKTOP|Location, C:\Program Files (x86)\MPC Cleaner, Quarantined, [7ff95ef24753999df30c3cc25ca726da]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE|ImagePath, "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe", Delete-on-Reboot, [41372b2512883ff7d7739161e71c2fd1]
Trojan.Agent, HKU\S-1-5-21-111038216-3123894467-4160015040-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|Run, "C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe", Quarantined, [d1a7b8983268f93d407221c138ca718f]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 28
PUP.Optional.MCorp, C:\Users\Admin\AppData\Roaming\MCorp\1147, Quarantined, [2751ada3ebaf5adc73dc47b616edb24e], 
PUP.Optional.MCorp, C:\Users\Admin\AppData\Roaming\MCorp, Quarantined, [2751ada3ebaf5adc73dc47b616edb24e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Log, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Module, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule\CommonRule, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule\CommonRule\Module, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Rule\SpecialRule, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TEMP\Upgrade, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\AdCleaner, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Desktop, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
 
Files: 64
Rootkit.Agent, C:\WINDOWS\SYSTEM32\drivers\cherimoya.sys, Delete-on-Reboot, [481ae4ba7c3cd795b8cc020a1c473c2f], 
PUP.Optional.MorePowerfulCleaner, C:\WINDOWS\SYSTEM32\drivers\MPCKpt.sys, Delete-on-Reboot, [82fd73b77d493f0e479d82afb2ea76c2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [f6826ce48911ac8a7a8a684ed33149b7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, Delete-on-Reboot, [a2d6dc74a0fa88ae798b3d7908fcd927], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [24548ac6c3d7a09603011a9c02028e72], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Delete-on-Reboot, [d8a0bd934c4e9c9ac242edc9d133d828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [087056fa227869cdaf5566509a6a15eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [90e8e36dbfdb49ed57ad35815ba97c84], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [b5c3f55b8e0c3afc669e179ffc08916f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [bdbb48087a20979f0cf8d9dd37cd38c8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, Delete-on-Reboot, [67119fb15842d95d887cbcfa877dab55], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, Delete-on-Reboot, [c7b1242cfb9f73c3ac585561788c2ed2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, Delete-on-Reboot, [16620947b3e7b6804cb87244bd472dd3], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, Delete-on-Reboot, [2355fc545149eb4bbf45c9ed5ea69769], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, Delete-on-Reboot, [0d6b064ae0bab58142c28b2b8d77d62a], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, Delete-on-Reboot, [2d4b0d439dfd93a3788c3a7c0afa857b], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, Delete-on-Reboot, [b1c7b0a0c3d744f2e71deec8857f8779], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, Delete-on-Reboot, [ed8b2a266d2d280ea262199dc73df30d], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, Delete-on-Reboot, [96e22f218c0e78bea55f7046ba4a17e9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, Delete-on-Reboot, [5a1eb29e6a30fd39c73df5c1887c4fb1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, Delete-on-Reboot, [b1c7e46c306a3bfb17ed5f57a55f08f8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, Delete-on-Reboot, [8cecee625149f83e7a8a417560a4b050], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [f781321edebc9b9b5ea6cbebf50fe11f], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\FaseRonfresh.exe, Quarantined, [0d6b97b9ddbd6acc27f017ca32cf44bc], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\Faxrantop.exe, Quarantined, [f781450b09917bbb4dcafde442bfae52], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\Jayzap.bin, Quarantined, [cbad5af66f2b12241cd3f36445bff30d], 
PUP.Optional.LogicHandler, C:\Users\Admin\AppData\Roaming\Tanruntom.bin, Quarantined, [02768dc34f4b9e9877763d21ff01c040], 
Adware.PennyBee, C:\Program Files\Obunoquddiv\Onypj64.dll, Quarantined, [83f5d8780199aa8c709a4b8f768bdc24], 
PUP.Optional.Koyote, C:\Program Files (x86)\Free mp3 Wma Converter\Uninstall.exe, Quarantined, [de9aa7a94a5024128ab1fa320ef34fb1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi64.dll, Quarantined, [5424b9978b0f91a57193754161a346ba], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll64.dll, Quarantined, [b3c569e7cbcf44f280846551ac58ab55], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mpc.am_0.localstorage, Delete-on-Reboot, [1464cc845a40bf77825b2a9f14ee02fe], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mpc.am_0.localstorage-journal, Quarantined, [40382828732744f2825bba0f50b2b24e], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\ApplicationHosting.dat, Quarantined, [6315fe521387b581cea211def50ede22], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\md.xml, Quarantined, [e2962d23dac04aecf87928c7798acd33], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\noah.dat, Quarantined, [265286ca2e6cff37cfa3727d1ce78779], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\uninstall_temp.ico, Quarantined, [97e11e3284166acc0e6528c7dd266b95], 
PUP.Optional.Linkury, C:\Users\Admin\AppData\Roaming\lobby.dat, Quarantined, [bbbd4010a1f9310596668a65ad56a45c], 
PUP.Optional.Linkury.Gen, C:\Users\Admin\AppData\Roaming\FaseRonfresh.tst, Quarantined, [cdab30205743f73f54d5f20b7e85e21e], 
PUP.Optional.Linkury.Gen, C:\Users\Admin\AppData\Roaming\Faxrantop.tst, Quarantined, [a9cf8fc189113ef8a78248b5020143bd], 
PUP.Optional.MCorp, C:\Users\Admin\AppData\Roaming\MCorp\1147\udpx, Quarantined, [2751ada3ebaf5adc73dc47b616edb24e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\ymlct, Quarantined, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\Clean.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\PlugIn.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\as.db, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\cf.db, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\run.db, Quarantined, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\st.db, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Lang.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Skin.xf, Delete-on-Reboot, [a7d14f011486c76f1f28824760a2a45c], 
PUP.Optional.Linkury.ACMB1, C:\Users\Admin\AppData\Roaming\Config.xml, Quarantined, [6b0d8bc50a9039fdc7172c708e76e41c], 
PUP.Optional.Linkury.ACMB1, C:\Users\Admin\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [fc7ca1aff7a3dc5a23bc7c20020241bf], 
PUP.Optional.HijackHosts.Gen, C:\Windows\System32\todr\gaf\nysn.dat, Quarantined, [84f440103c5ea78ffbd4e0b9c53f01ff], 
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.247.130 connect.facebook.net), Replaced,[5325bd930298fc3ad5e50d90a26255ab]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
107.178.255.88 www.go), Replaced,[beba3818d4c639fd9e1c3d60bd475da3]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.248.130 static.doubleclick.net), Replaced,[6c0cf15f5f3bf73f9d1e1588a064c040]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.facebook.net
107.178.255.88 www.goog), Replaced,[6c0c064a4a5055e1bcff4d50db29b14f]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (107.178.255.88 www.google-analytics.com), Replaced,[abcddf713a6041f500bcd5c80ef610f0]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
107.178.255.88 www.s), Replaced,[bdbb60f0d1c975c19c20029b7490b947]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (gle-analytics.com
107.178.255), Replaced,[a6d2c7894e4c4ee8aa12a5f8c93ba060]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (.google-analytics.com
107.178.255.88 w), Replaced,[4a2ee16faeec59dda3199ffe54b0d32d]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (nalytics.com
107.178.255.88 www.statcounte), Replaced,[2f4968e8fd9d181edede0499b94b13ed]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (tics.com
107.178.255.88 www.statco), Replaced,[ff79f65a8713b185615bb2ebaf5529d7]
Hijack.Host, C:\Windows\System32\drivers\etc\hosts, Good: (), Bad: (er.com
107.178.255.88 ssl.google-analy), Replaced,[3840cd8311891d19229acecfff0524dc]
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#52
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Having problems with eset - the directions don't match up with what I see onscreen. Went to https://www.eset.com...online-scanner/but didn't see photo of bar you posted. I went ahead and hit "scan now" under ESET scanner online, but wording is a bit different. Only options shown are : enable or disable detection of potentially unwanted applications - not remove found threats or scan now...


  • 0

#53
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

Having problems with eset - the directions don't match up with what I see onscreen. Went to https://www.eset.com...online-scanner/but didn't see photo of bar you posted. I went ahead and hit "scan now" under ESET scanner online, but wording is a bit different. Only options shown are : enable or disable detection of potentially unwanted applications - not remove found threats or scan now...


Ok, thank you for letting me know. It seems they've changed the interface a bit.

Once you click Scan Now, it will start a file download. Accept the download, and then double click the file.

When it starts, click ok if that appears, and then click on Accept and then a screen will appear. Check the Enable detection of potentially unwanted programs.

Click Scan and it will begin downloading the signature database. Once it's done, it will begin the scan. :thumbsup:
  • 0

#54
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

scan seemed to end but the window that is showing is asking me to sign up for a free trial. The scan info is nowhere to be seen...


  • 0

#55
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts

scan seemed to end but the window that is showing is asking me to sign up for a free trial. The scan info is nowhere to be seen...


Ok, no worries. Do not agree to the free trial. Go ahead and delete any Addition.txt and FRST.txt logs from the Desktop and let's get some fresh ones to see where we're at. :thumbups:


Step 1: Fresh FRST logs

Once you've deleted the older Addition.txt and FRST.txt logs, please follow the instructions below.
  • Start Farbar's Recovery Scan Tool, place a check in the Addition.txt box and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

Advertisements


#56
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2016
Ran by Admin (28-08-2016 19:37:51)
Running from C:\Users\Admin\Desktop
Windows 10 Home Version 1511 (X64) (2016-05-26 03:13:37)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Admin (S-1-5-21-111038216-3123894467-4160015040-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-111038216-3123894467-4160015040-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-111038216-3123894467-4160015040-503 - Limited - Disabled)
Guest (S-1-5-21-111038216-3123894467-4160015040-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-111038216-3123894467-4160015040-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.17)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Amazon Music (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Amazon Amazon Music) (Version: 3.9.7.901 - Amazon Services LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Carbonite (HKLM-x32\...\{02A2CB8C-4561-4EB7-BD26-0A8B5C5A1564}) (Version: 5.8.5 build 5805 (Feb-10-2016) - Carbonite)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Classic Start 8 (HKLM-x32\...\{913D024D-5EB4-4AC3-A412-C87588574A74}_is1) (Version: 1.0.0.13 - Crawler, LLC)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Dropbox) (Version: 2.0.26 - Dropbox, Inc.)
DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)
Elementals - The Magic Key (x32 Version: 2.2.0.97 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP Photosmart 5510d series Basic Device Software (HKLM\...\{8800943A-4158-4B5B-8E6B-A0AC63E10A91}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iExplorer 3.9.3.0 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Online Backup (Version: 1.16.6.1 - McAfee, Inc.) Hidden
McAfee Online Backup (x32 Version:  - McAfee, Inc.) Hidden
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 7.1.0.2483 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Polar FlowSync version 2.3.8 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.3.8 - Polar Electro Oy)
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.43 - NCH Software)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31225 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)
Revo Uninstaller 2.0.0 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.0 - VS Revo Group, Ltd.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.106 - Skype Technologies S.A.)
SlimCleaner Plus (HKLM\...\{5F5EF771-2B0B-401C-969C-38399DF75D35}) (Version: 1.3.1 - SlimWare Utilities, Inc.)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.79 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer 6.7.1.0 (HKLM-x32\...\Tansee iPhone/iPad/iPod SMS/MMS/iMessage Transfer_is1) (Version: 6.7.1.0 - Tansee, Inc.)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Wonderland Solitaire (x32 Version: 2.2.0.110 - WildTangent) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{162C6FB5-44D3-435B-903D-E613FA093FB5}\InprocServer32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileCoAuthLib64.dll ()
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-111038216-3123894467-4160015040-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0283D2D4-5E6C-4CAE-9A29-6FEA7F286D67} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {0906D094-C9DB-43B3-A07B-AD1308CDC1F4} - System32\Tasks\{E251CBDE-43F8-4687-8EBD-A9D105E0E7F6} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Duoing\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Duoing\uninstall.dat" -a uninstallme 22F37957-567D-4FA3-BDAB-44EDF530BEBF DeviceId=c5b1ba4c-4b68-2533-9506-9f984418c49c BarcodeId=51198003 ChannelId=3 DistributerName=APSFWakeNet
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1E48E2FF-EA0E-4E2E-A78F-4D45CFDDB748} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {33C945A7-EE7B-451D-B478-243521702D3C} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {3E56BA12-30DE-46D9-9421-F01A7518E141} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)
Task: {41E580E5-EF9D-40EF-A93C-EBAC2D3D2748} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {80EE587C-B040-4A76-88A9-ECE891C258E8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {8E1B2D22-26C3-44B0-B268-6B98B523D55F} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-10-08] (Synaptics Incorporated)
Task: {CF28A7C0-3097-4175-BC54-DE8FE7F9925B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
Task: {D92B3E3B-351B-403F-A543-62546B6DE219} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {F68BB389-E4FF-47CB-A633-F7E6BCCF3464} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.6.0.27\SymErr.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\Admin\Favorites\NCH Software Download Site.lnk -> hxxp://www.nch.com.au/index.html
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-03-25 16:44 - 2013-03-25 16:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 16:56 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-26 08:54 - 2016-05-26 08:55 - 00959168 _____ () C:\Users\Admin\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 16:58 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 16:56 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 16:56 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 16:56 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 16:56 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-06-18 20:07 - 2015-07-06 10:47 - 05886784 _____ () C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
2010-06-01 03:05 - 2010-06-01 03:05 - 00083256 _____ () C:\Program Files (x86)\McAfee Online Backup\librs2.dll
2016-06-03 09:36 - 2016-06-03 09:36 - 01984000 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\6e466c96c9465d623ab011de004da48f\Windows.UI.ni.dll
2016-05-31 17:13 - 2016-05-31 17:13 - 00497664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\0c168de19f2576f13020da2bdb2a6d56\Windows.Foundation.ni.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-05-26 10:07 - 2016-05-26 10:07 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-01-16 10:33 - 2014-11-11 11:19 - 01703424 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\polar20.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00048128 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libEGL.dll
2015-01-16 10:33 - 2013-08-25 21:52 - 00728576 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\libGLESv2.dll
2015-01-16 10:33 - 2013-08-25 21:59 - 00833024 _____ () C:\Program Files (x86)\Polar\Polar FlowSync\platforms\qwindows.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2016-08-08 12:16 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 12:16 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2013-08-05 11:57 - 2013-01-14 10:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin\AppData\Local\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 68.105.28.11 - 68.105.29.11
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{509760E0-50DE-4DA2-94CF-9080A463BDC3}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{19113267-15C7-4C8A-906D-169D8FDC6A32}C:\program files (x86)\google\chrome\application\chrome.exe] => (Block) C:\program files (x86)\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{E79ECF8B-5182-4862-9952-078910C24D4E}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{5D94D78A-2528-40B1-9E10-B22B4EFA9F1B}C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe] => (Block) C:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe
 
==================== Restore Points =========================
 
28-08-2016 13:39:14 Restore Point Created by FRST
28-08-2016 14:20:21 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2016 06:12:29 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {36328322-265b-4dd6-b142-b18213b9f7d3}
 
Error: (08/28/2016 06:11:46 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (08/28/2016 06:08:38 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/28/2016 05:18:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/28/2016 05:18:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname PC.local already in use; will try PC-2.local instead
 
Error: (08/28/2016 05:18:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 PC.local. AAAA 2600:8802:0603:C600:6042:DFB7:A17B:9741
 
Error: (08/28/2016 05:18:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:6042:DFB7:A17B:9741:5353   16 PC.local. AAAA 2600:8802:0603:C600:26FD:52FF:FEC9:0C16
 
Error: (08/28/2016 02:35:14 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {79d75c54-7c46-4c95-9807-d2803831e2f5}
 
Error: (08/28/2016 02:34:44 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)
 
Error: (08/28/2016 02:20:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (08/28/2016 06:37:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/28/2016 06:37:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
 
Error: (08/28/2016 06:36:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/28/2016 06:36:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
 
Error: (08/28/2016 06:36:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/28/2016 06:36:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
 
Error: (08/28/2016 06:36:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/28/2016 06:36:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
 
Error: (08/28/2016 06:36:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading
 
Error: (08/28/2016 06:36:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Admin\AppData\Local\Temp\ehdrv.sys
 
 
CodeIntegrity:
===================================
  Date: 2016-08-25 21:24:45.096
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.065
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:45.028
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:44.966
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.786
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.685
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.651
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
  Date: 2016-08-25 21:24:33.616
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 42%
Total physical RAM: 8071.27 MB
Available physical RAM: 4666.29 MB
Total Virtual: 10631.27 MB
Available Virtual: 7083.71 MB
 
==================== Drives ================================
 
Drive c: (TI10664600G) (Fixed) (Total:685.68 GB) (Free:612.97 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#57
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-08-2016
Ran by Admin (administrator) on PC (28-08-2016 19:36:41)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe
(Polar Electro Oy) C:\Program Files (x86)\Polar\Polar FlowSync\flowsync.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
() C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_enu (2).exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954880 2015-10-08] (Synaptics Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1103056 2016-02-10] (Carbonite, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [HP Photosmart 5510d series (NET)] => C:\Program Files\HP\HP Photosmart 5510d series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-08-29] (Google Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Polar FlowSync] => C:\Program Files (x86)\Polar\Polar FlowSync\FlowSync.exe [1125376 2014-11-11] (Polar Electro Oy)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4272840 2014-03-31] (Microsoft Corporation)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Amazon Music] => C:\Users\Admin\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886784 2015-07-06] ()
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-29] (Skype Technologies S.A.)
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-06-30] (Microsoft Corporation)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers: [MOBK400] -> {73552f1f-bf89-9213-24d3-b502f837bb93} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4002] -> {81d6082a-73e9-8567-a371-6ad62982aca6} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers: [MOBK4003] -> {44391887-365b-8585-2ab9-799a50b9ef5e} => C:\Program Files (x86)\McAfee Online Backup\MOBK400shell.dll [2010-06-01] (McAfee, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2016-02-10] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Admin\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-06-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-08-28]
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mmc.lnk [2016-08-28]
ShortcutTarget: mmc.lnk -> C:\Users\Admin\AppData\Roaming\Microsoft\Windows\IEUpdate\mmc.exe (No File)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2016-08-28]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{3f7dbe3b-72f0-4fb8-b5f5-90af2d4320ba}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
Tcpip\..\Interfaces\{c60918e3-a89b-41bf-9a62-d78dfd835f0f}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKU\S-1-5-21-111038216-3123894467-4160015040-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-29] (Google Inc.)
Toolbar: HKU\S-1-5-21-111038216-3123894467-4160015040-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-29] (Google Inc.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2013-02-05] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-111038216-3123894467-4160015040-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-04] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-XAQAldM6a7rWhafTgYt6OamqXKYn1DthkJqVHn0gLel593R8c3wLrVWKnwM-gHYKF_AHekPG8H4NleLe70_w7P_EO9H3i3ICfNxI_PJGO5w,,
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-09]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-09]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-09]
CHR Extension: (Honey) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-08-28]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-09]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-09]
CHR Extension: (Chrome Media Router) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-28]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [337888 2016-05-03] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MOBK400backup; C:\Program Files (x86)\McAfee Online Backup\MOBK400backup.exe [231224 2010-06-01] (McAfee, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255168 2015-10-08] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-28] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\system32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R1 MOBK400Filter; C:\Windows\System32\DRIVERS\MOBK400.sys [66040 2010-06-01] (Mozy, Inc.)
S3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [433912 2016-07-13] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\System32\drivers\rtwlane.sys [3445248 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [51392 2015-10-08] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-28 19:36 - 2016-08-28 19:36 - 00023817 _____ C:\Users\Admin\Desktop\FRST.txt
2016-08-28 19:36 - 2016-08-28 19:36 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2016-08-28 18:24 - 2016-08-28 18:24 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_enu (2).exe
2016-08-28 18:19 - 2016-08-28 18:20 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_enu (1).exe
2016-08-28 18:17 - 2016-08-28 18:17 - 06761600 _____ (ESET spol. s r.o.) C:\Users\Admin\Downloads\esetonlinescanner_enu.exe
2016-08-28 18:17 - 2016-08-28 18:17 - 00000000 ____D C:\Users\Admin\AppData\Local\ESET
2016-08-28 18:14 - 2016-08-28 18:14 - 00022709 _____ C:\Users\Admin\Desktop\MBAM.txt
2016-08-28 17:30 - 2016-08-28 18:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-28 17:29 - 2016-08-28 18:12 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-28 17:29 - 2016-08-28 17:29 - 22851472 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-28 17:29 - 2016-08-28 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-28 17:29 - 2016-08-28 17:29 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-08-28 17:29 - 2016-08-28 17:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-28 17:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-28 17:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-28 17:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-28 14:42 - 2016-08-28 18:12 - 00000000 ____D C:\Users\Admin\Downloads\FRST-OlderVersion
2016-08-28 14:42 - 2016-08-28 14:42 - 02396672 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2016-08-28 14:35 - 2016-08-28 14:35 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner (3).exe
2016-08-28 14:34 - 2016-08-28 14:34 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT (3).exe
2016-08-28 14:29 - 2016-08-28 14:29 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner (2).exe
2016-08-28 14:29 - 2016-08-28 14:29 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT (2).exe
2016-08-28 14:26 - 2016-08-28 14:26 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner (1).exe
2016-08-28 14:26 - 2016-08-28 14:26 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT (1).exe
2016-08-28 14:23 - 2016-08-28 14:23 - 00006581 _____ C:\Users\Admin\Desktop\JRT.txt
2016-08-28 14:22 - 2016-08-28 14:30 - 00000000 ____D C:\AdwCleaner
2016-08-28 14:22 - 2016-08-28 14:22 - 03826240 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2016-08-28 14:22 - 2016-08-28 14:22 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Downloads\JRT.exe
2016-08-28 14:20 - 2016-08-28 14:20 - 03826240 _____ C:\Users\Admin\Desktop\AdwCleaner.exe
2016-08-28 14:18 - 2016-08-28 14:19 - 01610560 _____ (Malwarebytes) C:\Users\Admin\Desktop\JRT.exe
2016-08-28 13:40 - 2016-08-28 13:40 - 00000334 _____ C:\Users\Admin\Downloads\Fixlog.txt
2016-08-28 13:39 - 2016-08-28 13:46 - 00027641 _____ C:\Users\Admin\Desktop\Fixlog.txt
2016-08-28 11:41 - 2016-08-28 11:43 - 00001551 _____ C:\Users\Admin\Desktop\Search.txt
2016-08-27 10:45 - 2016-08-28 14:44 - 00036391 _____ C:\Users\Admin\Downloads\Addition.txt
2016-08-27 10:43 - 2016-08-28 19:36 - 00000000 ____D C:\FRST
2016-08-27 10:43 - 2016-08-28 14:47 - 00047722 _____ C:\Users\Admin\Downloads\FRST.txt
2016-08-27 10:41 - 2016-08-28 19:36 - 02396672 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2016-08-27 10:38 - 2016-08-28 18:12 - 00001128 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-08-27 10:38 - 2016-08-27 10:38 - 00000000 ____D C:\Program Files\VS Revo Group
2016-08-27 10:37 - 2016-08-27 10:38 - 11374528 _____ (VS Revo Group ) C:\Users\Admin\Downloads\RevoUninProSetup.exe
2016-08-27 10:37 - 2016-08-27 10:38 - 07093624 _____ (VS Revo Group ) C:\Users\Admin\Downloads\revosetup.exe
2016-08-17 10:10 - 2016-08-17 10:10 - 00002364 _____ C:\Users\Admin\Downloads\Reminder_Register_for_Marriott_Rewards_MegaBonus.ics
2016-08-15 19:32 - 2016-08-15 19:32 - 00000217 _____ C:\Users\Admin\Downloads\Welcome_Numbers_1-20.ics
2016-08-11 19:58 - 2016-08-11 19:59 - 90601382 _____ C:\Users\Admin\Downloads\photos.zip
2016-08-11 18:57 - 2016-08-11 18:57 - 00000000 ____D C:\WINDOWS\PCHEALTH
2016-08-10 20:53 - 2016-08-10 20:53 - 00404992 _____ C:\Users\Admin\Downloads\BTSN 2012.ppt
2016-08-10 10:26 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 10:26 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 10:26 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 10:26 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 10:26 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 10:26 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 10:26 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 10:26 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 10:26 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 10:26 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 10:25 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 10:25 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 10:25 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 10:25 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 10:25 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 10:25 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 10:25 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 10:25 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 10:25 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 10:25 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 10:25 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 10:25 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 10:25 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 10:25 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 10:25 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 10:25 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 10:25 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 10:25 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 10:25 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 10:25 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 10:25 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 10:25 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 10:25 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 10:25 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 10:25 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 10:25 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 10:25 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-10 10:25 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 10:25 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 10:25 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 10:25 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 10:25 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 10:25 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 10:25 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 10:25 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 10:25 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 10:25 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 10:25 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 10:25 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 10:25 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 10:25 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 10:25 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 10:25 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 10:25 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 10:25 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 10:25 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 10:25 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 10:25 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 10:25 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 10:25 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 10:25 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 10:25 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 10:25 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 10:25 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 10:25 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 10:25 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 10:25 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 10:25 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 10:25 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 10:25 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 10:25 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 10:25 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 10:25 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 10:25 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 10:25 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 10:25 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 10:25 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 10:25 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 10:25 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 10:25 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 10:25 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-04 14:33 - 2016-08-04 14:33 - 02323528 _____ C:\Users\Admin\Downloads\How to Download CDs 2016.pdf
2016-07-29 17:34 - 2016-07-29 17:34 - 00000000 ____D C:\Users\Admin\Documents\New folder
2016-07-29 17:32 - 2016-07-29 17:32 - 00116975 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (2).pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design.pdf
2016-07-29 17:31 - 2016-07-29 17:31 - 00407871 _____ C:\Users\Admin\Downloads\Shabbat_O'Gram_-_Session_2_Week_1_Design (1).pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-28 19:24 - 2016-01-04 11:40 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Skype
2016-08-28 18:12 - 2016-05-26 09:05 - 00002405 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-28 18:12 - 2016-05-25 17:10 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-28 18:12 - 2016-04-25 15:32 - 00002340 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-08-28 18:12 - 2016-04-04 14:05 - 00001862 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-08-28 18:12 - 2016-03-02 12:52 - 00002153 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2016-08-28 18:12 - 2016-02-09 10:03 - 00002271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-28 18:12 - 2016-02-09 10:03 - 00002265 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-28 18:12 - 2016-01-04 11:40 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-08-28 18:12 - 2015-05-20 14:19 - 00001149 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Switch Sound File Converter.lnk
2016-08-28 18:12 - 2015-05-20 14:19 - 00001143 _____ C:\Users\Public\Desktop\Switch Sound File Converter.lnk
2016-08-28 18:12 - 2015-05-18 20:41 - 00001323 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free mp3 Wma Converter.lnk
2016-08-28 18:12 - 2015-04-29 14:42 - 00001257 _____ C:\Users\Public\Desktop\NCH Suite.lnk
2016-08-28 18:12 - 2015-04-29 14:42 - 00001133 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Prism Video File Converter.lnk
2016-08-28 18:12 - 2015-04-29 14:42 - 00001127 _____ C:\Users\Public\Desktop\Prism Video File Converter.lnk
2016-08-28 18:12 - 2015-04-29 14:29 - 00001087 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-08-28 18:12 - 2015-03-16 12:00 - 00001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-08-28 18:12 - 2015-03-16 12:00 - 00001320 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-08-28 18:12 - 2015-03-16 11:59 - 00002501 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-08-28 18:12 - 2015-03-16 11:59 - 00001473 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-08-28 18:12 - 2014-10-15 11:12 - 00001800 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-28 18:12 - 2014-10-15 11:03 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-08-28 18:12 - 2013-10-01 13:22 - 00002265 _____ C:\Users\Public\Desktop\HP Photosmart 5510d series.lnk
2016-08-28 18:12 - 2013-10-01 13:22 - 00001192 _____ C:\Users\Public\Desktop\Shop for Supplies - HP Photosmart 5510d series.lnk
2016-08-28 18:12 - 2013-08-05 12:22 - 00002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Start.lnk
2016-08-28 18:12 - 2013-04-09 22:30 - 00001062 _____ C:\Users\Public\Desktop\Desktop Assist.lnk
2016-08-28 18:12 - 2013-04-09 21:42 - 00002653 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WildTangent Games App - toshiba.lnk
2016-08-28 18:12 - 2013-04-09 21:41 - 00002047 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Registration.lnk
2016-08-28 18:12 - 2013-04-09 21:40 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-08-28 18:12 - 2013-04-09 21:39 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-08-28 18:11 - 2015-06-18 20:07 - 00001152 _____ C:\Users\Admin\Desktop\Amazon Music.lnk
2016-08-28 18:11 - 2015-03-16 12:01 - 00000000 ____D C:\Users\Admin\Tracing
2016-08-28 18:11 - 2014-10-14 09:30 - 00001201 _____ C:\Users\Admin\Desktop\iPhone SMS.lnk
2016-08-28 18:11 - 2013-10-01 10:20 - 00002041 _____ C:\Users\Admin\Desktop\HPPSDr.lnk
2016-08-28 18:11 - 2013-09-12 12:58 - 00001012 _____ C:\Users\Admin\Desktop\Dropbox.lnk
2016-08-28 18:11 - 2013-08-05 12:21 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk
2016-08-28 18:10 - 2016-05-25 20:15 - 00000000 __SHD C:\Users\Admin\IntelGraphicsProfiles
2016-08-28 18:09 - 2016-02-13 06:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-28 18:09 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-28 18:07 - 2016-06-01 13:40 - 00000000 ____D C:\Program Files\Obunoquddiv
2016-08-28 18:07 - 2015-05-18 20:39 - 00000000 ____D C:\Program Files (x86)\Free mp3 Wma Converter
2016-08-28 13:52 - 2016-05-25 17:22 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-28 13:52 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-28 13:40 - 2016-05-25 17:00 - 00000000 ____D C:\Users\Admin
2016-08-28 10:28 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-27 10:12 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-24 13:13 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-23 14:12 - 2016-02-01 10:57 - 00000000 ____D C:\Users\Admin\Documents\Parent2Parent
2016-08-20 12:32 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Positive Discipline
2016-08-19 11:18 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-18 20:08 - 2016-02-13 06:20 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-18 19:23 - 2016-02-13 06:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-18 19:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-12 11:45 - 2014-10-10 11:44 - 00000000 ____D C:\Users\Admin\Documents\Parenting
2016-08-11 18:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 18:58 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-11 18:56 - 2013-10-07 12:42 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 18:35 - 2013-10-07 12:42 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-06-01 13:39 - 2016-06-01 13:39 - 6859776 _____ () C:\Users\Admin\AppData\Roaming\agent.dat
2016-06-01 13:38 - 2016-06-01 13:38 - 0128512 _____ () C:\Users\Admin\AppData\Roaming\Installer.dat
2016-06-01 13:39 - 2016-06-01 13:39 - 0018432 _____ () C:\Users\Admin\AppData\Roaming\Main.dat
2015-01-12 13:06 - 2015-06-21 14:54 - 0006656 _____ () C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-01 11:17 - 2013-10-01 11:17 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\libeay32.dll
C:\Users\Admin\AppData\Local\Temp\msvcr120.dll
C:\Users\Admin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-21 11:06
 
==================== End of FRST.txt ============================

  • 0

#58
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,886 posts
Excellent, only a couple minor things to clear out, and then we can tidy up. How is the machine running? :thumbsup: :)


Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

  • 0

#59
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Fix result of Farbar Recovery Scan Tool (x64) Version: 28-08-2016
Ran by Admin (28-08-2016 19:54:57) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
CHR HomePage: Default -> hxxp://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRGNclVS1AC6sNoGyjt9ihJPpQjuFQrjzPfSj47bwSgCcfK58_cf7urFdHDCG59RxLF3x_EzyjkA-
End
*****************
 
Restore point was successfully created.
gupdate => service removed successfully
gupdatem => service removed successfully
Chrome HomePage => removed successfully
 
==== End of Fixlog 19:54:57 ====

  • 0

#60
lanelly7

lanelly7

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts

Computer seems to be doing better - MPC and OneSystem Care seem to be gone. :-) 


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP