Jump to content

Malwarebytes will not open


Recommended Posts

I was infected with malware due to going to a malicious website and trying to download a manual I needed.  I could not use the internet, so downloaded Malwarebytes on another computer and loaded it via USB.  It would not open.  I was able to get it to run in Safe mode, but malware was still present.  Used the Malwarebytes clean software to remove Malwarebytes and reinstalled, still not working.  Downloaded rkill and the malware kept changing the software I believe as soon as I plugged the USB drive in.  So I changed the name on the file to a *.doc file and put it on my desktop, changed to back to a *.exe file and got the log file below.  Malwarebytes still would not run after doing this. Let me know what I should do next.  Thanks!

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 04/19/2016 08:05:48 AM in x64 mode.
Windows Version: Windows 10 Home 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe (PID: 4152) [UP-HEUR]
 * C:\Windows\System32\spool\drivers\x64\3\D1265fServer64.exe (PID: 4256) [WD-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * HOSTS file entries found: 

  127.0.0.1       down.baidu2016.com
  127.0.0.1       123.sogou.com
  127.0.0.1       www.czzsyzgm.com
  127.0.0.1       www.czzsyzxl.com
  127.0.0.1       union.baidu2019.com

Program finished at: 04/19/2016 08:07:50 AM
Execution time: 0 hours(s), 2 minute(s), and 1 seconds(s)

Link to post
Share on other sites

Hello VinnyMX and welcome to Malwarebytes,

My sceen name is kevinf80, I will help you to clean up your system....

Run RKill one more time, do not reboot your system after it completes...

Next,

See if you can reset your Hosts file, full instructions at the following link, the instructions cover upto Windows 10:

http://www.thewindowsclub.com/how-to-set-the-windows-7-hosts-file-back-to-default

Next,

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either, accept the alert or turn your security off to allow FRST to run. It is not malicious or infected in any way...
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
  • Make sure Addition.txt is checkmarked under "Optional scans"
  • Press Scan button to run the tool....
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The tool will also make a log named (Addition.txt) Please attach those logs to your reply.

Thank you,

Kevin..

Link to post
Share on other sites

Thanks for the update, see if you can run the following:

Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/
 
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8/8.1/10, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes select "Report",in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference. log will open.
  • Close the program > Don't Fix anything!

Let me see that log....

 

Link to post
Share on other sites

Sorry for the delay, was out of town yesterday.  Note that computer was turned off and restarted since last.  Here is the Rogue Killer log:

 

RogueKiller V12.1.3.0 [Apr 18 2016] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/software/roguekiller/

Blog : http://www.adlice.com



Operating System : Windows 10 (10.0.10586) 64 bits version

Started in : Normal mode

User : Vincent [Administrator]

Started from : C:\Users\Vincent\Desktop\VinnyRog.exe

Mode : Scan -- Date : 04/21/2016 08:42:19



§§§ Processes : 6 §§§

[Suspicious.Path] XBLive.exe(4016) -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[x] -> Found

[Suspicious.Path] (SVC) egg_protect -- \??\C:\Windows\EProtect_amd64.sys[x] -> Found

[PUP] (SVC) MPCKpt -- system32\DRIVERS\MPCKpt.sys[x] -> Found

[PUP] (SVC) SMUpd -- C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service[x] -> Found

[PUP] (SVC) SMUpdd -- \??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys[x] -> Found

[Suspicious.Path] (SVC) XBox -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[x] -> Found



§§§ Registry : 40 §§§

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\MPC -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Tutorials -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\egg_protect (\??\C:\Windows\EProtect_amd64.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\egg_protect (\??\C:\Windows\EProtect_amd64.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Tampstring\Findax.dll,C:\WINDOWS\system32\nvinitx.dll [x] -> Found

[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Tampstring\DonFan.dll,C:\WINDOWS\SysWOW64\nvinit.dll [x] -> Found



§§§ Tasks : 2 §§§

[PUP] %WINDIR%\Tasks\IAEOXFMIKBHUTTSG.job -- C:\ProgramData\Service1291\Service1291.exe -> Found

[Suspicious.Path] \IBUpd2 -- C:\Users\Vincent\AppData\Local\BrowserAir\47.0.0.5\updater.exe -> Found



§§§ Files : 2 §§§

[Tr.Generic][File] C:\ProgramData\System32\SafeGuard64.dll -> Found

[PUP][Folder] C:\Program Files (x86)\4C4C4544-1460919762-4610-8054-C2C04F575331 -> Found



§§§ Hosts File : 0 §§§



§§§ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) §§§



§§§ Web browsers : 1 §§§

[PUP][CHROME:Addon] Default : Connect DLC 5 [lipgolpfajiadodbcbljdpmbmbdmfcil] -> Found



§§§ MBR Check : §§§

+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++

--- User ---

[MBR] 0993c40042336300156d5fe1224d4f86

[BSP] 3b2d9403d95b2af4aba569aad6061750 : Empty MBR Code

Partition table:

0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB

1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1032192 | Size: 40 MB

2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1114112 | Size: 128 MB

3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1376256 | Size: 500 MB

4 - Basic data partition | Offset (sectors): 2400256 | Size: 1891723 MB

5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3876651008 | Size: 450 MB

6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 3877572608 | Size: 14382 MB

User = LL1 ... OK

User = LL2 ... OK



 

Link to post
Share on other sites

Sorry for the delay, was out of town yesterday.  Note that computer was turned off and restarted since last.  Here is the Rogue Killer log:

 

RogueKiller V12.1.3.0 [Apr 18 2016] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/software/roguekiller/

Blog : http://www.adlice.com



Operating System : Windows 10 (10.0.10586) 64 bits version

Started in : Normal mode

User : Vincent [Administrator]

Started from : C:\Users\Vincent\Desktop\VinnyRog.exe

Mode : Scan -- Date : 04/21/2016 08:42:19



§§§ Processes : 6 §§§

[Suspicious.Path] XBLive.exe(4016) -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[x] -> Found

[Suspicious.Path] (SVC) egg_protect -- \??\C:\Windows\EProtect_amd64.sys[x] -> Found

[PUP] (SVC) MPCKpt -- system32\DRIVERS\MPCKpt.sys[x] -> Found

[PUP] (SVC) SMUpd -- C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service[x] -> Found

[PUP] (SVC) SMUpdd -- \??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys[x] -> Found

[Suspicious.Path] (SVC) XBox -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[x] -> Found



§§§ Registry : 40 §§§

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\MPC -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Tutorials -> Found

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\egg_protect (\??\C:\Windows\EProtect_amd64.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\egg_protect (\??\C:\Windows\EProtect_amd64.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Found

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Found

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Found

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Tampstring\Findax.dll,C:\WINDOWS\system32\nvinitx.dll [x] -> Found

[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Tampstring\DonFan.dll,C:\WINDOWS\SysWOW64\nvinit.dll [x] -> Found



§§§ Tasks : 2 §§§

[PUP] %WINDIR%\Tasks\IAEOXFMIKBHUTTSG.job -- C:\ProgramData\Service1291\Service1291.exe -> Found

[Suspicious.Path] \IBUpd2 -- C:\Users\Vincent\AppData\Local\BrowserAir\47.0.0.5\updater.exe -> Found



§§§ Files : 2 §§§

[Tr.Generic][File] C:\ProgramData\System32\SafeGuard64.dll -> Found

[PUP][Folder] C:\Program Files (x86)\4C4C4544-1460919762-4610-8054-C2C04F575331 -> Found



§§§ Hosts File : 0 §§§



§§§ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) §§§



§§§ Web browsers : 1 §§§

[PUP][CHROME:Addon] Default : Connect DLC 5 [lipgolpfajiadodbcbljdpmbmbdmfcil] -> Found



§§§ MBR Check : §§§

+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++

--- User ---

[MBR] 0993c40042336300156d5fe1224d4f86

[BSP] 3b2d9403d95b2af4aba569aad6061750 : Empty MBR Code

Partition table:

0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB

1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1032192 | Size: 40 MB

2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1114112 | Size: 128 MB

3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1376256 | Size: 500 MB

4 - Basic data partition | Offset (sectors): 2400256 | Size: 1891723 MB

5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3876651008 | Size: 450 MB

6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 3877572608 | Size: 14382 MB

User = LL1 ... OK

User = LL2 ... OK



 

Link to post
Share on other sites

Double-click RogueKiller.exe to run again. (Vista/7/8/10 right-click and select Run as Administrator)

When "initializing/pre-scan” completes press the Scan button, this may take a few minutes to complete.

When the scan completes open the Processes tab and locate the following detections:

[Suspicious.Path] XBLive.exe(4016) -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[x] -> Found
[PUP] (SVC) SMUpd -- C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service[x] -> Found
[PUP] (SVC) SMUpdd -- \??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys[x] -> Found
[Suspicious.Path] (SVC) XBox -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[x] -> Found


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Registry tab and locate the following detections:

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\MPC -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Tutorials -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Found


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Tasks tab and locate the following detections:

[PUP] %WINDIR%\Tasks\IAEOXFMIKBHUTTSG.job -- C:\ProgramData\Service1291\Service1291.exe -> Found
[Suspicious.Path] \IBUpd2 -- C:\Users\Vincent\AppData\Local\BrowserAir\47.0.0.5\updater.exe -> Found


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Open the Files tab and locate the following detections:

[PUP] %WINDIR%\Tasks\IAEOXFMIKBHUTTSG.job -- C:\ProgramData\Service1291\Service1291.exe -> Found
[Suspicious.Path] \IBUpd2 -- C:\Users\Vincent\AppData\Local\BrowserAir\47.0.0.5\updater.exe -> Found


Make sure those entries are Checkmarked (ticked) also ensure that all other entries are not Checkmarked

Hit the Delete button, when complete select "Report" in the next window select "Export txt" the log will open as a text file post that log... Also save to your Desktop for reference.
 
Next,
 
user posted imageScan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.

Click there Run ESET Online Scanner.

If using Internet Explorer:
 
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.

If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.


To perform the scan:
 
  • Select "Enable detection of potentially unwanted applications"
  • Make sure that Remove found threats is Checked.
  • Scan archives is checked.
  • In Advanced Settings: Scan for potentially unwanted applications, Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
  • Under “Enable Stealth Technology select “Change” select any extra drives in that window.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.



Please include this logfile in your next reply.

Don't forget to re-enable protection software!

Let me see those logs, also give an update on any remaining issues or concerns,,

Thanks,

Kevin

Link to post
Share on other sites

I ran the Rogue Killer again and deleted the files as instructed, although some gave error messages in the log report.  I am still unable to access the internet through IE or Chrome.  I did manage to get Edge to open eset.com, but it gets hung up when trying to download the components.  I suspect Edge is not compatible.

 

RogueKiller V12.1.3.0 [Apr 18 2016] (Free) by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/software/roguekiller/

Blog : http://www.adlice.com



Operating System : Windows 10 (10.0.10586) 64 bits version

Started in : Normal mode

User : Vincent [Administrator]

Started from : C:\Users\Vincent\Desktop\VinnyRog.exe

Mode : Delete -- Date : 04/21/2016 21:34:49



§§§ Processes : 6 §§§

[Suspicious.Path] XBLive.exe(4016) -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[7] -> Killed [TermProc]

[Suspicious.Path] (SVC) egg_protect -- \??\C:\Windows\EProtect_amd64.sys[x] -> Found

[PUP] (SVC) MPCKpt -- system32\DRIVERS\MPCKpt.sys[7] -> ERROR [41c]

[PUP] (SVC) SMUpd -- C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service[-] -> Stopped

[PUP] (SVC) SMUpdd -- \??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys[7] -> Stopped

[Suspicious.Path] (SVC) XBox -- C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe[7] -> Stopped



§§§ Registry : 40 §§§

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Deleted

[PUP] (X64) HKEY_LOCAL_MACHINE\Software\SearchModule -> Deleted

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Conduit -> Deleted

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Flashbeat -> Deleted

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\MPC -> ERROR [5]

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\SearchModule -> Deleted

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\Tutorials -> Deleted

[PUP] (X86) HKEY_LOCAL_MACHINE\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885} -> Deleted

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Not selected

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\egg_protect (\??\C:\Windows\EProtect_amd64.sys) -> Not selected

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> ERROR [5]

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> ERROR [5]

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Deleted

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Deleted

[PUP] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Deleted

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Deleted

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CloudPrinter (C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a) -> Not selected

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\egg_protect (\??\C:\Windows\EProtect_amd64.sys) -> Not selected

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCKpt (system32\DRIVERS\MPCKpt.sys) -> ERROR [5]

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MPCProtectService ("C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe") -> ERROR [5]

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProntSpooler ("C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe") -> Deleted

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpd (C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe /service) -> Deleted

[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMUpdd (\??\C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys) -> Deleted

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\XBox (C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe) -> Not selected

[PUM.Proxy] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Deleted

[PUM.Proxy] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings | AutoConfigUrl : http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> ERROR [2]

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> Deleted

[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) : 0http://un-stop.biz/wpad.dat?b385fd53fe1d8ac5ab1108e397a380be9006731 -> ERROR [2]

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Page : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://go.microsoft.com/fwlink/?LinkId=54896)

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://search.msn.com/spbasic.htm)

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://search.msn.com/spbasic.htm)

[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://search.msn.com/spbasic.htm)

[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main | Search Bar : http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms} -> Replaced (http://search.msn.com/spbasic.htm)

[PUM.Policies] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

[PUM.Policies] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | ConsentPromptBehaviorAdmin : 0 -> Not selected

[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Tampstring\Findax.dll,C:\WINDOWS\system32\nvinitx.dll [x] -> Not selected

[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows | AppInit_DLLs : C:\ProgramData\Tampstring\DonFan.dll,C:\WINDOWS\SysWOW64\nvinit.dll [x] -> Not selected



§§§ Tasks : 2 §§§

[PUP] %WINDIR%\Tasks\IAEOXFMIKBHUTTSG.job -- C:\ProgramData\Service1291\Service1291.exe -> Deleted

[Suspicious.Path] \IBUpd2 -- C:\Users\Vincent\AppData\Local\BrowserAir\47.0.0.5\updater.exe -> Not selected



§§§ Files : 2 §§§

[Tr.Generic][File] C:\ProgramData\System32\SafeGuard64.dll -> Removed at reboot [5]

[PUP][Folder] C:\Program Files (x86)\4C4C4544-1460919762-4610-8054-C2C04F575331 -> Deleted



§§§ Hosts File : 0 §§§



§§§ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) §§§



§§§ Web browsers : 1 §§§

[PUP][CHROME:Addon] Default : Connect DLC 5 [lipgolpfajiadodbcbljdpmbmbdmfcil] -> Deleted



§§§ MBR Check : §§§

+++++ PhysicalDrive0: ST2000DM001-1CH164 +++++

--- User ---

[MBR] 0993c40042336300156d5fe1224d4f86

[BSP] 3b2d9403d95b2af4aba569aad6061750 : Empty MBR Code

Partition table:

0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 500 MB

1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1032192 | Size: 40 MB

2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1114112 | Size: 128 MB

3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 1376256 | Size: 500 MB

4 - Basic data partition | Offset (sectors): 2400256 | Size: 1891723 MB

5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 3876651008 | Size: 450 MB

6 - [SYSTEM][MAN-MOUNT] Microsoft recovery partition | Offset (sectors): 3877572608 | Size: 14382 MB

User = LL1 ... OK

User = LL2 ... OK



 

Link to post
Share on other sites

Run FRST one more time, ensure all boxes are checkmarked under "Whitelist" but only Addition.txt under "Optional scan" Select scan, when done post the new logs....

Next,

Download Farbar Service Scanner from here: http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/ and run it on the computer with the issue.

Make sure the following options are checked:
 
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
 
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
Link to post
Share on other sites

Ok, did both of those scans and here are the three log files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016
Ran by Vincent (administrator) on STUDY-PC (22-04-2016 07:15:53)
Running from C:\Users\Vincent\Desktop
Loaded Profiles: UpdatusUser & Vincent & QBDataServiceUser23 (Available Profiles: UpdatusUser & Vincent & Elizabeth & Kiddos & QBDataServiceUser22 & QBDataServiceUser23)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Alcatel-Lucent) C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe
(Joyent, Inc) C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\node.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe
(Dell Inc) C:\Windows\System32\spool\drivers\x64\3\D1265fServer64.exe
(McAfee, Inc.) C:\Program Files\mcafee.com\agent\mcupdate.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcsync.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
(Wyse Technology.) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Alcatel-Lucent) C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
() C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
() C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
() C:\Program Files (x86)\DELL\Dell KM713 Wireless Keyboard software\CDCtr.exe
(SOS Online Backup) C:\Program Files (x86)\SOS Online Backup\SMessaging.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.656.0\McCSPServiceHost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\McClientAnalytics.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\mcinfo.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.19761.0_x64__8wekyb3d8bbwe\Video.UI.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MSGSDK\msgrunner.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ContextRelay\contextrelay.exe
(Microsoft Corporation) C:\Windows\System32\wuapihost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MSGSDK\msgrunner.exe
(Intel Security) C:\Program Files\Common Files\mcafee\ClientAnalytics\McClientAnalytics.exe
() C:\Users\Vincent\Desktop\VinnyRog.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MSGSDK\msgrunner.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\Core\mchost.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\MSGSDK\msgrunner.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\mcods.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\CommonBuild\McCBEntAndInstru.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\Vincent\Desktop\Vinny3.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe"
HKLM\...\Run: [BtvStack] => "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [933776 2012-10-24] (Wyse Technology Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [438784 2010-12-17] ()
HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2013-04-30] (LogMeIn, Inc.)
HKLM\...\Run: [ATT_McciTrayApp] => C:\Program Files\ATT\8.5.1.16\ma\bin\pcTrayApp.exe [2943488 2015-12-11] (Alcatel-Lucent)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [DELLOSD] => C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2011-08-26] ()
HKLM-x32\...\Run: [CDCtr] => C:\Program Files (x86)\Dell\Dell KM713 Wireless Keyboard software\CDCtr.exe [412672 2011-10-07] ()
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [1003576 2016-03-31] (McAfee, Inc.)
HKLM-x32\...\Run: [GestureDemo] => C:\Program Files (x86)\DELL\Dell TP713 Gesture Demo\StringResources.exe [471552 2012-09-20] (DELL)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3774776 2014-01-16] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-10-25] (Microsoft Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-03-18] (Apple Inc.)
HKLM-x32\...\Run: [SOSUAUI] => C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe [58888 2014-10-16] (SOS Online Backup)
HKLM-x32\...\Run: [SMessaging] => C:\Program Files (x86)\SOS Online Backup\SMessaging.exe [67592 2014-10-16] (SOS Online Backup)
HKLM-x32\...\Run: [AccountCreatorRunner] => C:\Program Files (x86)\SOS Online Backup\AccountCreatorRunner.exe [22024 2014-10-16] (SOS Online Backup)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [dply_en_015020301] => [X]
HKLM-x32\...\Run: [maintenance software] => "C:\Program Files (x86)\maintenance software\maintenance software"
HKLM\...\RunOnce: [OTUTPRODUCT_MMYIH] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [535040 2016-04-17] (go)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [Spotify Web Helper] => C:\Users\Vincent\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-22] (Spotify Ltd)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23485208 2016-03-30] (Google)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-11-30] (Apple Inc.)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [Spotify] => C:\Users\Vincent\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-09-22] (Spotify Ltd)
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [Polar FlowSync] => [X]
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [Buzzing Dhol.exe] => C:\WINDOWS\system32\Buzzing Dhol.exe
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\RunOnce: [Uninstall C:\Users\Vincent\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vincent\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1009\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
AppInit_DLLs: C:\ProgramData\Tampstring\Findax.dll => No File
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\ProgramData\Tampstring\DonFan.dll => No File
AppInit_DLLs-x32: ,C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk [2014-10-03]
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-07-13]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-07-13]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-07-13]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2013\QBW32.EXE (Intuit Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 09 C:\ProgramData\System32\SafeGuard32.dll No File 
Winsock: Catalog5-x64 09 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-04-17] ()
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{3350c300-4981-491f-b1fb-5c4b9d7b552e}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{99e09fc2-59c1-4488-951c-0859084966be}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV9ZUwBHEAxAbQlaUwxcFVcRdhQBUQtBDAMVdghcAwpERw0XdB9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJKLl1XFmsUUkBPNEo=&q={searchTerms}
SearchScopes: HKLM -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV9ZUwBHEAxAbQlaUwxcFVcRdhQBUQtBDAMVdghcAwpERw0XdB9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJKLl1XFmsUUkBPNEo=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKLM-x32 -> {B01640CD-4AE7-4121-9097-F4E61054E570} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> DefaultScope {ielnksrch} URL = hxxp://www-searching.com/search.aspx?s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&site=shyosie&prd=setgo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> OldSearch URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US977D20150202&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {36E8A3A7-7C91-43DC-901B-F13437FD4752} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {44867325-1F7D-47D4-96FB-262A8E566D48} URL = 
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL = 
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {8B58C4C7-8A59-4270-5F00-126AFC26A846} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {C68B4A17-CB99-46DE-82BE-AA503AF89F44} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV9ZUwBHEAxAbQlaUwxcFVcRdhQBUQtBDAMVdghcAwpERw0XdB9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJKLl1XFmsUUkBPNEo=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {ielnksrch} URL = hxxp://www-searching.com/search.aspx?s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&site=shyosie&prd=setgo&q={searchTerms}
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-08-08] (Qualcomm Atheros Commnucations)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
BHO-x32: Search Window Results -> {b278c3a7-9980-475f-9450-95df38c6dcd7} -> C:\Program Files (x86)\Search Window Results\Extensions\b278c3a7-9980-475f-9450-95df38c6dcd7.dll => No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Handler-x32: intu-help-qb6 - {6898B29B-BF49-43cb-A0B1-D0B9496AF491} - C:\Program Files (x86)\Intuit\QuickBooks 2013\HelpAsyncPluggableProtocol.dll [2014-01-16] (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2015-10-30] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-03-31] (McAfee, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-07] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-07] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [2015-12-11] (AT&T)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-11-11] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-3762587336-2924527133-2534779374-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Vincent\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-01-22] (Unity Technologies ApS)
FF Extension: AT&T Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2015-12-27] [not signed]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-04-17] [not signed]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&vp=ch&prd=set_ch
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFIQsBVwhIQhgTIgsNTA0TEwMOeQkKURRHFwMSJFsLVF9JFQEFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmSFtHL05qBEoETUFQ"
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-07]
CHR Extension: (Google Docs) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Google Search) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]
CHR Extension: (Google Sheets) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-07]
CHR Extension: (Google Docs Offline) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-21]
CHR Extension: (Slingplayer for Google Chrome™ extension) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp [2015-12-27]
CHR Extension: (Search Window Results) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmbblmijcengghdnpajfojlplonpeab [2016-04-17] [UpdateUrl: hxxp://cdn.searchwindowresults.com/update] <==== ATTENTION
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Vincent\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-12-11]
CHR HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ihdceheklapbalfikfdppfpgdgabaglp] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lipgolpfajiadodbcbljdpmbmbdmfcil] - C:\Users\Vincent\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [okccnkhldjgdpjclfpdnlhlofcpginnm] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AT&T Troubleshoot & Resolve; C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\MAHostService.exe [321024 2015-12-11] (Alcatel-Lucent) [File not signed]
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-10-25] (Microsoft Corp.)
R2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-24] (Dropbox, Inc.)
R2 Dell B1265dnf Network Fax Server; C:\Windows\system32\spool\drivers\x64\3\D1265fServer64.exe [230400 2012-08-17] (Dell Inc) [File not signed]
R2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [122880 2012-07-12] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [417288 2016-04-13] (LogMeIn, Inc.)
R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [508936 2016-04-13] (LogMeIn, Inc.)
R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2013-04-30] (LogMeIn, Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
S2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-17] (DotC United Inc)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2012-02-08] (Hewlett-Packard) [File not signed]
R2 pcCMService; C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [370176 2015-08-13] (Alcatel-Lucent) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [462336 2015-08-13] (Alcatel-Lucent) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2012-02-08] (Hewlett-Packard) [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-01-16] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2013-03-11] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-03-11] (Intuit Inc.) [File not signed]
R3 QuickBooksDB23; C:\Program Files (x86)\Intuit\QuickBooks 2013\QBDBMgrN.exe [679936 2013-03-11] (Intuit, Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor)
R2 sagentservice; C:\Program Files (x86)\SOS Online Backup\SAgent.Service.exe [43528 2014-10-16] (SOS Online Backup)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [188928 2012-10-24] () [File not signed]
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-10-24] (Wyse Technology.) [File not signed]
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-08-07] (Atheros) [File not signed]
S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
R1 egg_protect; C:\Windows\EProtect_amd64.sys [19856 2016-04-17] ()
R3 FintekCIR; C:\Windows\system32\DRIVERS\FintekCIR.sys [33064 2013-07-25] (Fintek)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-04-30] (LogMeIn, Inc.)
S4 LMIRfsClientNP; no ImagePath
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-17] (DotC United Inc)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R3 tilfilter; C:\Windows\System32\drivers\TIxHCIlfilter.sys [17672 2015-03-02] (Texas Instruments, Inc.)
R3 tiufilter; C:\Windows\System32\drivers\TIxHCIufilter.sys [23304 2015-03-02] (Texas Instruments, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-04-21] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 07:15 - 2016-04-22 07:16 - 00043297 _____ C:\Users\Vincent\Desktop\FRST.txt
2016-04-22 07:12 - 2016-04-22 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-04-21 21:45 - 2016-04-21 21:46 - 02870984 _____ (ESET) C:\Users\Vincent\Downloads\esetsmartinstaller_enu (1).exe
2016-04-21 21:42 - 2016-04-21 21:42 - 02870984 _____ (ESET) C:\Users\Vincent\Downloads\esetsmartinstaller_enu.exe
2016-04-21 21:42 - 2016-04-21 21:42 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-21 21:37 - 2016-04-21 21:37 - 00021778 _____ C:\Users\Vincent\Desktop\RogueKiller--Report 4-21-16.txt
2016-04-21 07:55 - 2016-04-21 18:35 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-04-21 07:55 - 2016-04-21 07:55 - 00000000 _____ C:\Users\Vincent\AppData\Local\{031882A7-AC6A-4E5F-ACB3-CCE110E223EE}
2016-04-21 07:49 - 2016-04-21 07:50 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-21 07:49 - 2016-04-18 01:21 - 19764296 _____ C:\Users\Vincent\Desktop\VinnyRog.exe
2016-04-21 07:48 - 2016-04-21 07:48 - 00000000 _____ C:\Users\Vincent\AppData\Local\{4FD35AF1-5231-4BC2-A674-82659A4E5F73}
2016-04-19 10:02 - 2016-04-19 10:02 - 00001177 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-19 10:02 - 2016-04-19 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-19 10:02 - 2016-04-19 10:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-19 10:02 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-19 10:02 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-19 10:02 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-19 09:49 - 2016-04-19 09:50 - 00000000 ____D C:\6038875cbdc45c4de8
2016-04-19 09:49 - 2016-04-19 09:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-19 09:34 - 2016-04-22 07:15 - 00000000 ____D C:\FRST
2016-04-19 09:34 - 2016-04-18 14:36 - 02375680 _____ (Farbar) C:\Users\Vincent\Desktop\Vinny3.exe
2016-04-19 09:32 - 2016-04-18 14:36 - 01726464 _____ (Farbar) C:\Users\Vincent\Desktop\FRST.exe
2016-04-19 09:28 - 2016-04-19 10:01 - 00001664 _____ C:\WINDOWS\system32\Drivers\etc\hosts.txt
2016-04-19 09:17 - 2016-04-06 15:57 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Vincent\Desktop\vinny1.exe
2016-04-19 08:06 - 2016-03-18 09:04 - 22851472 _____ (Malwarebytes ) C:\Users\Vincent\Desktop\Vinny2.exe
2016-04-19 08:00 - 2016-04-19 08:00 - 00000000 ____D C:\99c3b15f4a0f55b6dcb8
2016-04-19 07:54 - 2016-04-19 09:55 - 00002910 _____ C:\Users\Vincent\Desktop\Rkill.txt
2016-04-19 07:54 - 2016-04-19 07:54 - 01106888 _____ (Bleeping Computer, LLC) C:\Users\Vincent\Desktop\vinny64.exe
2016-04-19 07:40 - 2016-04-19 07:40 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-04-19 00:12 - 2016-03-18 09:02 - 22851472 _____ (Malwarebytes ) C:\Users\Vincent\Desktop\mbam-setup-2.2.1.1043.exe
2016-04-19 00:07 - 2016-04-19 00:07 - 00000000 ____D C:\c103d76d3d9ea35850d4
2016-04-18 23:59 - 2016-04-18 23:59 - 00000000 ____D C:\a7e4ee81bec4b9568d56b6269cc0d4db
2016-04-18 23:57 - 2014-07-03 17:14 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Vincent\Desktop\mbam-clean-2.1.1.1001.exe
2016-04-18 22:47 - 2016-04-18 23:52 - 00000000 ____D C:\Users\Vincent\Desktop\Windows
2016-04-18 22:45 - 2016-04-18 22:45 - 00000000 ____D C:\3ddcb1fc5df110120b9e1fd976aa
2016-04-18 22:25 - 2016-04-18 22:25 - 00000000 ____D C:\ad54d091e90d0ddbcfc7724bd4bf
2016-04-18 22:10 - 2016-04-18 22:10 - 00007609 _____ C:\Users\Vincent\AppData\Local\Resmon.ResmonCfg
2016-04-18 21:57 - 2016-04-18 21:57 - 00000000 ____D C:\00a0d3490940afd173
2016-04-18 21:56 - 2016-04-18 21:56 - 00325637 _____ C:\Users\Vincent\Desktop\files removed.txt
2016-04-18 21:24 - 2016-04-18 22:43 - 00811072 _____ C:\WINDOWS\ntbtlog.txt
2016-04-18 21:24 - 2016-04-18 22:43 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-18 21:08 - 2016-04-18 21:08 - 00000000 ____D C:\cfa5df2bcad88d6011f19e87a335becb
2016-04-18 20:53 - 2016-04-18 20:53 - 00000000 ____D C:\6fab27a6227f3ea90d5a58f3c90bcedc
2016-04-18 20:47 - 2016-04-18 20:47 - 00000000 ____D C:\Users\Vincent\AppData\Local\tuto_monetize_220160418
2016-04-18 20:47 - 2016-04-18 20:47 - 00000000 ____D C:\Program Files (x86)\maintenance software
2016-04-18 20:43 - 2016-04-18 20:43 - 00000000 ____D C:\e9ea539a387881f5ae4c
2016-04-18 20:24 - 2016-04-19 10:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-17 19:45 - 2016-04-17 19:45 - 00004416 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_323636343732313736352d4a555b6c5a5a785745413734
2016-04-17 19:45 - 2016-04-17 19:45 - 00000000 ____D C:\ProgramData\SearchModule
2016-04-17 19:45 - 2016-04-17 19:45 - 00000000 ____D C:\Program Files\Common Files\Doobzo
2016-04-17 18:25 - 2016-04-17 18:25 - 00192080 _____ C:\Users\Vincent\Downloads\adobe_flash_setup.exe
2016-04-17 16:45 - 2016-04-17 16:52 - 00000000 ____D C:\ProgramData\System32
2016-04-17 16:45 - 2016-04-17 16:45 - 00019856 _____ C:\WINDOWS\EProtect_amd64.sys
2016-04-17 14:28 - 2016-04-17 14:28 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\MCorp
2016-04-17 14:25 - 2016-04-17 14:25 - 00003716 _____ C:\WINDOWS\System32\Tasks\{82036DB4-31AF-4416-9135-E359CF7B4F1E}
2016-04-17 14:23 - 2016-04-17 14:23 - 00003224 _____ C:\WINDOWS\System32\Tasks\{D34B0B9F-C028-43D3-8E15-2BA6BAC3E2AF}
2016-04-17 14:19 - 2016-04-17 14:19 - 00002383 _____ C:\Users\Kiddos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-17 14:17 - 2016-04-17 14:17 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Publishers
2016-04-17 14:14 - 2016-04-17 14:14 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Dropbox
2016-04-17 14:13 - 2016-04-17 14:13 - 00000000 ____D C:\Users\Kiddos\AppData\Local\ActiveSync
2016-04-17 14:10 - 2016-04-17 14:10 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-04-17 14:07 - 2016-04-17 14:11 - 00000000 __SHD C:\Users\Kiddos\IntelGraphicsProfiles
2016-04-17 14:07 - 2016-04-17 14:07 - 00000020 ___SH C:\Users\Kiddos\ntuser.ini
2016-04-17 14:07 - 2016-04-17 14:07 - 00000000 ____D C:\Users\Kiddos\AppData\Local\TileDataLayer
2016-04-17 14:07 - 2016-04-17 14:07 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Comms
2016-04-17 14:04 - 2016-04-19 09:49 - 00001800 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-17 14:02 - 2016-04-17 19:46 - 00003328 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\WINDOWS\Book Source
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\ASPackage
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\ProgramData\c940ba21-7dc7-0
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\ProgramData\c940ba21-2f93-1
2016-04-17 14:01 - 2016-04-18 22:03 - 00000000 ____D C:\Users\Vincent\AppData\Local\BrowserAir
2016-04-17 14:01 - 2016-04-17 14:04 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-04-17 14:01 - 2016-04-17 14:02 - 00000000 ____D C:\Program Files (x86)\Oasis Space
2016-04-17 14:01 - 2016-04-17 14:01 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-04-17 14:01 - 2016-04-17 14:01 - 00002393 _____ C:\WINDOWS\SysWOW64\findit.xml
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\XBox
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\ProgramData\Tampstrings
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\Program Files\Gipwerbasdyrjob
2016-04-17 14:00 - 2016-04-18 07:42 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-04-17 14:00 - 2016-04-17 19:44 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-04-17 14:00 - 2016-04-17 14:00 - 06494208 _____ C:\Users\Vincent\AppData\Roaming\agent.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 01626777 _____ C:\Users\Vincent\AppData\Roaming\Keytough.tst
2016-04-17 14:00 - 2016-04-17 14:00 - 00126464 _____ C:\Users\Vincent\AppData\Roaming\noah.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00126464 _____ C:\Users\Vincent\AppData\Roaming\lobby.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00072717 _____ C:\Users\Vincent\AppData\Roaming\AlphaNamhome.tst
2016-04-17 14:00 - 2016-04-17 14:00 - 00065568 _____ C:\Users\Vincent\AppData\Roaming\Config.xml
2016-04-17 14:00 - 2016-04-17 14:00 - 00054272 _____ C:\Users\Vincent\AppData\Roaming\ApplicationHosting.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00018432 _____ C:\Users\Vincent\AppData\Roaming\Main.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00005568 _____ C:\Users\Vincent\AppData\Roaming\md.xml
2016-04-17 14:00 - 2016-04-17 14:00 - 00000000 ____D C:\WINDOWS\Buzzing Dhol
2016-04-17 14:00 - 2016-04-17 14:00 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-04-17 13:59 - 2016-04-17 16:33 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-04-17 13:59 - 2016-04-17 16:31 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-04-17 13:59 - 2016-04-17 14:00 - 00015888 _____ C:\Users\Vincent\AppData\Roaming\InstallationConfiguration.xml
2016-04-17 13:59 - 2016-04-17 14:00 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-04-17 13:59 - 2016-04-17 13:59 - 00127488 _____ C:\Users\Vincent\AppData\Roaming\Installer.dat
2016-04-17 13:59 - 2016-04-17 13:59 - 00002606 _____ C:\Users\Vincent\AppData\Roaming\inst.lat
2016-04-17 13:59 - 2016-04-17 13:59 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
2016-04-17 13:57 - 2016-04-17 13:57 - 04282368 _____ C:\Users\Vincent\Downloads\yamaha-pw-50-shop-manual.iso
2016-04-17 03:21 - 2016-04-21 19:36 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-04-14 23:54 - 2016-04-14 23:54 - 01001536 _____ ( ) C:\Users\Vincent\Downloads\FlashPlayerPro.exe
2016-04-14 23:54 - 2016-04-14 23:54 - 01001536 _____ ( ) C:\Users\Vincent\Downloads\FlashPlayerPro (1).exe
2016-04-14 22:14 - 2016-04-14 22:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-14 07:55 - 2016-04-14 07:55 - 00002547 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-04-14 07:55 - 2016-04-14 07:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-04-14 07:53 - 2016-04-14 07:54 - 124423784 _____ C:\Users\Vincent\Downloads\w_turbotax_1040_hab_2015.230.0100.exe
2016-04-12 16:37 - 2016-03-29 05:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-12 16:37 - 2016-03-29 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-12 16:37 - 2016-03-29 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-12 16:37 - 2016-03-29 02:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-12 16:37 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-12 16:37 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-12 16:37 - 2016-03-29 01:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-12 16:37 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-12 16:37 - 2016-03-29 01:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-12 16:37 - 2016-03-29 01:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-12 16:37 - 2016-03-29 01:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-12 16:37 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-12 16:37 - 2016-03-29 01:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-12 16:37 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-12 16:37 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-12 16:37 - 2016-03-29 00:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-12 16:37 - 2016-03-29 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-12 16:37 - 2016-03-29 00:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-12 16:37 - 2016-03-29 00:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-12 16:37 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-12 16:37 - 2016-03-29 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-12 16:37 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-12 16:37 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-12 16:36 - 2016-04-01 23:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-12 16:36 - 2016-04-01 23:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-12 16:36 - 2016-04-01 23:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-12 16:36 - 2016-04-01 23:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-12 16:36 - 2016-04-01 22:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-12 16:36 - 2016-04-01 22:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-12 16:36 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-12 16:36 - 2016-04-01 22:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-12 16:36 - 2016-04-01 22:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-12 16:36 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-12 16:36 - 2016-04-01 22:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-12 16:36 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-12 16:36 - 2016-04-01 22:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-12 16:36 - 2016-04-01 22:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-12 16:36 - 2016-04-01 22:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-12 16:36 - 2016-04-01 22:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-12 16:36 - 2016-04-01 22:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-12 16:36 - 2016-04-01 22:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-12 16:36 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-12 16:36 - 2016-04-01 22:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-12 16:36 - 2016-04-01 22:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-12 16:36 - 2016-04-01 22:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-12 16:36 - 2016-04-01 22:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-12 16:36 - 2016-03-29 05:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-12 16:36 - 2016-03-29 05:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-12 16:36 - 2016-03-29 05:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-12 16:36 - 2016-03-29 05:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 16:36 - 2016-03-29 05:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-12 16:36 - 2016-03-29 05:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-12 16:36 - 2016-03-29 05:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-12 16:36 - 2016-03-29 05:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-12 16:36 - 2016-03-29 05:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-12 16:36 - 2016-03-29 05:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-12 16:36 - 2016-03-29 05:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-12 16:36 - 2016-03-29 05:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-12 16:36 - 2016-03-29 04:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-12 16:36 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-12 16:36 - 2016-03-29 04:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-12 16:36 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-12 16:36 - 2016-03-29 04:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-12 16:36 - 2016-03-29 04:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-12 16:36 - 2016-03-29 04:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-12 16:36 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-12 16:36 - 2016-03-29 04:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-12 16:36 - 2016-03-29 04:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-12 16:36 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-12 16:36 - 2016-03-29 04:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-12 16:36 - 2016-03-29 04:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-12 16:36 - 2016-03-29 04:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-12 16:36 - 2016-03-29 04:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-12 16:36 - 2016-03-29 04:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-12 16:36 - 2016-03-29 04:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-12 16:36 - 2016-03-29 04:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-12 16:36 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-12 16:36 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-12 16:36 - 2016-03-29 03:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-12 16:36 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-12 16:36 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-12 16:36 - 2016-03-29 03:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-12 16:36 - 2016-03-29 03:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-12 16:36 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-12 16:36 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-12 16:36 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-12 16:36 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-12 16:36 - 2016-03-29 03:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-12 16:36 - 2016-03-29 03:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-12 16:36 - 2016-03-29 03:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-12 16:36 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-12 16:36 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-12 16:36 - 2016-03-29 03:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-12 16:36 - 2016-03-29 03:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-12 16:36 - 2016-03-29 03:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-12 16:36 - 2016-03-29 03:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-12 16:36 - 2016-03-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-12 16:36 - 2016-03-29 03:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-12 16:36 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-12 16:36 - 2016-03-29 03:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-12 16:36 - 2016-03-29 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-12 16:36 - 2016-03-29 03:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-12 16:36 - 2016-03-29 02:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-12 16:36 - 2016-03-29 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-12 16:36 - 2016-03-29 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-12 16:36 - 2016-03-29 02:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-12 16:36 - 2016-03-29 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-12 16:36 - 2016-03-29 02:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-12 16:36 - 2016-03-29 02:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-12 16:36 - 2016-03-29 02:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-12 16:36 - 2016-03-29 02:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-12 16:36 - 2016-03-29 02:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-04-12 16:36 - 2016-03-29 02:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-12 16:36 - 2016-03-29 02:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-12 16:36 - 2016-03-29 02:51 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-04-12 16:36 - 2016-03-29 02:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-12 16:36 - 2016-03-29 02:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-12 16:36 - 2016-03-29 02:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-12 16:36 - 2016-03-29 02:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-12 16:36 - 2016-03-29 02:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-12 16:36 - 2016-03-29 02:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-12 16:36 - 2016-03-29 02:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-12 16:36 - 2016-03-29 02:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-04-12 16:36 - 2016-03-29 02:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-12 16:36 - 2016-03-29 02:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-12 16:36 - 2016-03-29 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-12 16:36 - 2016-03-29 02:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-12 16:36 - 2016-03-29 02:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-12 16:36 - 2016-03-29 02:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-12 16:36 - 2016-03-29 02:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-12 16:36 - 2016-03-29 02:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-12 16:36 - 2016-03-29 02:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-12 16:36 - 2016-03-29 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-12 16:36 - 2016-03-29 02:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-12 16:36 - 2016-03-29 02:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-12 16:36 - 2016-03-29 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-12 16:36 - 2016-03-29 02:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-12 16:36 - 2016-03-29 02:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-12 16:36 - 2016-03-29 02:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-12 16:36 - 2016-03-29 02:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-12 16:36 - 2016-03-29 02:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-12 16:36 - 2016-03-29 02:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-12 16:36 - 2016-03-29 02:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-12 16:36 - 2016-03-29 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-12 16:36 - 2016-03-29 02:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-12 16:36 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-12 16:36 - 2016-03-29 02:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-12 16:36 - 2016-03-29 02:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-12 16:36 - 2016-03-29 02:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-12 16:36 - 2016-03-29 02:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-12 16:36 - 2016-03-29 02:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-12 16:36 - 2016-03-29 02:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-12 16:36 - 2016-03-29 02:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-12 16:36 - 2016-03-29 02:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 16:36 - 2016-03-29 02:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-12 16:36 - 2016-03-29 02:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-12 16:36 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-12 16:36 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-12 16:36 - 2016-03-29 02:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-12 16:36 - 2016-03-29 02:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-12 16:36 - 2016-03-29 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-12 16:36 - 2016-03-29 02:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-12 16:36 - 2016-03-29 02:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-12 16:36 - 2016-03-29 02:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-12 16:36 - 2016-03-29 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-12 16:36 - 2016-03-29 02:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-12 16:36 - 2016-03-29 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-12 16:36 - 2016-03-29 02:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-12 16:36 - 2016-03-29 02:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-12 16:36 - 2016-03-29 02:14 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-04-12 16:36 - 2016-03-29 02:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-12 16:36 - 2016-03-29 02:14 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-04-12 16:36 - 2016-03-29 02:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-12 16:36 - 2016-03-29 02:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-12 16:36 - 2016-03-29 02:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-12 16:36 - 2016-03-29 02:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-12 16:36 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-12 16:36 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-12 16:36 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-12 16:36 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-12 16:36 - 2016-03-29 02:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-12 16:36 - 2016-03-29 02:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-12 16:36 - 2016-03-29 02:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-12 16:36 - 2016-03-29 02:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-12 16:36 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-12 16:36 - 2016-03-29 02:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-12 16:36 - 2016-03-29 02:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-12 16:36 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-12 16:36 - 2016-03-29 02:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-12 16:36 - 2016-03-29 02:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-12 16:36 - 2016-03-29 02:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-12 16:36 - 2016-03-29 02:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-12 16:36 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-12 16:36 - 2016-03-29 02:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-12 16:36 - 2016-03-29 02:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-12 16:36 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-12 16:36 - 2016-03-29 02:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-12 16:36 - 2016-03-29 02:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-12 16:36 - 2016-03-29 02:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-12 16:36 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-12 16:36 - 2016-03-29 02:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-12 16:36 - 2016-03-29 02:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-12 16:36 - 2016-03-29 02:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-12 16:36 - 2016-03-29 02:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-12 16:36 - 2016-03-29 01:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-12 16:36 - 2016-03-29 01:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-12 16:36 - 2016-03-29 01:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-12 16:36 - 2016-03-29 01:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-12 16:36 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-12 16:36 - 2016-03-29 01:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-12 16:36 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-12 16:36 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-12 16:36 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-12 16:36 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-12 16:36 - 2016-03-29 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-12 16:36 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-12 16:36 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-12 16:36 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-12 16:36 - 2016-03-29 01:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-12 16:36 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-12 16:36 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-12 16:36 - 2016-03-29 01:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-12 16:36 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-12 16:36 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-12 16:36 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-12 16:36 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-12 16:36 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-12 16:36 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-12 16:36 - 2016-03-29 01:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-12 16:36 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-12 16:36 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-12 16:36 - 2016-03-29 01:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-12 16:36 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-12 16:36 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-12 16:36 - 2016-03-29 01:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-12 16:36 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-12 16:36 - 2016-03-29 01:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-12 16:36 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-12 16:36 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-12 16:36 - 2016-03-29 01:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-12 16:36 - 2016-03-29 01:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-12 16:36 - 2016-03-29 01:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-12 16:36 - 2016-03-29 01:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-12 16:36 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-12 16:36 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-12 16:36 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-12 16:36 - 2016-03-29 01:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-12 16:36 - 2016-03-29 01:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-12 16:36 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-12 16:36 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-12 16:36 - 2016-03-29 01:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-12 16:36 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-12 16:36 - 2016-03-29 01:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-12 16:36 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-12 16:36 - 2016-03-29 01:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-12 16:36 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-12 16:36 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-12 16:36 - 2016-03-29 01:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-12 16:36 - 2016-03-29 01:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-12 16:36 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-12 16:36 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-12 16:36 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-12 16:36 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-12 16:36 - 2016-03-29 01:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-12 16:36 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-12 16:36 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-12 16:36 - 2016-03-29 01:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-12 16:36 - 2016-03-29 01:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-12 16:36 - 2016-03-29 01:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-12 16:36 - 2016-03-29 01:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-12 16:36 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-12 16:36 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-12 16:36 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-12 16:36 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-12 16:36 - 2016-03-29 00:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-12 16:36 - 2016-03-29 00:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-12 16:36 - 2016-03-29 00:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-12 16:36 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-12 16:36 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-12 16:36 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-12 16:36 - 2016-03-29 00:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-12 16:36 - 2016-03-29 00:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-12 16:36 - 2016-03-29 00:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-12 16:36 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-12 16:36 - 2016-03-29 00:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-12 16:36 - 2016-03-29 00:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-12 16:36 - 2016-03-29 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-12 16:36 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-12 16:36 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-12 16:36 - 2016-03-29 00:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-12 02:21 - 2016-04-12 02:21 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\Motive
2016-04-07 13:47 - 2016-04-07 13:47 - 19924672 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-04-01 07:51 - 2016-04-01 07:51 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-04-01 07:51 - 2016-04-01 07:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-01 07:51 - 2016-04-01 07:51 - 00000000 ____D C:\Program Files\iTunes
2016-04-01 07:51 - 2016-04-01 07:51 - 00000000 ____D C:\Program Files\iPod
2016-04-01 07:51 - 2016-04-01 07:51 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-27 15:46 - 2016-03-27 15:46 - 00151734 _____ C:\Users\Elizabeth\Downloads\20160322162456841.pdf
2016-03-23 14:57 - 2016-03-23 14:57 - 04840412 _____ C:\Users\Vincent\Downloads\2009 KTM 65 SX XC Service Repair Manual.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-22 06:47 - 2014-12-27 08:59 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-22 06:32 - 2013-05-16 23:59 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-22 06:31 - 2015-08-24 23:26 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-22 02:32 - 2013-12-26 21:33 - 00000478 _____ C:\WINDOWS\Tasks\SOS Online Backup - allen@cclaw.com.job
2016-04-22 00:32 - 2013-05-16 23:59 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 00:01 - 2013-08-12 18:03 - 00000000 ____D C:\ProgramData\LogMeIn
2016-04-21 23:31 - 2015-08-24 23:26 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-21 21:39 - 2013-08-08 09:06 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{F1FA5D24-F9F4-4A2D-A542-8B49E6D9A4B7}
2016-04-21 20:14 - 2013-12-26 21:18 - 00000454 _____ C:\WINDOWS\Tasks\Online Backup Update Notifier.job
2016-04-21 07:54 - 2016-01-28 08:54 - 00000000 __SHD C:\Users\Vincent\IntelGraphicsProfiles
2016-04-21 07:51 - 2013-05-22 10:20 - 00000000 ____D C:\Users\Vincent\AppData\Local\CrashDumps
2016-04-19 09:53 - 2016-01-28 02:52 - 00885104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-19 09:53 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-19 09:52 - 2015-08-24 23:31 - 00000000 ___RD C:\Users\Vincent\Dropbox
2016-04-19 09:50 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-19 09:49 - 2016-01-28 03:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-19 09:49 - 2016-01-28 02:27 - 00000000 ____D C:\ProgramData\NVIDIA
2016-04-19 09:49 - 2015-12-27 21:19 - 00000000 ____D C:\Program Files (x86)\ATT
2016-04-19 09:49 - 2014-01-24 10:13 - 00001063 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk
2016-04-19 09:49 - 2013-05-31 21:15 - 00000438 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-04-19 09:48 - 2015-10-30 01:28 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2016-04-18 22:58 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-18 22:44 - 2015-10-30 01:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-18 22:24 - 2013-05-27 14:56 - 00000000 ____D C:\Users\Vincent\AppData\Local\ElevatedDiagnostics
2016-04-18 21:56 - 2016-01-28 02:30 - 00000000 ____D C:\Users\Kiddos
2016-04-18 21:56 - 2016-01-28 02:30 - 00000000 ____D C:\Users\Elizabeth
2016-04-18 20:42 - 2016-01-28 02:30 - 00000000 ____D C:\Users\UpdatusUser
2016-04-18 20:42 - 2016-01-28 02:30 - 00000000 ____D C:\Users\QBDataServiceUser23
2016-04-18 20:41 - 2016-01-28 02:30 - 00000000 ____D C:\Users\Vincent
2016-04-18 02:39 - 2013-12-26 21:17 - 00000000 ____D C:\ProgramData\SOS Online Backup
2016-04-17 21:51 - 2013-08-12 18:02 - 00000000 ____D C:\Users\Vincent\AppData\Local\Apps\2.0
2016-04-17 21:14 - 2013-02-15 14:26 - 00000000 ____D C:\ProgramData\McAfee
2016-04-17 21:14 - 2013-02-15 14:26 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-04-17 17:40 - 2016-01-31 14:13 - 00000000 __SHD C:\Users\Elizabeth\IntelGraphicsProfiles
2016-04-17 17:40 - 2013-05-10 20:56 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-17 17:35 - 2014-05-28 16:31 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2EE85220-19A4-468B-A1F4-EADE92F5321A}
2016-04-17 17:09 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-17 16:42 - 2013-11-05 23:32 - 00000000 __RDO C:\Users\Vincent\SkyDrive
2016-04-17 16:40 - 2014-08-15 08:23 - 00000000 ___RD C:\Users\Vincent\Google Drive Copper Penny
2016-04-17 14:27 - 2013-02-15 14:26 - 00000000 ____D C:\Program Files\mcafee
2016-04-17 14:24 - 2013-05-14 17:51 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Packages
2016-04-17 14:19 - 2014-05-28 16:30 - 00000000 ___RD C:\Users\Kiddos\OneDrive
2016-04-17 14:07 - 2013-05-16 23:58 - 00000000 ____D C:\Users\Kiddos\AppData\Local\Google
2016-04-17 14:01 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-04-17 14:01 - 2013-08-12 21:08 - 00002280 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-17 14:01 - 2013-08-12 21:08 - 00002274 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-17 13:59 - 2013-08-22 08:25 - 00001006 _____ C:\WINDOWS\system32\Drivers\etc\hosts.bak
2016-04-17 13:59 - 2013-02-15 14:14 - 00000000 ____D C:\ProgramData\Intel
2016-04-17 13:58 - 2010-09-30 11:14 - 00002780 _____ C:\Users\Vincent\Desktop\Download Intel(R) Desktop Utilities.lnk
2016-04-17 13:58 - 2010-09-30 09:50 - 00001996 _____ C:\Users\Vincent\Desktop\Download Intel(R) Integrator Assistant.lnk
2016-04-17 13:57 - 2014-09-27 22:36 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\CyberLink
2016-04-17 03:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-17 03:03 - 2016-01-28 02:22 - 00299968 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-17 02:52 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-17 02:51 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-04-17 02:51 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-04-17 02:51 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-04-17 00:31 - 2012-05-12 06:36 - 00000000 ____D C:\Users\Vincent\Documents\TurboTax
2016-04-17 00:30 - 2012-05-08 21:15 - 00002348 ____H C:\Users\Vincent\Documents\Default.rdp
2016-04-16 19:39 - 2013-11-06 17:41 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{00FFF0E0-B3D9-4870-B96D-35F6D175D865}
2016-04-15 00:29 - 2015-08-12 07:45 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-04-15 00:29 - 2015-08-12 07:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-04-14 22:14 - 2015-08-24 23:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-14 08:23 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-04-14 07:57 - 2013-10-13 08:53 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\Intuit
2016-04-14 07:56 - 2013-10-13 08:53 - 00000955 _____ C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2016-04-14 07:55 - 2013-10-13 08:51 - 00000000 ____D C:\Program Files (x86)\TurboTax
2016-04-13 22:14 - 2013-08-12 18:03 - 00000000 ____D C:\Program Files (x86)\LogMeIn
2016-04-13 22:13 - 2013-08-12 18:03 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll
2016-04-13 22:13 - 2013-08-12 18:03 - 00100864 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIinit.dll
2016-04-13 22:08 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-13 22:08 - 2013-02-15 14:26 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-04-13 18:35 - 2015-08-24 23:26 - 00000000 ____D C:\Users\Vincent\AppData\Local\Dropbox
2016-04-13 17:33 - 2014-08-15 08:21 - 00002117 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-04-13 17:33 - 2014-08-15 08:21 - 00002115 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-04-13 17:33 - 2014-08-15 08:21 - 00002105 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-04-13 17:33 - 2014-08-15 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-13 06:34 - 2013-05-12 08:44 - 00000000 ____D C:\Users\Elizabeth\AppData\Local\Packages
2016-04-12 21:33 - 2013-05-11 20:37 - 00000000 ____D C:\Users\Vincent\AppData\Local\Packages
2016-04-12 17:45 - 2013-08-17 03:04 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-12 17:39 - 2013-05-11 03:15 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-06 13:32 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 13:32 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-05 22:13 - 2013-08-12 18:03 - 00122400 _____ (LogMeIn, Inc.) C:\WINDOWS\system32\LMIRfsClientNP.dll.001.bak
2016-04-01 07:51 - 2013-08-25 09:40 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-27 09:03 - 2015-05-22 06:35 - 00001234 _____ C:\Users\Public\Desktop\Polar FlowSync.lnk
2016-03-27 09:03 - 2015-05-22 06:35 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-03-27 09:01 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-23 22:47 - 2014-12-27 08:59 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2016-04-17 14:00 - 2016-04-17 14:00 - 6494208 _____ () C:\Users\Vincent\AppData\Roaming\agent.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 0072717 _____ () C:\Users\Vincent\AppData\Roaming\AlphaNamhome.tst
2016-04-17 14:00 - 2016-04-17 14:00 - 0054272 _____ () C:\Users\Vincent\AppData\Roaming\ApplicationHosting.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 0065568 _____ () C:\Users\Vincent\AppData\Roaming\Config.xml
2014-05-04 11:50 - 2014-05-11 13:54 - 0001449 _____ () C:\Users\Vincent\AppData\Roaming\csv2qbo.ini
2016-04-17 13:59 - 2016-04-17 13:59 - 0002606 _____ () C:\Users\Vincent\AppData\Roaming\inst.lat
2016-04-17 13:59 - 2016-04-17 14:00 - 0015888 _____ () C:\Users\Vincent\AppData\Roaming\InstallationConfiguration.xml
2016-04-17 13:59 - 2016-04-17 13:59 - 0127488 _____ () C:\Users\Vincent\AppData\Roaming\Installer.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 1626777 _____ () C:\Users\Vincent\AppData\Roaming\Keytough.tst
2016-04-17 14:00 - 2016-04-17 14:00 - 0126464 _____ () C:\Users\Vincent\AppData\Roaming\lobby.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 0018432 _____ () C:\Users\Vincent\AppData\Roaming\Main.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 0005568 _____ () C:\Users\Vincent\AppData\Roaming\md.xml
2016-04-17 14:00 - 2016-04-17 14:00 - 0126464 _____ () C:\Users\Vincent\AppData\Roaming\noah.dat
2016-04-17 14:01 - 2016-04-17 14:01 - 0032038 _____ () C:\Users\Vincent\AppData\Roaming\uninstall_temp.ico
2016-04-18 22:10 - 2016-04-18 22:10 - 0007609 _____ () C:\Users\Vincent\AppData\Local\Resmon.ResmonCfg
2016-04-21 07:55 - 2016-04-21 07:55 - 0000000 _____ () C:\Users\Vincent\AppData\Local\{031882A7-AC6A-4E5F-ACB3-CCE110E223EE}
2016-04-21 07:48 - 2016-04-21 07:48 - 0000000 _____ () C:\Users\Vincent\AppData\Local\{4FD35AF1-5231-4BC2-A674-82659A4E5F73}
2015-10-21 08:25 - 2015-10-21 08:25 - 0000000 _____ () C:\Users\Vincent\AppData\Local\{EE5785E3-F4AD-41BA-BD37-92CDCF53F0A9}
2013-06-22 18:08 - 2013-06-22 18:08 - 5729808 _____ (Dell Click 2 Fix                                            ) C:\ProgramData\Dell Click 2 Fix-64-bit-V2539.exe
2016-01-28 02:27 - 2016-01-28 02:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-10-13 08:53 - 2016-04-14 07:56 - 0000955 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
2015-05-01 10:13 - 2015-05-01 10:13 - 7460708 _____ () C:\ProgramData\SamPCFax0000028C0001
2014-12-11 17:17 - 2014-12-11 17:17 - 3730356 _____ () C:\ProgramData\SamPCFax0000062C0003
2015-05-01 10:21 - 2015-05-01 10:21 - 7460708 _____ () C:\ProgramData\SamPCFax00000BD40003
2014-10-15 07:53 - 2014-10-15 07:53 - 3730356 _____ () C:\ProgramData\SamPCFax000011600001
2013-09-15 14:00 - 2013-09-15 14:00 - 7460708 _____ () C:\ProgramData\SamPCFax0000124C0001
2014-12-11 17:08 - 2014-12-11 17:08 - 3730356 _____ () C:\ProgramData\SamPCFax000015580001
2014-07-23 10:04 - 2014-07-23 10:04 - 3730356 _____ () C:\ProgramData\SamPCFax0000170C0001
2013-09-23 17:18 - 2013-09-23 17:18 - 7460708 _____ () C:\ProgramData\SamPCFax000019480004
2015-05-01 10:14 - 2015-05-01 10:14 - 7460708 _____ () C:\ProgramData\SamPCFax00001CE00002
2013-08-06 10:03 - 2013-08-06 10:03 - 3730356 _____ () C:\ProgramData\SamPCFax00001DCC0001
2014-11-05 11:12 - 2014-11-05 11:12 - 3730356 _____ () C:\ProgramData\SamPCFax000023540001
2013-08-08 08:12 - 2013-08-08 08:12 - 11191060 _____ () C:\ProgramData\SamPCFax000023600001
2013-09-23 17:15 - 2013-09-23 17:15 - 7460708 _____ () C:\ProgramData\SamPCFax000024840001
2014-12-11 17:09 - 2014-12-11 17:09 - 3730356 _____ () C:\ProgramData\SamPCFax000025B40002
2013-09-23 17:15 - 2013-09-23 17:15 - 7460708 _____ () C:\ProgramData\SamPCFax00002CE80002
2013-09-23 17:22 - 2013-09-23 17:22 - 3730356 _____ () C:\ProgramData\SamPCFax00002D500007
2013-09-23 17:20 - 2013-09-23 17:20 - 3730356 _____ () C:\ProgramData\SamPCFax00002EFC0005
2013-07-30 17:14 - 2013-07-30 17:14 - 14921412 _____ () C:\ProgramData\SamPCFax00002F200002
2014-12-24 22:46 - 2014-12-24 22:46 - 7455944 _____ () C:\ProgramData\SamPCFax00002F980004
2013-07-30 17:12 - 2013-07-30 17:12 - 14921412 _____ () C:\ProgramData\SamPCFax000030F80001
2013-09-23 17:18 - 2013-09-23 17:18 - 7460708 _____ () C:\ProgramData\SamPCFax000030F80003
2013-12-25 09:53 - 2013-12-25 09:53 - 3730356 _____ () C:\ProgramData\SamPCFax000031440001
2013-09-23 17:21 - 2013-09-23 17:21 - 3730356 _____ () C:\ProgramData\SamPCFax000032280006
2013-11-27 17:48 - 2013-11-27 17:48 - 3730356 _____ () C:\ProgramData\SamPCFax000038400001
2014-07-20 14:42 - 2014-07-20 14:42 - 11181532 _____ () C:\ProgramData\SamPCFax00003A680001
2013-11-27 17:48 - 2014-07-23 10:04 - 3730356 _____ () C:\ProgramData\SamPCFax00003A9C0002
2015-02-03 17:07 - 2015-02-03 17:07 - 37260648 _____ () C:\ProgramData\SamPCFax0000463C0001
2014-10-27 15:32 - 2014-10-27 15:32 - 3730356 _____ () C:\ProgramData\SamPCFax00005E240003
2014-10-15 09:12 - 2014-10-15 09:12 - 40986236 _____ () C:\ProgramData\SamPCFax000069EC0002
2014-09-02 07:47 - 2014-09-02 07:47 - 3730356 _____ () C:\ProgramData\SamPCFax00006CC80003
2013-02-15 14:22 - 2013-02-15 14:23 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2013-02-15 14:20 - 2013-02-15 14:21 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2013-02-15 14:21 - 2013-02-15 14:21 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2013-02-15 14:20 - 2013-02-15 14:20 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2013-02-15 14:21 - 2013-02-15 14:22 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Files to move or delete:
====================
C:\ProgramData\Dell Click 2 Fix-64-bit-V2539.exe


Some files in TEMP:
====================
C:\Users\Vincent\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-17 03:14

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Vincent (2016-04-22 07:16:55)
Running from C:\Users\Vincent\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-28 13:54:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3762587336-2924527133-2534779374-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3762587336-2924527133-2534779374-503 - Limited - Disabled)
Elizabeth (S-1-5-21-3762587336-2924527133-2534779374-1006 - Limited - Enabled) => C:\Users\Elizabeth
Guest (S-1-5-21-3762587336-2924527133-2534779374-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3762587336-2924527133-2534779374-1011 - Limited - Enabled)
Kiddos (S-1-5-21-3762587336-2924527133-2534779374-1007 - Limited - Enabled) => C:\Users\Kiddos
QBDataServiceUser22 (S-1-5-21-3762587336-2924527133-2534779374-1008 - Limited - Enabled) => C:\Users\QBDataServiceUser22
QBDataServiceUser23 (S-1-5-21-3762587336-2924527133-2534779374-1009 - Limited - Enabled) => C:\Users\QBDataServiceUser23
UpdatusUser (S-1-5-21-3762587336-2924527133-2534779374-1001 - Limited - Enabled) => C:\Users\UpdatusUser
Vincent (S-1-5-21-3762587336-2924527133-2534779374-1005 - Administrator - Enabled) => C:\Users\Vincent

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 13.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
ASUS Wireless Router Device Discovery Utility (HKLM-x32\...\{09CDCA35-23FF-4ED6-AFDA-BBD55235CE4B}) (Version: 1.4.7.1 - ASUS)
AT&T Troubleshoot & Resolve (HKLM-x32\...\ATT-AT&T Troubleshoot & Resolve) (Version: 8.5.1.16 - AT&T)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.341.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
CSV2QBO (HKLM-x32\...\{4103F87C-6832-4F29-A705-BDCE6F89E251}) (Version: 2.2.4.2 - ProperSoft)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell B1265dnf Laser MFP (HKLM-x32\...\Dell B1265dnf Laser MFP) (Version:  - DELL Inc.)
Dell B1265dnf Laser MFP Scan Assistant (x32 Version: 1.04.37.00 - Dell Company, Ltd.) Hidden
Dell B1265dnf Network PC Fax (x32 Version: 1.05.33.00 - Dell Company, Ltd.) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.4 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.4 - Dell Inc.)
Dell KM713 Wireless Keyboard software (HKLM-x32\...\{AF6CD1CF-11E8-4C9F-9644-1A469A499E50}) (Version: 1.0.3.120608 - Dell)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.39 - PC-Doctor, Inc.)
Dell TP713 Gesture Demo (HKLM-x32\...\{FE2E0749-DB22-43F4-8D15-23E70F5C0F80}) (Version: 1.05.0000 - Dell)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DELLOSD (HKLM-x32\...\{C36F2D21-38ED-49DB-8923-9A60EDDEF011}) (Version: 1.0.0.15 - DELL)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 3.2.6032.39 - PC-Doctor, Inc.) Hidden
EPSON Print CD (HKLM-x32\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.60.000 - )
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON R1900 INFORMATION CENTER (HKLM-x32\...\Silent Package Run-Time Sample) (Version:  - )
GacInstall4_2_1_12 (HKLM-x32\...\{4028FC0E-25D8-419D-AC9C-3FBDED33DD56}) (Version: 1.00.0000 - HomeSeer Technologies)
GacInstall4_4_0_3 (HKLM-x32\...\{87D4D62C-2836-4DD8-8B20-FC7E31317CE8}) (Version: 1.00.0000 - HomeSeer Technologies)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Drive (HKLM-x32\...\{B0F1B758-60D6-41F7-93D9-212A448813FE}) (Version: 1.29.1862.0513 - Google, Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoPro Studio 2.5.0 (HKLM-x32\...\GoPro Studio) (Version: 2.5.0 - GoPro, Inc.)
HomeSeer HS3 (HKLM-x32\...\{D8C53F20-5F42-4AE5-AEAA-FB78F163279C}) (Version: 3.0.208 - HomeSeer Technologies LLC)
HomeSeer HSPRO (HKLM-x32\...\{6246AB86-2B41-4F60-95C6-A9C8E74C398A}) (Version: 2.5.49 - HomeSeer Technologies LLC)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
IP Camera (HKLM-x32\...\IP Camera) (Version:  - )
IP Camera Viewer 1.0 (HKLM-x32\...\IP Camera Viewer_is1) (Version:  - DeskShare Inc.)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
LogMeIn (HKLM-x32\...\{CB7AF84A-1B7F-4C6B-8A58-EB7CDE48C23A}) (Version: 4.1.3268 - LogMeIn, Inc.)
LogMeIn Client (HKLM-x32\...\{D2300C4F-CC9B-4D00-BC53-B4C806A6C7AB}) (Version: 1.3.1675 - LogMeIn, Inc.)
maintenance software version 1.0 (HKLM-x32\...\maintenance software_is1) (Version: 1.0 - azec) <==== ATTENTION
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.82 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.82 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
PocketCloud Windows Companion (HKLM-x32\...\{EC67E1FF-4433-4096-A091-CF2828434493}) (Version: 2.5.11 - Wyse Technology)
Polar FlowSync version 2.6.2 (HKLM-x32\...\{A1538F5C-7B65-4DB6-9FFB-FFC0DF2E85D8}_is1) (Version: 2.6.2 - Polar Electro Oy)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.206 - Qualcomm Atheros Communications)
QuickBooks (x32 Version: 23.0.4012.2305 - Intuit Inc.) Hidden
QuickBooks Pro 2013 (HKLM-x32\...\{3C631966-387E-4054-85D9-BBFFABE32BD8}) (Version: 23.0.4006.2305 - Intuit Inc.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Samsung OCR Software (HKLM-x32\...\Samsung OCR Software) (Version: 1.00.05 (7/10/2012) - Samsung Electronics Co., Ltd.)
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version:  - )
Slingplayer for Chrome Installer (x32 Version: 0.0.0.260 - Sling Media) Hidden
SlingPlayer for Web (HKLM-x32\...\{576AB4FA-71CB-4530-9EA2-91308367C169}) (Version: 2.4.0130 - Sling Media)
SlingplayerForChrome (HKLM-x32\...\{0f026812-9e00-4d02-8b54-a9fec3a129e7}) (Version: 0.0.0.260 - Sling Media)
SOS Online Backup (HKLM-x32\...\{0EBBAA0E-A414-4A1F-B2C1-C25875E2DE23}) (Version: 5.15.1.47 - SOS Online Backup, Inc.)
Spotify (HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Spotify) (Version: 1.0.14.124.g4dfabc51 - Spotify AB)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
Unity Web Player (HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
World Of JumpStart (HKLM-x32\...\World Of JumpStart 1.0.0.CL116233) (Version: 1.0.0.CL116233 - Jumpstart)
Yoshimura Air/Fuel Mapper 1.0 (HKLM-x32\...\Air/Fuel Mapper_is1) (Version:  - Yoshimura)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Vincent\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02C84664-2B3C-44DC-9257-D626CCA77310} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {039021CD-34AB-4DA1-911E-E5351078FFFA} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {04080DEC-D3C0-4333-B800-92B8F29F5A1E} - System32\Tasks\SMW_UpdateTask_Time_323636343732313736352d4a555b6c5a5a785745413734 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {0C08EABB-A82A-4BB8-9584-DDB0AE4549D5} - System32\Tasks\SOS Online Backup - allen@cclaw.com => C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe [2014-10-16] (SOS Online Backup)
Task: {11DD5260-71F8-4B9A-B06C-82CC18A8B815} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {11E7FB47-A49C-449D-BB0D-DD9E7F0FABA8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1ACFE892-A56F-4BDE-8EAD-1DADBB0ACABB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2777DF9E-5B36-4218-B1D8-B1F50A41170C} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {278C6491-281D-4F45-8439-8B28834E0649} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {2C8EBC6C-CDFD-4DC2-8E3B-C4A16FAA3E8D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {30F4B430-6A89-4A41-9341-91F8867037D8} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {351FA405-6D67-4E08-897B-A9A6D954041B} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {3DBDB02F-A9AA-4B14-BEC8-2399DAC2C7F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4415CAA5-F271-420D-8BFA-BD0CA5C051C7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4F8FBB90-74DD-455C-87BC-95B49FFB7C34} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-12] (McAfee, Inc.)
Task: {666554C1-D424-409D-B563-BD899C0D78F4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66686BCA-E729-4A9A-8A37-69A9DE5C1518} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {6B0A318E-A984-472F-8996-0DEE7F50C5AF} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-07] (Adobe Systems Incorporated)
Task: {6FA791D5-3F37-46E3-BB69-BCC5B20E33CB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {7184BE7A-A795-42E9-BDA8-BCC1B86D91CF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {726E8540-EE83-4C56-ACDA-07BE1FF5069C} - System32\Tasks\Online Backup Update Notifier => C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe [2014-10-16] (SOS Online Backup)
Task: {7EC412CD-B947-404F-A538-AB381B5F5937} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {859F1AE6-B29C-41CD-B943-075B019B1EDB} - System32\Tasks\IBUpd2 => C:\Users\Vincent\AppData\Local\BrowserAir\47.0.0.5\updater.exe <==== ATTENTION
Task: {93C10030-4272-4313-BF52-16D8B7B45E7B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {9F8034B9-03B7-4B10-AE65-DD6C689E0A0C} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-12] (McAfee, Inc.)
Task: {A1F007E9-6921-4384-9C78-AEDC60ABCC49} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-24] (Dropbox, Inc.)
Task: {A7E5549A-449B-4656-869E-6586391A4EA9} - System32\Tasks\GestureDemo64 => C:\Program Files (x86)\Dell\Dell TP713 Gesture Demo\StringResources.exe [2012-09-20] (DELL)
Task: {AF8E78C3-588D-4199-BE22-55C28A1A4BC3} - System32\Tasks\{82036DB4-31AF-4416-9135-E359CF7B4F1E} => pcalua.exe -a "C:\Program Files (x86)\Common Files\Driptex\uninstall.exe" -c shuz -f "C:\Program Files (x86)\Common Files\Driptex\uninstall.dat" -a uninstallme EF4059C1-33C8-469D-97E3-50977FCEC69C DeviceId=8092ccce-72e8-a28b-599f-b0d7c7866431 BarcodeId=51118003 ChannelId=3 DistributerName=APSFCSDI
Task: {B4F50A3E-C196-4AB3-B913-625C168878C4} - System32\Tasks\Rune Homeseer => C:\Program Files (x86)\HomeSeer HSPRO\HomeSeer.exe [2012-03-14] (HomeSeer Technologies, LLC)
Task: {B6F2DE12-F022-4678-8B1D-2E76670ACD2F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {C0A63D21-EF67-488C-B457-A9C62FB2A97C} - System32\Tasks\{D34B0B9F-C028-43D3-8E15-2BA6BAC3E2AF} => pcalua.exe -a C:\ProgramData\FlashBeat\uninstall.exe
Task: {C4402DEA-A5B2-474F-98CA-C5290F2A0F36} - System32\Tasks\{AD05CC25-04B6-4A89-915E-25109C163394} => pcalua.exe -a D:\Epsetup.exe -d D:\
Task: {CAC351D0-3388-44C6-9CA4-543F731942C9} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {CC524117-5B90-4156-9FD9-79F8C01CD29D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DCA1BF3E-9B74-4BF1-9065-82414EE08F9B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E777E2BA-F243-4467-8CC3-768F64637E2E} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {EC33FC9A-1867-4659-8A99-8B4766A420FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Online Backup Update Notifier.job => C:\Program Files (x86)\SOS Online Backup\SUpdateNotifier.exe
Task: C:\WINDOWS\Tasks\SOS Online Backup - allen@cclaw.com.job => C:\Program Files (x86)\SOS Online Backup\sosuploadagent.exe+ backupnow allen@cclaw.com

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Vincent\Desktop\Download Intel(R) Desktop Utilities.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1460919486&a=1054904&src=sh&uuid=c7f84766-6795-4bcc-93fc-450fa25a00b8"
ShortcutWithArgument: C:\Users\Vincent\Desktop\Download Intel(R) Integrator Assistant.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> "hxxp://trustedsurf.com/?ssid=1460919486&a=1054904&src=sh&uuid=c7f84766-6795-4bcc-93fc-450fa25a00b8"
ShortcutWithArgument: C:\Users\Vincent\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,
ShortcutWithArgument: C:\Users\Vincent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Vincent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,
ShortcutWithArgument: C:\Users\Vincent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Vincent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epc&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,"
ShortcutWithArgument: C:\Users\Vincent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files (x86)\Google\Chrome\application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epc&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:17 - 2015-10-30 02:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-04-17 16:45 - 2016-04-17 16:45 - 03587000 _____ () C:\ProgramData\System32\SafeGuard64.dll
2013-06-22 17:19 - 2011-09-26 23:49 - 00034304 _____ () C:\WINDOWS\System32\sdb4mlm.dll
2013-06-22 17:19 - 2011-09-24 21:24 - 00034304 _____ () C:\WINDOWS\System32\sdb4xlm.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-15 14:19 - 2012-07-12 18:50 - 00122880 ____R () C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe
2013-02-15 14:21 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2012-10-24 11:18 - 2012-10-24 11:18 - 00188928 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
2012-10-24 11:21 - 2012-10-24 11:21 - 00071680 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\ServerNetworkInterface.dll
2012-10-24 11:21 - 2012-10-24 11:21 - 02216448 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\AetherCommLib.dll
2012-10-24 11:21 - 2012-10-24 11:21 - 00078336 _____ () C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseWebServerLib.DLL
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-01-28 02:26 - 2015-07-22 20:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-04-12 16:36 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 16:36 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-28 04:17 - 2016-01-28 04:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-12 16:36 - 2016-04-01 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2010-12-17 18:13 - 2010-12-17 18:13 - 00438784 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 18:13 - 2010-12-17 18:13 - 00050688 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-02-15 14:19 - 2011-08-26 05:37 - 00049152 ____R () C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe
2013-02-15 14:19 - 2012-07-04 17:10 - 00233472 ____R () C:\Program Files (x86)\DELL\DELLOSD\MediaButtons.exe
2013-02-15 14:19 - 2011-10-07 12:57 - 00412672 _____ () C:\Program Files (x86)\DELL\Dell KM713 Wireless Keyboard software\CDCtr.exe
2016-01-28 09:44 - 2016-01-28 09:44 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-28 09:42 - 2016-01-28 09:42 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-01-28 09:35 - 2016-01-28 09:35 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-29 02:09 - 2016-03-29 02:09 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-29 02:09 - 2016-03-29 02:09 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-04 01:31 - 2016-03-04 01:31 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-04-12 16:36 - 2016-04-01 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-12 16:36 - 2016-04-01 21:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-21 07:49 - 2016-04-18 01:21 - 19764296 _____ () C:\Users\Vincent\Desktop\VinnyRog.exe
2016-04-12 16:36 - 2016-04-01 22:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-12 16:36 - 2016-04-01 22:00 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-04-12 16:36 - 2016-04-01 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-30 02:18 - 2015-10-30 02:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-04-17 16:45 - 2016-04-17 16:45 - 02771896 _____ () C:\ProgramData\System32\SafeGuard32.dll
2015-12-07 18:44 - 2015-12-07 18:44 - 00270336 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2015-12-07 18:44 - 2015-12-07 18:44 - 00244736 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\libxmljs\build\Release\xmljs.node
2015-12-07 18:44 - 2015-12-07 18:44 - 00237056 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\ATT\8.5.1.16\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2016-04-17 03:25 - 2016-04-17 03:25 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\fd4c702747e6f7ba0c33c7e635d370a7\PSIClient.ni.dll
2013-02-15 14:14 - 2012-06-26 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2013-02-15 14:19 - 2011-08-22 13:15 - 00028672 _____ () C:\Program Files (x86)\DELL\Dell KM713 Wireless Keyboard software\CDCTR.DLL
2015-12-12 07:40 - 2016-03-21 16:50 - 00034768 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-04-14 22:14 - 2016-03-21 16:51 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-04-14 22:14 - 2016-03-21 16:50 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-12 07:40 - 2016-03-21 16:50 - 00093640 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-12 07:40 - 2016-03-21 16:50 - 00018376 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-12 07:40 - 2016-04-08 13:20 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-04-14 22:14 - 2016-03-21 16:50 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2015-12-12 07:40 - 2016-04-08 13:20 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-12 07:40 - 2016-03-21 16:50 - 00692688 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-12 07:40 - 2016-03-21 16:51 - 00112592 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2015-12-12 07:40 - 2016-04-08 13:20 - 00021840 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2016-04-14 22:14 - 2016-03-21 16:52 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-02-12 02:46 - 2016-04-08 13:20 - 00021832 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_pywin_kernel32_x64d8f881xc8c369be.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00117056 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-12 07:40 - 2016-04-08 13:20 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-12 07:40 - 2016-03-21 16:50 - 00134608 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-04-14 22:14 - 2016-03-21 16:50 - 00134088 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-04-14 22:14 - 2016-03-21 16:51 - 00240584 _____ () C:\Program Files (x86)\Dropbox\Client\jpegtran.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-04-14 22:14 - 2016-03-21 16:52 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-04-14 22:14 - 2016-04-08 13:19 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-04-14 22:14 - 2016-03-11 19:46 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-04-14 22:14 - 2016-04-08 13:19 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-02-12 02:46 - 2016-04-08 13:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-12 02:46 - 2016-04-08 13:20 - 00021824 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32._winffi_kernel32.pyd
2016-02-12 02:46 - 2016-04-08 13:20 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-12 02:46 - 2016-04-08 13:20 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-12 07:40 - 2016-03-21 16:52 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-12 02:46 - 2016-04-08 13:20 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-04-14 22:14 - 2016-04-08 13:19 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-04-14 22:14 - 2016-04-08 13:20 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-12 07:40 - 2016-03-21 16:51 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 03928880 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 01971504 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 00223544 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 00158008 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-04-14 22:14 - 2016-04-08 13:20 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-04-14 22:14 - 2016-03-21 16:54 - 00017864 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2016-04-14 22:14 - 2016-03-21 16:54 - 01631184 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2016-04-14 22:14 - 2016-04-08 13:20 - 00025928 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2015-12-12 07:40 - 2016-04-08 13:20 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2016-01-28 09:44 - 2016-01-28 09:44 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-28 09:44 - 2016-01-28 09:44 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4 [150]
AlternateDataStreams: C:\Users\Elizabeth\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Elizabeth\Desktop\AXOcouture.bmp:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Elizabeth\Desktop\AXOcouture.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Elizabeth\Desktop\CPFAXOcouture.png:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Elizabeth\Desktop\CPFAXOcouture.png:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Elizabeth\Desktop\CPFw9.tiff:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Elizabeth\Desktop\CPFw9.tiff:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Elizabeth\Documents\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Kiddos\Desktop\CopperPennyFilmsOpenHouse.bmp:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Kiddos\Desktop\CopperPennyFilmsOpenHouse.bmp:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\AGcopperpennyfilms.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\AGcopperpennyfilms.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\CopperPennyFilmsW-9.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\CopperPennyFilmsW-9.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\Doc.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\Doc.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\JVPw-9.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\JVPw-9.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\MJF receipt.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\MJF receipt.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\NewVendorSetupJVP.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\NewVendorSetupJVP.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\PCPC-videography agreement.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\PCPC-videography agreement.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]
AlternateDataStreams: C:\Users\Vincent\Desktop\Rental.jpeg:3or4kl4x13tuuug3Byamue2s4b [83]
AlternateDataStreams: C:\Users\Vincent\Desktop\Rental.jpeg:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d} [0]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\logmein.com -> hxxps://secure.logmein.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\Vincent\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\scanned photo-2_edited.jpeg
HKU\S-1-5-21-3762587336-2924527133-2534779374-1009\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Intuit Data Protect.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks_Standard_21.lnk"
HKLM\...\StartupApproved\StartupFolder: => "QuickBooks Update Agent.lnk"
HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run: => "PocketCloud Location"
HKLM\...\StartupApproved\Run: => "LogMeIn GUI"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "Intuit SyncManager"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "GoogleDriveSync"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "iCloudDrive"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "Buzzing Dhol.exe"
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{5FB88073-7E5D-4CBF-9623-4A71AE12DB5E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB5D1975-85CD-4293-A850-A48C2B2248A3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3046D2D-552A-4C0B-ADF8-97EBECF98428}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4B7C03E6-7049-4584-A9A3-2B2FB09B9929}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D1840348-B731-4AC5-B96E-E6FCD93F2FBD}] => (Allow) LPort=5354
FirewallRules: [{A8324C5F-52A1-42A5-86B2-A2A00BFFAF91}] => (Allow) LPort=5354
FirewallRules: [{0462BC32-F110-45DF-B073-434DCC024365}] => (Allow) LPort=5354
FirewallRules: [{6C32665F-6B1D-4504-A770-925855A24504}] => (Allow) LPort=5354
FirewallRules: [{722DEFA6-224C-47A7-A380-E72B4ED5BB5C}] => (Allow) LPort=5354
FirewallRules: [{38EC9F57-8218-44C3-985F-4748924F2F8A}] => (Allow) LPort=5354
FirewallRules: [{7B38EE05-A813-4178-935D-A5DA8EEDB9DB}] => (Allow) LPort=5354
FirewallRules: [{BC08FE01-BAF7-41D8-B79A-DF7BFC759593}] => (Allow) LPort=5354
FirewallRules: [{3B6C52AA-7900-441C-8831-CDBB27628387}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe
FirewallRules: [{9AC33370-A0F5-4F31-B9B7-0971576F9626}] => (Allow) C:\Program Files (x86)\ASUS\Wireless Router\Device Discovery\Discovery.exe
FirewallRules: [{F3F8C9C4-E22F-4A02-9E3A-678E233DA9B5}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{3D389C86-2D5D-44DE-9F55-E19F4CB2315D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{49DB32D4-7931-46DE-9E6B-B1F35D630A6B}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 1.0\IP Camera Viewer.exe
FirewallRules: [{5DFE36E7-0C00-41B4-A5BD-B813631BC019}] => (Allow) C:\Program Files (x86)\Deskshare\IP Camera Viewer 1.0\IP Camera Viewer.exe
FirewallRules: [{15857222-9F05-480B-8CEA-A1DC3991A5E2}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [{BC41C72E-C6A4-4F6D-BB4D-0C28B40C96BB}] => (Allow) D:\RouterSetup\QISWizard.exe
FirewallRules: [{88CA7635-429A-4587-846B-66C694BBA0EB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{40184FFE-64EB-4FDF-9F18-924751684F6D}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{44A4FF56-C8CD-4438-82C5-CC61F07F4908}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
FirewallRules: [{A6D8AFA5-A22A-419E-8D3C-C7B9B6301A31}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{74461E9C-9C5D-4081-846D-96992B3339B0}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
FirewallRules: [{AA8EA859-57AF-4219-BEA7-28E527E93741}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
FirewallRules: [{71FC6F5F-2F83-46E2-A001-0B1616D355BC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{32CA5D08-55C9-4575-AC38-94DB6D74F7E3}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{DD88E4F0-9C08-4058-B903-46FCA6C15EB9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{54781C45-7DF9-408D-BEF6-4CBF46BA4320}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B51FB93E-99A7-42C0-A1DA-AF952CDB5A24}] => (Allow) LPort=2869
FirewallRules: [{253E3FC2-E8D3-44D7-8508-161275556AF4}] => (Allow) LPort=1900
FirewallRules: [{3D3D2E2F-7A6C-479A-AC3C-47471B71B7B4}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{0458D8B7-D285-4ACC-A6F7-9D89CB4FE114}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{BC8A9003-6739-455F-B78A-9C1904DA76A6}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe
FirewallRules: [{1A4EA5C1-1ED7-4421-BC14-46FB04C293AD}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe
FirewallRules: [{6F5F3375-5909-4535-B5D9-D0BC7FB8B8BE}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{C1A49BFD-4558-4488-A818-83A97BE8236E}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudInstallWizard.exe
FirewallRules: [{707B26C1-A79D-4BEE-8F9B-4119E42FB225}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe
FirewallRules: [{8CDAFD3D-899A-4703-A884-1C0547F135D4}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{D13156AA-3087-494A-A012-62A5992E2802}] => (Allow) %systemroot%\system32\alg.exe
FirewallRules: [{6CD42F32-85C1-46C0-9648-E0E5E843A4A1}] => (Allow) LPort=5354
FirewallRules: [{4C3D83D6-1A6D-4E75-B53C-F19C68D9640A}] => (Allow) LPort=5354
FirewallRules: [{7C9176C6-8D6D-44CB-A822-F9F52884DAB0}] => (Allow) LPort=5354
FirewallRules: [{6922BEE8-3F76-40E8-987E-3ADE2C975507}] => (Allow) LPort=5354
FirewallRules: [{27327A1B-BD0A-4181-BA16-442B9CCC8B43}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{0482DBFE-6B43-477E-83C5-7CF4560757EE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3240BEFE-AB67-4FE2-A60C-24F59DA0ED9B}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{3F3929C2-B4C7-40AB-B326-F75667904976}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{BA8E5BA6-92C3-4728-A6A2-C10845EC88B1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{49C7875A-6260-48A4-B9E9-EE83CC2BA667}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{D16762E5-93E6-4DA1-BB0D-297AC2668391}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{2EAA0B5C-EDA7-4E79-A3FB-502241819631}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{16286F85-B4E5-4047-9111-03265F2B24ED}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{2B0ACB4C-2EC1-4E1C-BF6C-7FA30B4A3E9B}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{921AD6E8-1BDD-4E48-8311-89115CA53DAB}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{B14208D3-7DAC-4BD3-A698-F570BC748F63}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{D4BF0E57-2731-432D-8A0B-34B2A41C665B}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
FirewallRules: [{BA6FD257-C835-4F0A-9B72-847E3E507E56}] => (Allow) C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe

==================== Restore Points =========================

21-04-2016 17:20:33 Scheduled Checkpoint

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/22/2016 07:15:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.8185.0, time stamp: 0x56fde130
Faulting module name: SafeGuard64.dll_unloaded, version: 2.2.0.40, time stamp: 0x5683828f
Exception code: 0xc0000005
Fault offset: 0x000000000005827b
Faulting process id: 0x1c60
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (04/22/2016 04:50:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.8185.0, time stamp: 0x56fde130
Faulting module name: SafeGuard64.dll_unloaded, version: 2.2.0.40, time stamp: 0x5683828f
Exception code: 0xc0000005
Fault offset: 0x000000000005827b
Faulting process id: 0x2340
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (04/21/2016 09:53:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.8185.0, time stamp: 0x56fde130
Faulting module name: SafeGuard64.dll_unloaded, version: 2.2.0.40, time stamp: 0x5683828f
Exception code: 0xc0000005
Fault offset: 0x000000000005827b
Faulting process id: 0x2bb8
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (04/21/2016 09:46:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/21/2016 09:46:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/21/2016 09:42:37 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/21/2016 09:42:33 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (04/21/2016 09:39:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 3778

Start Time: 01d19c40206de988

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 70ec3921-0833-11e6-bf00-f4b7e27d82a4

Faulting package full name: 

Faulting package-relative application ID:

Error: (04/21/2016 09:14:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.8185.0, time stamp: 0x56fde130
Faulting module name: SafeGuard64.dll_unloaded, version: 2.2.0.40, time stamp: 0x5683828f
Exception code: 0xc0000005
Fault offset: 0x000000000005827b
Faulting process id: 0x1964
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5

Error: (04/21/2016 05:52:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McUpdate.exe, version: 14.0.8185.0, time stamp: 0x56fde130
Faulting module name: SafeGuard64.dll_unloaded, version: 2.2.0.40, time stamp: 0x5683828f
Exception code: 0xc0000005
Fault offset: 0x000000000005827b
Faulting process id: 0x2dd0
Faulting application start time: 0xMcUpdate.exe0
Faulting application path: McUpdate.exe1
Faulting module path: McUpdate.exe2
Report Id: McUpdate.exe3
Faulting package full name: McUpdate.exe4
Faulting package-relative application ID: McUpdate.exe5


System errors:
=============
Error: (04/22/2016 07:12:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
%%1

Error: (04/22/2016 06:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/22/2016 05:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/22/2016 04:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/22/2016 03:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/22/2016 02:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/22/2016 01:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/22/2016 12:47:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/21/2016 11:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3

Error: (04/21/2016 10:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Search Module Update service failed to start due to the following error: 
%%3


CodeIntegrity:
===================================
  Date: 2016-04-17 14:20:26.357
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-17 03:06:22.684
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-13 04:38:35.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-23 04:32:30.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-11 18:34:02.462
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-04 20:34:54.649
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-29 21:03:08.392
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-26 18:41:59.516
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-12 11:52:34.770
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-02-05 02:36:24.314
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770S CPU @ 3.10GHz
Percentage of memory in use: 50%
Total physical RAM: 8078.84 MB
Available physical RAM: 3984.56 MB
Total Virtual: 16270.84 MB
Available Virtual: 12140.93 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1847.39 GB) (Free:1179.69 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================

 

 

Farbar Service Scanner Version: 27-01-2016
Ran by Vincent (administrator) on 22-04-2016 at 07:22:51
Running from "C:\Users\Vincent\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
There is no connection to network.
Attempt to access Google IP returned error. Google IP is unreachable
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Also, plugged my LAN/internet back in and ran FSS again with these results:

 

Farbar Service Scanner Version: 27-01-2016
Ran by Vincent (administrator) on 22-04-2016 at 07:31:15
Running from "C:\Users\Vincent\Desktop"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...

Next,

Please open Malwarebytes Anti-Malware.
 
  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.


To get the log from Malwarebytes do the following:
 
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options:
    Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
    Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
    XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
     
  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Let me see those logs, after a re-boot is wireless connection ok?

Fixlist.txt

Link to post
Share on other sites

Here are the logs...am able to get on the internet now...

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016
Ran by Vincent (2016-04-24 18:54:05) Run:1
Running from C:\Users\Vincent\Desktop
Loaded Profiles: UpdatusUser & Vincent & Elizabeth & QBDataServiceUser23 (Available Profiles: UpdatusUser & Vincent & Elizabeth & Kiddos & QBDataServiceUser22 & QBDataServiceUser23)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
HKLM\...\RunOnce: [OTUTPRODUCT_MMYIH] => C:\Program Files (x86)\sunnyday\otutnetwork.exe [535040 2016-04-17] (go)
C:\Program Files (x86)\sunnyday
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [Polar FlowSync] => [X]
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\...\Run: [Buzzing Dhol.exe] => C:\WINDOWS\system32\Buzzing Dhol.exe
C:\WINDOWS\system32\Buzzing Dhol.exe
AppInit_DLLs: C:\ProgramData\Tampstring\Findax.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Tampstring\DonFan.dll => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
Winsock: Catalog5 09 C:\ProgramData\System32\SafeGuard32.dll No File 
Winsock: Catalog5-x64 09 C:\ProgramData\System32\SafeGuard64.dll [3587000 2016-04-17] ()
cmd: netsh winsock reset
HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV9ZUwBHEAxAbQlaUwxcFVcRdhQBUQtBDAMVdghcAwpERw0XdB9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJKLl1XFmsUUkBPNEo=&q={searchTerms}
SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV9ZUwBHEAxAbQlaUwxcFVcRdhQBUQtBDAMVdghcAwpERw0XdB9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJKLl1XFmsUUkBPNEo=&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1001 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1001 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> DefaultScope {ielnksrch} URL = hxxp://www-searching.com/search.aspx?s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&site=shyosie&prd=setgo&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> OldSearch URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US977D20150202&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {36E8A3A7-7C91-43DC-901B-F13437FD4752} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {44867325-1F7D-47D4-96FB-262A8E566D48} URL = 
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {5807584B-75B6-465D-88B0-3C4AC684276C} URL = 
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {8B58C4C7-8A59-4270-5F00-126AFC26A846} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {C68B4A17-CB99-46DE-82BE-AA503AF89F44} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfV9ZUwBHEAxAbQlaUwxcFVcRdhQBUQtBDAMVdghcAwpERw0XdB9aFQQTSEcFME0FCFwEURNNfWpdAEsSSWJKLl1XFmsUUkBPNEo=&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3762587336-2924527133-2534779374-1005 -> {ielnksrch} URL = hxxp://www-searching.com/search.aspx?s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&site=shyosie&prd=setgo&q={searchTerms}
BHO-x32: Cash Kitten -> {9ea7bd36-2d13-4df3-837f-7ac273765e7d} -> C:\Program Files (x86)\Cash Kitten\Extensions\9ea7bd36-2d13-4df3-837f-7ac273765e7d.dll => No File
BHO-x32: Search Window Results -> {b278c3a7-9980-475f-9450-95df38c6dcd7} -> C:\Program Files (x86)\Search Window Results\Extensions\b278c3a7-9980-475f-9450-95df38c6dcd7.dll => No File
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&vp=ch&prd=set_ch
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghFIQsBVwhIQhgTIgsNTA0TEwMOeQkKURRHFwMSJFsLVF9JFQEFIk0FA1oDB0VXfV5bFElXTwhwJVhKAlEmSFtHL05qBEoETUFQ"
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,&vp=ch&prd=set_ch"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shyos&prd=set_ch&q={searchTerms}&s=G4HzCSDTN0,d8d36912-d9c8-4080-a532-61baaf440dd1,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Extension: (Search Window Results) - C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmbblmijcengghdnpajfojlplonpeab [2016-04-17] [UpdateUrl: hxxp://cdn.searchwindowresults.com/update] <==== ATTENTION
S4 LMIRfsClientNP; no ImagePath
2016-04-17 14:04 - 2016-04-19 09:49 - 00001800 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-17 14:02 - 2016-04-17 19:46 - 00003328 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\WINDOWS\Book Source
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\ASPackage
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\ProgramData\c940ba21-7dc7-0
2016-04-17 14:02 - 2016-04-17 14:02 - 00000000 ____D C:\ProgramData\c940ba21-2f93-1
2016-04-17 14:01 - 2016-04-18 22:03 - 00000000 ____D C:\Users\Vincent\AppData\Local\BrowserAir
2016-04-17 14:01 - 2016-04-17 14:04 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-04-17 14:01 - 2016-04-17 14:02 - 00000000 ____D C:\Program Files (x86)\Oasis Space
2016-04-17 14:01 - 2016-04-17 14:01 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-04-17 14:01 - 2016-04-17 14:01 - 00002393 _____ C:\WINDOWS\SysWOW64\findit.xml
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\Users\Vincent\AppData\Roaming\XBox
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\Users\UpdatusUser\AppData\Local\Google
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\ProgramData\Tampstrings
2016-04-17 14:01 - 2016-04-17 14:01 - 00000000 ____D C:\Program Files\Gipwerbasdyrjob
2016-04-17 14:00 - 2016-04-18 07:42 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-04-17 14:00 - 2016-04-17 19:44 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-04-17 14:00 - 2016-04-17 14:00 - 06494208 _____ C:\Users\Vincent\AppData\Roaming\agent.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 01626777 _____ C:\Users\Vincent\AppData\Roaming\Keytough.tst
2016-04-17 14:00 - 2016-04-17 14:00 - 00126464 _____ C:\Users\Vincent\AppData\Roaming\noah.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00126464 _____ C:\Users\Vincent\AppData\Roaming\lobby.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00072717 _____ C:\Users\Vincent\AppData\Roaming\AlphaNamhome.tst
2016-04-17 14:00 - 2016-04-17 14:00 - 00065568 _____ C:\Users\Vincent\AppData\Roaming\Config.xml
2016-04-17 14:00 - 2016-04-17 14:00 - 00054272 _____ C:\Users\Vincent\AppData\Roaming\ApplicationHosting.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00018432 _____ C:\Users\Vincent\AppData\Roaming\Main.dat
2016-04-17 14:00 - 2016-04-17 14:00 - 00005568 _____ C:\Users\Vincent\AppData\Roaming\md.xml
2016-04-17 14:00 - 2016-04-17 14:00 - 00000000 ____D C:\WINDOWS\Buzzing Dhol
2016-04-17 14:00 - 2016-04-17 14:00 - 00000000 ____D C:\ProgramData\28341ff220e0446c9fff27c4493d622e
2016-04-17 13:59 - 2016-04-17 16:33 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-04-17 13:59 - 2016-04-17 16:31 - 00000000 ____D C:\Program Files (x86)\sunnyday
2016-04-17 13:59 - 2016-04-17 14:00 - 00015888 _____ C:\Users\Vincent\AppData\Roaming\InstallationConfiguration.xml
2016-04-17 13:59 - 2016-04-17 14:00 - 00000000 ____D C:\Program Files\Windows Screen Manager
2016-04-17 13:59 - 2016-04-17 13:59 - 00127488 _____ C:\Users\Vincent\AppData\Roaming\Installer.dat
2016-04-17 13:59 - 2016-04-17 13:59 - 00002606 _____ C:\Users\Vincent\AppData\Roaming\inst.lat
2016-04-17 13:59 - 2016-04-17 13:59 - 00000034 ___SH C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE}
C:\ProgramData\Dell Click 2 Fix-64-bit-V2539.exe
C:\Users\Vincent\AppData\Local\Temp\dllnt_dump.dll 
Task: {039021CD-34AB-4DA1-911E-E5351078FFFA} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {04080DEC-D3C0-4333-B800-92B8F29F5A1E} - System32\Tasks\SMW_UpdateTask_Time_323636343732313736352d4a555b6c5a5a785745413734 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {11E7FB47-A49C-449D-BB0D-DD9E7F0FABA8} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {1ACFE892-A56F-4BDE-8EAD-1DADBB0ACABB} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2777DF9E-5B36-4218-B1D8-B1F50A41170C} - \PCDoctorBackgroundMonitorTask -> No File <==== ATTENTION
Task: {2C8EBC6C-CDFD-4DC2-8E3B-C4A16FAA3E8D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-URT -> No File <==== ATTENTION
Task: {3DBDB02F-A9AA-4B14-BEC8-2399DAC2C7F6} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {4415CAA5-F271-420D-8BFA-BD0CA5C051C7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {666554C1-D424-409D-B563-BD899C0D78F4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66686BCA-E729-4A9A-8A37-69A9DE5C1518} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {666554C1-D424-409D-B563-BD899C0D78F4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {66686BCA-E729-4A9A-8A37-69A9DE5C1518} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {CC524117-5B90-4156-9FD9-79F8C01CD29D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DCA1BF3E-9B74-4BF1-9065-82414EE08F9B} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {E777E2BA-F243-4467-8CC3-768F64637E2E} - \PCDEventLauncher -> No File <==== ATTENTION
Task: {EC33FC9A-1867-4659-8A99-8B4766A420FC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION 
CMD: ipconfig /flushdns
EmptyTemp:
Hosts:
end

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\OTUTPRODUCT_MMYIH => value not found.
C:\Program Files (x86)\sunnyday => moved successfully
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Polar FlowSync => value removed successfully
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Run\\Buzzing Dhol.exe => value removed successfully
"C:\WINDOWS\system32\Buzzing Dhol.exe" => not found.
"C:\ProgramData\Tampstring\Findax.dll" => Value data removed successfully.
"C:\ProgramData\Tampstring\DonFan.dll" => Value data removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000009" => key removed successfully
"HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000009" => key removed successfully

=========  netsh winsock reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value not found.
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found. 
HKCR\CLSID\{ielnksrch} => key not found. 
HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found. 
"HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{36E8A3A7-7C91-43DC-901B-F13437FD4752}" => key removed successfully
HKCR\CLSID\{36E8A3A7-7C91-43DC-901B-F13437FD4752} => key not found. 
"HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{44867325-1F7D-47D4-96FB-262A8E566D48}" => key removed successfully
HKCR\CLSID\{44867325-1F7D-47D4-96FB-262A8E566D48} => key not found. 
"HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{5807584B-75B6-465D-88B0-3C4AC684276C}" => key removed successfully
HKCR\CLSID\{5807584B-75B6-465D-88B0-3C4AC684276C} => key not found. 
"HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8B58C4C7-8A59-4270-5F00-126AFC26A846}" => key removed successfully
HKCR\CLSID\{8B58C4C7-8A59-4270-5F00-126AFC26A846} => key not found. 
"HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C68B4A17-CB99-46DE-82BE-AA503AF89F44}" => key removed successfully
HKCR\CLSID\{C68B4A17-CB99-46DE-82BE-AA503AF89F44} => key not found. 
"HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ea7bd36-2d13-4df3-837f-7ac273765e7d}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{9ea7bd36-2d13-4df3-837f-7ac273765e7d}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b278c3a7-9980-475f-9450-95df38c6dcd7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{b278c3a7-9980-475f-9450-95df38c6dcd7}" => key removed successfully
Chrome HomePage => removed successfully
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijmbblmijcengghdnpajfojlplonpeab <==== ATTENTION => not found
LMIRfsClientNP => service removed successfully
C:\Users\Public\Desktop\MPC Cleaner.lnk => moved successfully
C:\WINDOWS\System32\Tasks\IBUpd2 => moved successfully
C:\WINDOWS\Book Source => moved successfully
C:\Users\Vincent\AppData\Roaming\ASPackage => moved successfully
C:\ProgramData\c940ba21-7dc7-0 => moved successfully
C:\ProgramData\c940ba21-2f93-1 => moved successfully
C:\Users\Vincent\AppData\Local\BrowserAir => moved successfully

"C:\Program Files (x86)\MPC Cleaner" folder move:

Could not move "C:\Program Files (x86)\MPC Cleaner" => Scheduled to move on reboot.

C:\Program Files (x86)\Oasis Space => moved successfully
Could not move "C:\WINDOWS\system32\Drivers\MPCKpt.sys" => Scheduled to move on reboot.
C:\WINDOWS\SysWOW64\findit.xml => moved successfully

"C:\Users\Vincent\AppData\Roaming\XBox" folder move:

Could not move "C:\Users\Vincent\AppData\Roaming\XBox" => Scheduled to move on reboot.

C:\Users\UpdatusUser\AppData\Local\Google => moved successfully
C:\ProgramData\Tampstrings => moved successfully
C:\Program Files\Gipwerbasdyrjob => moved successfully
C:\ProgramData\CloudPrinter => moved successfully
C:\WINDOWS\rsrcs.dll => moved successfully
C:\Users\Vincent\AppData\Roaming\agent.dat => moved successfully
C:\Users\Vincent\AppData\Roaming\Keytough.tst => moved successfully
C:\Users\Vincent\AppData\Roaming\noah.dat => moved successfully
C:\Users\Vincent\AppData\Roaming\lobby.dat => moved successfully
C:\Users\Vincent\AppData\Roaming\AlphaNamhome.tst => moved successfully
C:\Users\Vincent\AppData\Roaming\Config.xml => moved successfully
C:\Users\Vincent\AppData\Roaming\ApplicationHosting.dat => moved successfully
C:\Users\Vincent\AppData\Roaming\Main.dat => moved successfully
C:\Users\Vincent\AppData\Roaming\md.xml => moved successfully
C:\WINDOWS\Buzzing Dhol => moved successfully
C:\ProgramData\28341ff220e0446c9fff27c4493d622e => moved successfully
C:\Program Files (x86)\Max Driver Updater => moved successfully
"C:\Program Files (x86)\sunnyday" => not found.
C:\Users\Vincent\AppData\Roaming\InstallationConfiguration.xml => moved successfully
C:\Program Files\Windows Screen Manager => moved successfully
C:\Users\Vincent\AppData\Roaming\Installer.dat => moved successfully
C:\Users\Vincent\AppData\Roaming\inst.lat => moved successfully
C:\Users\Public\Documents\{DE764086-1C0A-4DD3-90BA-0B93BDD794BE} => moved successfully
C:\ProgramData\Dell Click 2 Fix-64-bit-V2539.exe => moved successfully
C:\Users\Vincent\AppData\Local\Temp\dllnt_dump.dll => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{039021CD-34AB-4DA1-911E-E5351078FFFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{039021CD-34AB-4DA1-911E-E5351078FFFA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04080DEC-D3C0-4333-B800-92B8F29F5A1E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04080DEC-D3C0-4333-B800-92B8F29F5A1E}" => key removed successfully
C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_323636343732313736352d4a555b6c5a5a785745413734 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_323636343732313736352d4a555b6c5a5a785745413734" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{11E7FB47-A49C-449D-BB0D-DD9E7F0FABA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11E7FB47-A49C-449D-BB0D-DD9E7F0FABA8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1ACFE892-A56F-4BDE-8EAD-1DADBB0ACABB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1ACFE892-A56F-4BDE-8EAD-1DADBB0ACABB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2777DF9E-5B36-4218-B1D8-B1F50A41170C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2777DF9E-5B36-4218-B1D8-B1F50A41170C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C8EBC6C-CDFD-4DC2-8E3B-C4A16FAA3E8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C8EBC6C-CDFD-4DC2-8E3B-C4A16FAA3E8D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-URT" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DBDB02F-A9AA-4B14-BEC8-2399DAC2C7F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DBDB02F-A9AA-4B14-BEC8-2399DAC2C7F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4415CAA5-F271-420D-8BFA-BD0CA5C051C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4415CAA5-F271-420D-8BFA-BD0CA5C051C7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{666554C1-D424-409D-B563-BD899C0D78F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{666554C1-D424-409D-B563-BD899C0D78F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66686BCA-E729-4A9A-8A37-69A9DE5C1518}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66686BCA-E729-4A9A-8A37-69A9DE5C1518}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{666554C1-D424-409D-B563-BD899C0D78F4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66686BCA-E729-4A9A-8A37-69A9DE5C1518} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC524117-5B90-4156-9FD9-79F8C01CD29D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC524117-5B90-4156-9FD9-79F8C01CD29D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DCA1BF3E-9B74-4BF1-9065-82414EE08F9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DCA1BF3E-9B74-4BF1-9065-82414EE08F9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E777E2BA-F243-4467-8CC3-768F64637E2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E777E2BA-F243-4467-8CC3-768F64637E2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncher" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC33FC9A-1867-4659-8A99-8B4766A420FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC33FC9A-1867-4659-8A99-8B4766A420FC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully

=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

Hosts restored successfully.
EmptyTemp: => 791 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-24 19:22:37)

"C:\Program Files (x86)\MPC Cleaner" => Could not move
"C:\WINDOWS\system32\Drivers\MPCKpt.sys" => Could not move
"C:\Users\Vincent\AppData\Roaming\XBox" => Could not move

==== End of Fixlog 19:22:44 ====

 

# AdwCleaner v5.113 - Logfile created 24/04/2016 at 19:34:40
# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Vincent - STUDY-PC
# Running from : C:\Users\Vincent\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
[-] Service Deleted : CloudPrinter

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\Conduit
[-] Folder Deleted : C:\ProgramData\SearchModule
[#] Folder Deleted : C:\ProgramData\Application Data\Conduit
[#] Folder Deleted : C:\ProgramData\Application Data\SearchModule
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\PassShow
[-] Folder Deleted : C:\WINDOWS\SysWOW64\SearchProtect
[-] Folder Deleted : C:\Users\Vincent\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Vincent\AppData\Local\NativeMessaging
[-] Folder Deleted : C:\Users\Vincent\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
[-] Folder Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihdceheklapbalfikfdppfpgdgabaglp
[-] Folder Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Extensions\ihncljabjemfknlkjmhcmhlajcnigaik

***** [ Files ] *****

[-] File Deleted : C:\END
[-] File Deleted : C:\Users\Public\Desktop\MPC Cleaner.lnk
[-] File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihncljabjemfknlkjmhcmhlajcnigaik_0.localstorage
[-] File Deleted : C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ihncljabjemfknlkjmhcmhlajcnigaik_0.localstorage-journal
[#] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : IBUpd2

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Value Deleted : HKCU\Environment [SNF]
[-] Value Deleted : HKCU\Environment [SNP]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3306061
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ihdceheklapbalfikfdppfpgdgabaglp
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ihdceheklapbalfikfdppfpgdgabaglp
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKCU\Software\TutoTag
[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT
[-] Key Deleted : HKCU\Software\MICROSOFT\IDSC
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
[-] Key Deleted : HKCU\Software\AppDataLow\Software\PassShow
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search module
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{2B0ACB4C-2EC1-4E1C-BF6C-7FA30B4A3E9B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{921AD6E8-1BDD-4E48-8311-89115CA53DAB}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{B14208D3-7DAC-4BD3-A698-F570BC748F63}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{D4BF0E57-2731-432D-8A0B-34B2A41C665B}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{BA6FD257-C835-4F0A-9B72-847E3E507E56}]
[-] Value Deleted : HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Buzzing Dhol.exe]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5529 bytes] - [24/04/2016 19:34:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [6707 bytes] - [24/04/2016 19:27:21]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5675 bytes] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/24/2016
Scan Time: 7:41 PM
Logfile: Malewarebytes.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.25.01
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Vincent

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 652678
Time Elapsed: 51 min, 34 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 7
Trojan.FakeMS, C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe, 3448, Delete-on-Reboot, [c93c8132a3f61a1c1173a773b44e21df]
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, 3492, Delete-on-Reboot, [18eda0134356a39374cbdd1aa45d9070]
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, 6572, Delete-on-Reboot, [bd48e0d35148112549f68a6d04fd17e9]
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe, 8048, Delete-on-Reboot, [ce379b18aaefc175e15e9e59f40d6e92]
PUP.Optional.WindowsSecurity.PrxySvrRST, C:\ProgramData\Windows Security\winsecurity.exe, 3576, Delete-on-Reboot, [55b03a79d8c1231396fa48f2897a7987]
PUP.Optional.SafeGuard.ChrPRST, C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe, 3448, Delete-on-Reboot, [7f86d4dfb0e96ec81a8e46f9857e44bc]
PUP.Optional.SkypeUpdateEx.PrxySvrRST, C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe, 3500, Delete-on-Reboot, [02035c57a4f51422f114644722e2b24e]

Modules: 35
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [1bea9122eeabb87e7cc39c5bc53cb24e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [1bea9122eeabb87e7cc39c5bc53cb24e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Delete-on-Reboot, [2adbdcd73762c96d073848afaa5748b8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [5aab476c38616bcba798c63150b1af51], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [5aab476c38616bcba798c63150b1af51], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [32d3d5de92073ef8c17e5d9a8d74d729], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [32d3d5de92073ef8c17e5d9a8d74d729], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, Delete-on-Reboot, [38cd1c97940506301f2031c69c656997], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, Delete-on-Reboot, [36cf23900297053181be857238c915eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, Delete-on-Reboot, [3dc8466d792096a0142b896ed22f10f0], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, Delete-on-Reboot, [75902e850594999df946d522669bd729], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, Delete-on-Reboot, [0df8d6ddaaef2f0766d9e413aa57c739], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, Delete-on-Reboot, [8d78bff420798bab6ed1768110f13fc1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, Delete-on-Reboot, [34d12b8879209b9bbe81a651956c39c7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, Delete-on-Reboot, [d035c5ee1d7cb38394ab44b3827f52ae], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, Delete-on-Reboot, [3bca40737d1c82b4ca75bf385da437c9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, Delete-on-Reboot, [a95c8132a5f471c577c809ee6d94e719], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [3dc88f24e5b4261049f6f9fe0bf69868], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinApi.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinUsbApi.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AndriodServer.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 

Registry Keys: 52
Trojan.FakeMS, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBox, Quarantined, [c93c8132a3f61a1c1173a773b44e21df], 
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCProtectService, Delete-on-Reboot, [18eda0134356a39374cbdd1aa45d9070], 
Trojan.SafeGuard, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\egg_protect, Quarantined, [cf366152851489ad759fe547768c31cf], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{0292ec78-0678-4ae2-bfea-138097d7b70d}, Quarantined, [23e281321f7a5adcb96f42833dc59e62], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0292EC78-0678-4AE2-BFEA-138097D7B70D}, Quarantined, [23e281321f7a5adcb96f42833dc59e62], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{0292EC78-0678-4AE2-BFEA-138097D7B70D}, Quarantined, [23e281321f7a5adcb96f42833dc59e62], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{0cf3be96-d023-4f0e-bcab-0bf8ac78f706}, Quarantined, [dd283e753465d95d9495dfe6e51dbd43], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{0CF3BE96-D023-4F0E-BCAB-0BF8AC78F706}, Quarantined, [dd283e753465d95d9495dfe6e51dbd43], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{0CF3BE96-D023-4F0E-BCAB-0BF8AC78F706}, Quarantined, [dd283e753465d95d9495dfe6e51dbd43], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{a06deb06-a11f-4b8e-92a0-24792bcc7372}, Quarantined, [46bfb8fb5445ac8a59c313b2847e55ab], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{A06DEB06-A11F-4B8E-92A0-24792BCC7372}, Quarantined, [46bfb8fb5445ac8a59c313b2847e55ab], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{A06DEB06-A11F-4B8E-92A0-24792BCC7372}, Quarantined, [46bfb8fb5445ac8a59c313b2847e55ab], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{bb311e82-638e-4689-b39a-beafc11e3575}, Quarantined, [f3121a99f4a54beb33eb8144a35f768a], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{BB311E82-638E-4689-B39A-BEAFC11E3575}, Quarantined, [f3121a99f4a54beb33eb8144a35f768a], 
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{BB311E82-638E-4689-B39A-BEAFC11E3575}, Quarantined, [f3121a99f4a54beb33eb8144a35f768a], 
PUP.Optional.TaskRNDM, HKU\S-1-5-21-3762587336-2924527133-2534779374-1007\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [f80d248f8019f640176e8d63bc46b848], 
PUP.Optional.TaskRNDM, HKU\S-1-5-21-3762587336-2924527133-2534779374-1007\SOFTWARE\APPDATALOW\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}, Quarantined, [f80d248f8019f640176e8d63bc46b848], 
PUP.Optional.PassShow, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2D661E5B-7D7A-417C-B5B5-6479017BB314}, Quarantined, [9174971c44551125b7161fcd0200a060], 
PUP.Optional.PassShow, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2D661E5B-7D7A-417C-B5B5-6479017BB314}, Quarantined, [9174971c44551125b7161fcd0200a060], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9EA7BD36-2D13-4DF3-837F-7AC273765E7D}, Quarantined, [b5509a19a6f37eb80d1d7a4b14ee27d9], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9EA7BD36-2D13-4DF3-837F-7AC273765E7D}, Quarantined, [b5509a19a6f37eb80d1d7a4b14ee27d9], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B278C3A7-9980-475F-9450-95DF38C6DCD7}, Quarantined, [6d98a50ecdcc4de988954481bb47bc44], 
PUP.Optional.Yontoo, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B278C3A7-9980-475F-9450-95DF38C6DCD7}, Quarantined, [6d98a50ecdcc4de988954481bb47bc44], 
Trojan.SafeGuard.WnskRST, HKLM\SOFTWARE\CLASSES\TYPELIB\{60611410-B0BF-47B7-8D8B-481F2A1FA4A6}, Quarantined, [af56615274253204b8b38079827fd12f], 
Trojan.SafeGuard.WnskRST, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{60611410-B0BF-47B7-8D8B-481F2A1FA4A6}, Quarantined, [af56615274253204b8b38079827fd12f], 
Trojan.SafeGuard.WnskRST, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{60611410-B0BF-47B7-8D8B-481F2A1FA4A6}, Quarantined, [af56615274253204b8b38079827fd12f], 
PUP.Optional.Tuto4PC, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\maintenance software_is1, Quarantined, [07feb6fd2f6af93d45c9e04145bdea16], 
PUP.Optional.WindowsSecurity.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsSecurity, Quarantined, [55b03a79d8c1231396fa48f2897a7987], 
PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBox, Quarantined, [7f86d4dfb0e96ec81a8e46f9857e44bc], 
PUP.Optional.SafeGuard.WnskRST, HKLM\SOFTWARE\CLASSES\TYPELIB\{60611410-B0BF-47B7-8D8B-481F2A1FA4A6}, Quarantined, [b94cb102abee34029914df600102af51], 
PUP.Optional.SafeGuard.WnskRST, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{60611410-B0BF-47B7-8D8B-481F2A1FA4A6}, Quarantined, [b94cb102abee34029914df600102af51], 
PUP.Optional.SafeGuard.WnskRST, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{60611410-B0BF-47B7-8D8B-481F2A1FA4A6}, Quarantined, [b94cb102abee34029914df600102af51], 
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SkypeUpdateEx, Quarantined, [02035c57a4f51422f114644722e2b24e], 
PUP.Optional.VBates.Gen, HKLM\SOFTWARE\GIPWERBASDYRJOB, Quarantined, [6f968e25bcddcf67ea7f8c25ef15fa06], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\mtTampstring, Quarantined, [3ec7e8cb871266d04aa67a346c983ec2], 
PUP.Optional.VBates.Gen, HKLM\SOFTWARE\WOW6432NODE\GIPWERBASDYRJOB, Quarantined, [ff06a60d425789ad6efb9b1654b010f0], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3306061, Quarantined, [2bdabcf77e1bdc5aea43c97e699a7090], 
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SILENTPROCESSEXIT\Tampstring.exe, Quarantined, [9273694a3b5e44f26f8046688c7828d8], 
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC, Delete-on-Reboot, [6f967b38f4a5c5714684a1073dc7619f], 
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\SKYPEUPDATEEX, Quarantined, [8d78248fd4c537ff877f3d6e5aaaef11], 
PUP.Optional.EProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\egg_protect, Quarantined, [71947d36c5d41b1bf71d555ca95be51b], 
PUP.Optional.Linkury.ACMB1, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\Application Hosting, Quarantined, [33d2852e168365d140d5baf4dd27d828], 
PUP.Optional.ProntSpooler, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ProntSpooler, Quarantined, [21e4e0d3a5f42d09fe1dfbb57f8503fd], 
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT, Delete-on-Reboot, [df26328184158caa19b225838282639d], 
PUP.Optional.Linkury, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, Quarantined, [897cc7ecf7a2ff374957a60519eb758b], 
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\SYSTEM HEALER, Quarantined, [0df8c5ee8d0cee489bf59af6659f51af], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3306061, Quarantined, [18ed248fc0d9a2947fa990b77b8845bb], 
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CHCT3306061, Quarantined, [c93c922111884beb881816fc5ca8ee12], 
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1006\SOFTWARE\SYSTEM HEALER, Quarantined, [0bfa1b981c7d0333ddb3048cda2a37c9], 
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1007\SOFTWARE\SYSTEM HEALER, Quarantined, [d92cad065d3c0e28028e018feb19ba46], 
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1008\SOFTWARE\SYSTEM HEALER, Quarantined, [937205aecbce35012e623e520ef66c94], 
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1009\SOFTWARE\SYSTEM HEALER, Quarantined, [f90ccde6badf65d17719622e92727090], 

Registry Values: 27
PUP.Optional.VBates.Gen, HKLM\SOFTWARE\Gipwerbasdyrjob|installer_name, vbates_brwyusex-00-Brodyone_.exe, Quarantined, [6f968e25bcddcf67ea7f8c25ef15fa06]
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [da2b0ba86633fa3ca9b8d092a55f956b]
PUP.Optional.VBates.Gen, HKLM\SOFTWARE\WOW6432NODE\Gipwerbasdyrjob|installer_name, vbates_brwyusex-00-Brodyone_.exe, Quarantined, [ff06a60d425789ad6efb9b1654b010f0]
PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}, Quarantined, [ff062d86594071c5e8491d1d976c03fd]
PUP.Optional.DeskTopPlay, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|dply_en_015020301, Quarantined, [8b7ad5de3267a88ec776f06b947004fc], 
PUP.Optional.MorePowerfulCleaner, HKLM\SOFTWARE\WOW6432NODE\MPC|Location, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [6f967b38f4a5c5714684a1073dc7619f]
PUP.Optional.SkypeUpdateEx.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\SKYPEUPDATEEX|channel, egg7, Quarantined, [8d78248fd4c537ff877f3d6e5aaaef11]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCKPT|Description, MPC Driver, Delete-on-Reboot, [df26328184158caa19b225838282639d]
PUP.Optional.MorePowerfulCleaner, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MPCPROTECTSERVICE|ImagePath, "C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe", Delete-on-Reboot, [39cc2f8420793df935759f0ae61e4eb2]
PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SKYPEUPDATEEX|ImagePath, C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe, Quarantined, [46bf773cd6c32a0cd5d4b08f7d866a96]
PUP.Optional.WindowsSecurity.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WINDOWSSECURITY|ImagePath, C:\ProgramData\Windows Security\winsecurity.exe, Quarantined, [a164c1f2dabf73c3b7db033724dfab55]
PUP.Optional.SafeGuard.ChrPRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\XBOX|ImagePath, C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe, Quarantined, [867f1a99cfcaa78fd9d1b88743c0be42]
PUP.Optional.Linkury, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, Quarantined, [897cc7ecf7a2ff374957a60519eb758b]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}, Quarantined, [07fe842fc1d8da5c2d24921c3cc88779]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}, Quarantined, [49bc7241b8e176c0361cf9b554b0a55b]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, Quarantined, [0df8c5ee8d0cee489bf59af6659f51af]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, Quarantined, [31d404af70290d2997f960305ba9a15f]
PUP.Optional.Yontoo, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [b5508e25badf4fe7960e3d249a6ae917]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}, Quarantined, [e52012a170294cea71e18a2435cfae52]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1006\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, Quarantined, [0bfa1b981c7d0333ddb3048cda2a37c9]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1006\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, Quarantined, [5fa6743ff6a3162093fd513f40c404fc]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1007\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, Quarantined, [d92cad065d3c0e28028e018feb19ba46]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1007\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, Quarantined, [ea1ba112a1f880b6bad61b75da2a916f]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1008\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, Quarantined, [937205aecbce35012e623e520ef66c94]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1008\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, Quarantined, [52b341725d3cb383e3adf898de262bd5]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1009\SOFTWARE\SYSTEM HEALER|HomePage, http://systemhealer.com/, Quarantined, [f90ccde6badf65d17719622e92727090]
PUP.Optional.SystemHealer, HKU\S-1-5-21-3762587336-2924527133-2534779374-1009\SOFTWARE\SYSTEM HEALER|SupportPage, http://systemhealer.com/support/#contact, Quarantined, [986d6350c6d3270f2e62018f5fa56c94]

Registry Data: 4
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}),Replaced,[1de85e55dcbd082e6775182f4bba9070]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}),Replaced,[1bea5f541b7e7abc09d4b6919471867a]
PUP.Optional.Linkury, HKU\S-1-5-21-3762587336-2924527133-2534779374-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),Replaced,[bb4a91224b4e8ea8597950f729dc5da3]
PUP.Optional.Linkury.ACMB1, HKU\S-1-5-21-3762587336-2924527133-2534779374-1005\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBFog82AJz1-QwRvKiFdXd7fHNODDBsvqDMAihqxnEVs84HRGCsawmzuwLLGRHdK2j4IeQX275KLvYEqrNYcChBOGKyvX8gDq5TKBqfLUK_j-1eSuXOV7F2rHCVpAtbAlbXOczrcljJJh7PwvsLI4xjaGa5UVVUjTLkk4EBoZzPAfPU3rLMmw,,&q={searchTerms}),Replaced,[f80d8033adec66d01fbe3c0b19ec6b95]

Folders: 29
PUP.Optional.WindowsSecurity.PrxySvrRST, C:\ProgramData\Windows Security, Delete-on-Reboot, [55b03a79d8c1231396fa48f2897a7987], 
PUP.Optional.SafeGuard.ChrPRST, C:\Users\Vincent\AppData\Roaming\XBox, Delete-on-Reboot, [7f86d4dfb0e96ec81a8e46f9857e44bc], 
PUP.Optional.SafeGuard.WnskRST, C:\ProgramData\System32, Quarantined, [b94cb102abee34029914df600102af51], 
PUP.Optional.ConduitTB.Gen, C:\Users\Vincent\AppData\Local\CRE, Quarantined, [9075c5eecccd95a1514d4304c83bca36], 
PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC, Quarantined, [0005941f6b2e8aac9c65029fa85c0ef2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.SkypeUpdateEx.PrxySvrRST, C:\Program Files (x86)\SkypeUpdateEx, Delete-on-Reboot, [02035c57a4f51422f114644722e2b24e], 
PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive\Egg, Quarantined, [0401b4ff4a4fd462aa27238bbd4748b8], 
PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive, Quarantined, [0401b4ff4a4fd462aa27238bbd4748b8], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Tuto4PC, C:\Users\Vincent\AppData\Local\tuto_monetize_220160418, Quarantined, [0203c3f071281026233cc970719249b7], 
PUP.Optional.Tuto4PC, C:\Users\Vincent\AppData\Local\tuto_monetize_220160418\tuto_monetize_220160418, Quarantined, [0203c3f071281026233cc970719249b7], 
PUP.Optional.Tuto4PC, C:\Users\Vincent\AppData\Local\tuto_monetize_220160418\tuto_monetize_220160418\1.10, Quarantined, [0203c3f071281026233cc970719249b7], 

Files: 217
PUP.Optional.MorePowerfulCleaner, C:\WINDOWS\SYSTEM32\drivers\MPCKpt.sys, Delete-on-Reboot, [b66a551d00e41d5416f4cb5497926238], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll.dll, Delete-on-Reboot, [cf36b8fb8019bf7787b831c636cb8b75], 
Trojan.FakeMS, C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe, Delete-on-Reboot, [c93c8132a3f61a1c1173a773b44e21df], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe, Delete-on-Reboot, [18eda0134356a39374cbdd1aa45d9070], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LpcManager.dll, Delete-on-Reboot, [1bea9122eeabb87e7cc39c5bc53cb24e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\WinService.dll, Delete-on-Reboot, [2adbdcd73762c96d073848afaa5748b8], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XProcessBus.dll, Delete-on-Reboot, [5aab476c38616bcba798c63150b1af51], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Report.dll, Delete-on-Reboot, [32d3d5de92073ef8c17e5d9a8d74d729], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray.exe, Delete-on-Reboot, [bd48e0d35148112549f68a6d04fd17e9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XBus.dll, Delete-on-Reboot, [38cd1c97940506301f2031c69c656997], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\TrayFrame.dll, Delete-on-Reboot, [36cf23900297053181be857238c915eb], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Monitor.dll, Delete-on-Reboot, [3dc8466d792096a0142b896ed22f10f0], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Database.dll, Delete-on-Reboot, [75902e850594999df946d522669bd729], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\LogReport.dll, Delete-on-Reboot, [0df8d6ddaaef2f0766d9e413aa57c739], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\BrowserPlugIn.dll, Delete-on-Reboot, [8d78bff420798bab6ed1768110f13fc1], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Cleaner.dll, Delete-on-Reboot, [34d12b8879209b9bbe81a651956c39c7], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeProtect.dll, Delete-on-Reboot, [d035c5ee1d7cb38394ab44b3827f52ae], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Update.dll, Delete-on-Reboot, [3bca40737d1c82b4ca75bf385da437c9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Web.dll, Delete-on-Reboot, [a95c8132a5f471c577c809ee6d94e719], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi.dll, Delete-on-Reboot, [3dc88f24e5b4261049f6f9fe0bf69868], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe, Delete-on-Reboot, [ce379b18aaefc175e15e9e59f40d6e92], 
Trojan.SafeGuard, C:\Windows\EProtect_amd64.sys, Delete-on-Reboot, [cf366152851489ad759fe547768c31cf], 
Trojan.SafeGuard.WnskRST, C:\ProgramData\RogueKiller\Quarantine\1AE939FFBDC4A028.vir, Quarantined, [7194367d89106ec83d2eb44570918b75], 
Trojan.SafeGuard.WnskRST, C:\ProgramData\System32\SafeGuard32.dll, Quarantined, [af56615274253204b8b38079827fd12f], 
Trojan.ExpressDownloader, C:\Users\Vincent\AppData\Roaming\CyberLink\Power2Go8\8.0\Temp\yamaha-pw-50-shop-manual.exe, Quarantined, [b84dab08e0b980b6ea77264225e0cc34], 
PUP.Optional.EoRezo, C:\Program Files (x86)\maintenance software\comowin.exe, Quarantined, [778efbb8badf2214b542a08b5da57888], 
PUP.Optional.Tuto4PC, C:\Program Files (x86)\maintenance software\unins000.exe, Quarantined, [07feb6fd2f6af93d45c9e04145bdea16], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MpcSafeDll64.dll, Delete-on-Reboot, [2dd8862d13861a1c1b24cd2aa1606898], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MainFrame.dll, Quarantined, [42c307ac00997fb73c038e69c43d47b9], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPC.exe, Quarantined, [c83d743fd8c13501d96675820df44eb2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCAutoClean.exe, Quarantined, [788d5261c3d641f50d32ee0959a86d93], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCNews.exe, Quarantined, [8085c8eb821725112619f1061fe2a45c], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCSecurity.exe, Quarantined, [17eed6dddcbd82b4e35c2acd25dcdc24], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\MPCSetting.exe, Quarantined, [f90ce6cd13863afc37083fb8af52b14f], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SafeNavi64.dll, Delete-on-Reboot, [56af496a95047db9a699a156f110d729], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\SetupFrame.dll, Quarantined, [47be5a59f5a4b3832817d81fc04144bc], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Uninstall.exe, Quarantined, [32d3b4ff257489ad46f95a9dc63b926e], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UninstallFrame.dll, Quarantined, [e520c3f0aced9b9b99a638bf1ae76997], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UninstDelete.exe, Quarantined, [ff06c6ed2d6cad89fc439e594ab78b75], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\UpdateHost.exe, Quarantined, [52b3f6bdd4c50f2779c60ceb42bf36ca], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Upgrade.dll, Quarantined, [ee17892a5c3da88ee55ab641ac5512ee], 
PUP.Optional.ClientConnect, C:\Users\Elizabeth\Downloads\Minecraft_TSV3GAWM8.exe, Quarantined, [ce37783b7e1b9d9995e6d1131be546ba], 
PUP.Optional.ClientConnect, C:\Users\Elizabeth\Downloads\Minecraft_TSV3GAWM9.exe, Quarantined, [8481f5be80197bbb7dfed113b44cad53], 
PUP.Optional.ClientConnect, C:\Users\Elizabeth\Downloads\Minecraft_TSV3GAWMB.exe, Quarantined, [ff06961df3a6ee487ffc5b8905fbd22e], 
PUP.Optional.DownLoadAdmin, C:\Users\Vincent\Downloads\cbsidlm-tr1_10a-CSV2QBO-SEO-75623488.exe, Quarantined, [778e6b486c2d2b0b59ce9074f70baf51], 
PUP.Optional.BundleInstaller, C:\Users\Vincent\Downloads\FlashPlayerPro (1).exe, Quarantined, [e421ad067d1cb77f6f9b0f639f6123dd], 
PUP.Optional.BundleInstaller, C:\Users\Vincent\Downloads\FlashPlayerPro.exe, Quarantined, [df2680338a0f9a9c49c12151d927867a], 
Trojan.MalPack, C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe, Quarantined, [5ea7e4cfe5b426108b551c0b2bd77f81], 
Trojan.SafeGuard, C:\Windows\EProtect_amd64.sys_bk, Quarantined, [669f0ba88d0cdf57868e42eaa35fcf31], 
PUP.Optional.WindowsSecurity.PrxySvrRST, C:\ProgramData\Windows Security\winsecurity.exe, Delete-on-Reboot, [55b03a79d8c1231396fa48f2897a7987], 
PUP.Optional.SafeGuard.ChrPRST, C:\Users\Vincent\AppData\Roaming\XBox\XBLive.exe, Delete-on-Reboot, [7f86d4dfb0e96ec81a8e46f9857e44bc], 
PUP.Optional.SafeGuard.WnskRST, C:\ProgramData\System32\SafeGuard32.dll, Quarantined, [b94cb102abee34029914df600102af51], 
PUP.Optional.SafeGuard.WnskRST, C:\ProgramData\System32\SafeGuard.sig, Quarantined, [b94cb102abee34029914df600102af51], 
PUP.Optional.ConduitTB.Gen, C:\Users\Vincent\AppData\Local\CRE\lipgolpfajiadodbcbljdpmbmbdmfcil.crx, Quarantined, [9075c5eecccd95a1514d4304c83bca36], 
Trojan.Zlob, C:\Users\Vincent\Music\My Music.url, Quarantined, [ed18585b8316b581fa396f0f0cf7f709], 
PUP.Optional.MindSpark, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_retrogamer.dl.tb.ask.com_0.localstorage, Quarantined, [4fb6ab08e5b45bdba0c7dc5ef311cd33], 
PUP.Optional.MindSpark, C:\Users\Elizabeth\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_retrogamer.dl.tb.ask.com_0.localstorage-journal, Quarantined, [7c89fbb88316ba7cd19657e39a6aff01], 
PUP.Optional.FakeIELaunch, C:\Users\Vincent\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk, Quarantined, [2adb3e75c5d473c3727bc69b26de0bf5], 
PUP.Optional.BestPriceNinja, C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, Quarantined, [cd386350debb6acccf4915845da74db3], 
PUP.Optional.BestPriceNinja, C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, Quarantined, [4bbad8db1a7fc0769682b6e3c83c748c], 
PUP.Optional.MorePowerfulCleaner, C:\Users\Public\Desktop\MPC Cleaner.lnk, Quarantined, [8d78763d86130135fd03c0e12bd947b9], 
PUP.Optional.MorePowerfulCleaner, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC\MPC Cleaner.lnk, Quarantined, [0005941f6b2e8aac9c65029fa85c0ef2], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\symsrv.yes, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\snh.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinApi.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdbWinUsbApi.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AdcManager.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\AndriodServer.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\CeBase.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\CrashReport.exe, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\dbgkpt.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT.manifest, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcm90.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcp90.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\msvcr90.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Support.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\symsrv.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Utility.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\wfhxte.dat, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\xadb.exe, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\XSkin.dll, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\ymlct, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Exe\ADC_qd00000.exe, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\Clean.xf, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\PlugIn.xf, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\as.db, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\cf.db, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\run.db, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Config\DB\st.db, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCBase_32.sys, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.inf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt.sys, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_32.sys, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_vista_64.sys, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Drivers\MPCKpt_xp_32.sys, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q2.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_gray.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_green.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_org.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\ad_red.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g1.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g10.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g11.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g12.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g2.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g3.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g4.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g5.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g6.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g7.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g8.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\g9.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q1.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q10.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q11.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q12.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q3.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q4.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q5.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q6.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q7.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q8.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\q9.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r1.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r10.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r11.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r12.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r2.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r3.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r4.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r5.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r6.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r7.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r8.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\r9.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_gray.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_green.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_org.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\sys_red.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y1.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y10.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y11.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y12.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y2.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y3.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y4.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y5.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y6.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y7.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y8.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\y9.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{08DA4B46-E0EB-4B4D-8C8B-558C967AF6C5}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{22A8D5A3-F368-4C6B-BF4D-3C901EBCF242}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{3F9A707D-2C36-4344-8621-B8E4ADC95C18}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{ADC520A9-B4B3-791E-B149-845C11673CB0}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{CDA529A9-B1B3-793E-B449-845C11673CB5}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{D8EC46AF-529F-4636-963B-C086429C73DA}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{DE37CD8C-DE7B-481F-A676-303ABAFBEE04}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{EDA029A1-B5BA-793E-B649-875C18673CC5}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{F154C596-75A9-4028-90E8-9752BD7CA05B}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\search_{FDA029A2-A5BA-797E-B689-875E18673FC2}.ico, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SearchIcon\toasts_waring.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcapp.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\adcweb.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\block.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\home.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\ie.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SgIcon\search.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_green.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_org.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\AR_red.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_green.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_org.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\Bp_red.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_green.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_org.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SpeedUp_red.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_green.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_org.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\SVC_red.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_green.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_org.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Image\SoIcon\TSK_red.png, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcm90.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcp90.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Microsoft.VC90.CRT\msvcr90.dll, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Lang.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Cleaner\Skin.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Lang.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\CrashReport\Skin.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News\Lang.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\News\Skin.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Lang.xf, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Tray\Skin.xf, Delete-on-Reboot, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Lang.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.MorePowerfulCleaner, C:\Program Files (x86)\MPC Cleaner\Skin\Uninstall\Skin.xf, Quarantined, [778edad9dbbe41f50a47a4fd15efd828], 
PUP.Optional.HDApp, C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage, Quarantined, [eb1a476cd1c8181ea1606d35dc2816ea], 
PUP.Optional.HDApp, C:\Users\Vincent\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_hdapp1008-a.akamaihd.net_0.localstorage-journal, Quarantined, [6e97e2d1a4f5211547ba6939a65e48b8], 
PUP.Optional.Linkury, C:\Users\Vincent\AppData\Roaming\uninstall_temp.ico, Quarantined, [51b46b4857420b2b873bd1d56a9a31cf], 
PUP.Optional.SkypeUpdateEx.PrxySvrRST, C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe.config, Quarantined, [02035c57a4f51422f114644722e2b24e], 
PUP.Optional.SkypeUpdateEx.PrxySvrRST, C:\Program Files (x86)\SkypeUpdateEx\SkypeUpdateEx.exe, Delete-on-Reboot, [02035c57a4f51422f114644722e2b24e], 
PUP.Optional.XBLive.ChrPRST, C:\ProgramData\Microsoft\XBLive\Egg\{bxdb5o8za9bd4fb9afbeb32c808d9857160417}.config, Quarantined, [0401b4ff4a4fd462aa27238bbd4748b8], 
PUP.Optional.ProntSpooler, C:\Users\Vincent\AppData\Local\Apps\2.0\abril.exe, Quarantined, [55b0823157427db924f680300103ba46], 
PUP.Optional.ProntSpooler, C:\Users\Vincent\AppData\Local\Apps\2.0\abril.InstallLog, Quarantined, [887dbcf7e8b1e650d04a4769679d827e], 
PUP.Optional.ProntSpooler, C:\Users\Vincent\AppData\Local\Apps\2.0\abril.InstallState, Quarantined, [84816c471e7b78be8199654bcb395fa1], 
PUP.Optional.ProntSpooler, C:\Users\Vincent\AppData\Local\Apps\2.0\abril.stt, Quarantined, [6c9940731e7b48ee42d878383ec69a66], 
PUP.Optional.EProtect, C:\Windows\EProtect_amd64.sys, Delete-on-Reboot, [71947d36c5d41b1bf71d555ca95be51b], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\rlz_id.dll, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\sma.exe, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\smci64.dll, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\smi32.exe, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\smi64.exe, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\smu.exe, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\SMUninstall.exe, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Goobzo.Gen, C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys, Quarantined, [81847b38d8c10f2727d7bb7d55ae966a], 
PUP.Optional.Tuto4PC, C:\Users\Vincent\AppData\Local\tuto_monetize_220160418\tuto_monetize_220160418\1.10\cnf.cyl, Quarantined, [0203c3f071281026233cc970719249b7], 

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Thanks for those logs, run the following:

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Next,

Please download Security Analysis by Rocket Grannie from here: http://rocketgrannie.spywareinfoforum.org/RGSA.exe
 
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.


Note: The link to the most current version of the program will always be in the first post of this topic.
Note: (Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run to continue.)
Note: The current java version on XP will show as "out of date".
Note: Flash Player ActiveX is pre-installed with Internet Explorer in Windows 10 and updates Automatically.

Please post your feedback in this topic.

Let me see those logs, also give an update on any remmaining issues or concerns...

Thank you,

Kevin.
Link to post
Share on other sites

Thank you for your help Kevin.  Everything seems to be working now.  The virus scan came back with no detections.  Here is the log file for RGSA:

 

Result of Security Analysis by Rocket Grannie (x86) version: 25th April 2016
Running from:C:\Users\Vincent\Desktop (07:40:47 - 04/26/2016)
***---------------------------------------------------------***
Microsoft Windows 10 Home X64
UAC is Enabled!
Internet Explorer 11
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
***-----------------Anti-Virus - Firewall-------------------***
McAfee Anti-Virus and Anti-Spyware Enabled - up to Date!
Windows Firewall is *Disabled*
Searching for any other Firewall
McAfee Firewall
***----------------AntiSpyware - Miscellaneous---------------***
Adobe flash Player Plugin (version 21.0.0.213)
Google Chrome (version 49)
Malwarebytes Anti-Malware (version 2.2.1.1043)
Microsoft Silverlight (version 5)
Windows Live Essentials (version 16.4)

***----------------Analysis Complete-------------------------***

Link to post
Share on other sites

Thanks for the logs and update information, run the following to clean up:

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.