Jump to content

Tryed removing DLL injector, And it still wont go away.


Recommended Posts

Hi Sahara :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

Follow the instructions in the thread below, and provide me both FRST logs (FRST.txt and Addition.txt). You can attach them in your next post, or copy/paste their content.

https://forums.malwarebytes.com/topic/9573-im-infected-what-do-i-do-now/

 

Also, can you attach the Malwarebytes log where the 113 detection occurred?

Link to post
Share on other sites

StayHi there, Aura.

I'm hoovery but please call me Leo. Unfortunately I could get the Attachment option to work. So I had to copy and paste. Sorry for the inconvenience.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 30-07-2017
Ran by julie (administrator) on LAPTOP-IV3TQNOO (30-07-2017 22:11:10)
Running from C:\Users\julie\Downloads
Loaded Profiles: julie (Available Profiles: julie)
Platform: Windows 10 Home (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe
() C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
() C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ShenZhen Enode Techology co,.Ltd) C:\Program Files (x86)\WeatherTool\2.0.1.11332\weather.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(SweetLabs, Inc) C:\Users\julie\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\VSCore_15_5\mcapexe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
(Hammer & Chisel, Inc.) C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\MusNotification.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3873000 2016-08-18] (ELAN Microelectronics Corp.)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [354144 2013-08-13] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [511280 2015-06-23] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [WebBar Toolbar] => C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe [190184 2017-07-13] ()
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKLM-x32\...\Run: [isa] => C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] ()
HKLM-x32\...\Run: [RaidCall] => C:\Program Files (x86)\RaidCall.RU\raidcall.exe [5160360 2016-10-08] (RAIDCALL.COM)
HKLM-x32\...\RunOnce: [Dadohedese] => C:\Windows\SysWOW64\wscript.exe /E:vbscript /B "C:\Users\julie\AppData\Roaming\Hemamaso"
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Run: [Chromium] => "c:\users\julie\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [5077792 2017-05-16] (Nota Inc.)
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Run: [Discord] => C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe [64290304 2017-01-04] (Hammer & Chisel, Inc.)
GroupPolicy: Restriction <==== ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{d100cc34-97e3-45e6-8821-cc16be3f2d48}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp:www.fidonav.com
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://toshiba.eu/symbaloo_10c1
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxps://homepage-web.com/?s=toshibaupd&m=start
SearchScopes: HKLM -> DefaultScope {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_28_rps115078_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyDyBtN1L2XzutAtFtBtBtFtAtFtCtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByCzzzytCyE0A0FtGtAzztB0DtGzyyDzytDtGyE0AyC0FtGyEzz0D0FtBtD0CyEtB0EyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCtD%26cr%3D1181300827%26a%3Dwbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM -> {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> {1b31c9d2-7135-442b-bb93-7c002172adc6} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_frmr_16_28_rps115078_rps&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyDyBtN1L2XzutAtFtBtBtFtAtFtCtDtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StByCzzzytCyE0A0FtGtAzztB0DtGzyyDzytDtGyE0AyC0FtGyEzz0D0FtBtD0CyEtB0EyCtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyEtN1B2Z1V1T1S1NzutBtBtCtD%26cr%3D1181300827%26a%3Dwbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> {D5749A82-45C7-4D1B-850A-63810C41D415} URL = hxxps://uk.search.yahoo.com/yhs/search?hspart=elm&hsimp=yhs-001&type=hdr_s_16_30_wbf_frmr_16_28&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dgb%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuzztB0AyDzzzytCyCtAyC0D0EyCyCzzyCtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0DtCzy0FtD0FtDtGtCyByC0DtGyCtByB0BtGyByEzytBtGyC0DtB0BtCtDzzyC0DtC0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0AzztAyD0FyBtB0AtG0FzyyC0AtGyE0BtByBtGzytA0CtBtG0FtDyByB0C0CyBtA0ByE0CtB2QtN0A0LzuyE%26cr%3D1285276411%26a%3Dhdr_s_16_30_wbf_frmr_16_28%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2551010487-507632001-2136295685-1001 -> DefaultScope {D5749A82-45C7-4D1B-850A-63810C41D415} URL = 
SearchScopes: HKU\S-1-5-21-2551010487-507632001-2136295685-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D072117-AA1FD30A82A&form=CONBDF&conlogo=CT3335665&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2551010487-507632001-2136295685-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = 
BHO: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
BHO-x32: McAfee WebAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2017-05-16] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: (McAfee WebAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2017-07-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIIPT.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\TXE Components\IPT\npIntelWebAPIUpdater.dll [2014-07-01] (Intel Corporation)
FF Plugin-x32: @raidcall.tw/RCplugin -> C:\Users\julie\AppData\Roaming\RCTW\plugins\nprcplugin.dll [2013-06-25] (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-28] (Google Inc.)

Chrome: 
=======
CHR HomePage: Default -> hxxp:www.fidonav.com
CHR StartupUrls: Default -> "hxxp:www.fidonav.com"
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default [2017-07-30]
CHR Extension: (Google Docs) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-20]
CHR Extension: (Google Drive) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-20]
CHR Extension: (Skype Calling) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-09]
CHR Extension: (YouTube) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-20]
CHR Extension: (Slither.io Mods, Zoom, Unlock Skins, Bots) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\eogeabecipmckmihpmkgjbghbffcebcf [2017-06-18]
CHR Extension: (Gyazo) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffdaeeijbbijklfcpahbghahojgfgebo [2017-07-30]
CHR Extension: (Roblox Skin Plugin) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdffiaienijhlncnddboikalooffgiob [2016-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-20]
CHR Extension: (Roblox+) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2017-07-30]
CHR Extension: (Grammarly for Chrome) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2017-07-30]
CHR Extension: (ROBLOX: Quick Asset Downloader) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\meljceogbjjmgjhhbnmjjgepchpjkklc [2017-01-17]
CHR Extension: (Screencastify - Screen Video Recorder) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmeijimgabbpbgpdklnllpncmdofkcpn [2017-07-19]
CHR Extension: (Office Online) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndjpnladcallmjemlbaebfadecfhkepb [2017-05-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-11]
CHR Extension: (Gmail) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\julie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2551010487-507632001-2136295685-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2551010487-507632001-2136295685-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ijahobfejgeblmkpcmgpelfibgnnjpil] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2016-01-07] (Broadcom Corporation.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [144608 2016-08-18] (ELAN Microelectronics Corp.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [382440 2016-08-23] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [881152 2015-05-22] (Intel(R) Corporation)
R3 Intel(R) Security Assist; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe [330240 2015-02-26] () [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe [7680 2015-02-26] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\TXE Components\DAL\jhi_service.exe [174368 2015-04-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [188256 2017-05-16] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\Common Files\McAfee\VSCore_15_5\McAPExe.exe [963176 2016-10-07] (McAfee, Inc.)
S2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [603752 2016-10-14] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [242704 2016-09-08] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [384016 2016-09-08] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [331280 2016-09-08] (McAfee, Inc.)
R3 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [120392 2015-11-17] (Toshiba Europe GmbH)
R2 TheDesktopWeatherService; C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe [155784 2016-04-26] ()
R2 ThevSnapshotService; C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe [152264 2016-12-24] ()
R2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25192 2017-07-22] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2016-10-25] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2017-06-03] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AX88772; C:\Windows\System32\drivers\ax88772.sys [111616 2015-07-10] (ASIX Electronics Corp.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2016-01-07] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [88120 2016-09-09] (McAfee, Inc.)
R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77376 2017-06-27] ()
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [31832 2016-08-18] (ELAN Microelectronic Corp.)
R3 igfxLP; C:\Windows\system32\DRIVERS\igdkmd64lp.sys [7401968 2016-08-23] (Intel Corporation)
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [188352 2017-07-29] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [101784 2017-07-30] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [45472 2017-07-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [253856 2017-07-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [93600 2017-07-30] (Malwarebytes)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [477752 2016-09-09] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [364088 2016-09-09] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [85656 2016-09-09] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [512056 2016-09-09] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [884792 2016-09-09] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [110136 2016-09-09] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [252984 2016-09-09] (McAfee, Inc.)
R1 MpKsl77d267f6; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{245527DF-8FC2-4E6A-8426-905726E003C3}\MpKsl77d267f6.sys [44928 2017-07-30] (Microsoft Corporation)
S3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3496216 2015-07-10] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-02] (Realtek Semiconductor Corp.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [146232 2015-06-26] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 22:11 - 2017-07-30 22:12 - 000024884 _____ C:\Users\julie\Downloads\FRST.txt
2017-07-30 22:10 - 2017-07-30 22:11 - 000000000 ____D C:\FRST
2017-07-30 22:09 - 2017-07-30 22:10 - 002381312 _____ (Farbar) C:\Users\julie\Downloads\FRST64.exe
2017-07-30 22:03 - 2017-07-30 22:03 - 000016148 _____ C:\Windows\system32\LAPTOP-IV3TQNOO_julie_HistoryPrediction.bin
2017-07-30 10:17 - 2017-07-30 10:17 - 000000045 _____ C:\Users\julie\AppData\Roaming\WB.CFG
2017-07-30 10:17 - 2017-07-30 10:17 - 000000000 ___HD C:\$WINDOWS.~BT
2017-07-29 16:42 - 2017-07-29 16:42 - 000188352 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-07-29 16:41 - 2017-07-30 21:52 - 000093600 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-07-29 16:41 - 2017-07-30 12:03 - 000253856 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-07-29 16:41 - 2017-07-30 12:03 - 000101784 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-07-29 16:41 - 2017-07-30 12:03 - 000045472 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-07-29 16:41 - 2017-07-29 16:41 - 000001923 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-07-29 16:41 - 2017-07-29 16:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-07-29 16:41 - 2017-06-27 12:06 - 000077376 _____ C:\Windows\system32\Drivers\mbae64.sys
2017-07-29 16:40 - 2017-07-29 16:40 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-07-29 16:40 - 2017-07-29 16:40 - 000000000 ____D C:\Program Files\Malwarebytes
2017-07-29 16:39 - 2017-07-29 16:39 - 065033984 _____ (Malwarebytes ) C:\Users\julie\Downloads\mb3-setup-consumer-3.1.2.1733-1.0.160-1.0.2251.exe
2017-07-29 16:34 - 2017-07-29 16:34 - 000001331 _____ C:\Users\julie\Desktop\Continue DLL Injector Latest Version Installation.lnk
2017-07-29 16:25 - 2017-07-29 16:25 - 000003556 _____ C:\Windows\System32\Tasks\PROPCCleaner_Popup
2017-07-29 16:25 - 2017-07-29 16:25 - 000003334 _____ C:\Windows\System32\Tasks\PROPCCleaner_Start
2017-07-29 16:25 - 2017-07-29 16:25 - 000000000 ____D C:\Users\julie\AppData\Local\PRO_PC_Cleaner
2017-07-29 16:18 - 2017-07-30 21:17 - 000000306 _____ C:\Windows\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642}.job
2017-07-29 16:18 - 2017-07-29 16:22 - 000000000 ____D C:\Users\julie\AppData\Local\chromium
2017-07-29 16:18 - 2017-07-29 16:18 - 000002846 _____ C:\Windows\System32\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642}
2017-07-29 16:18 - 2017-07-29 16:18 - 000000000 ____D C:\Users\julie\AppData\Roaming\dll 2.0
2017-07-29 16:17 - 2017-07-30 10:17 - 000000000 ____D C:\Users\julie\AppData\Roaming\34DDA7C1-41C8-4ED3-5D07-0F245CEFE642
2017-07-29 16:17 - 2017-07-29 16:30 - 000000000 ____D C:\Users\julie\Documents\PROPCCleaner
2017-07-29 16:17 - 2017-07-29 16:17 - 000018050 _____ C:\Users\julie\AppData\Roaming\Hemamaso
2017-07-29 16:17 - 2017-07-29 16:17 - 000003554 _____ C:\Windows\System32\Tasks\6d10cc27-4e9f-4ccc-8e4b-69e4cc3613de
2017-07-29 16:16 - 2017-07-30 11:44 - 000000000 ____D C:\Program Files (x86)\PRO PC Cleaner
2017-07-29 16:16 - 2017-07-30 10:06 - 000000000 ____D C:\Users\julie\AppData\Local\WebBar
2017-07-29 16:16 - 2017-07-29 16:29 - 000000000 ____D C:\Users\julie\AppData\Local\{CA15FC49-EEBD-90F1-8325-B519A74D4981}
2017-07-29 16:16 - 2017-07-29 16:16 - 000003814 _____ C:\Windows\System32\Tasks\WBUpdateTask
2017-07-29 16:16 - 2017-07-29 16:16 - 000003288 _____ C:\Windows\System32\Tasks\WBLaunchTask
2017-07-29 16:16 - 2017-07-29 16:16 - 000000000 ____D C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PRO PC Cleaner
2017-07-29 16:16 - 2017-07-29 16:16 - 000000000 ____D C:\Program Files\WebBarMedia
2017-07-29 16:15 - 2017-07-29 16:15 - 001516354 _____ ( ) C:\Users\julie\Downloads\DLLInjector v2.0 Installer_1277516118.exe
2017-07-29 16:13 - 2017-07-29 16:14 - 000319488 _____ C:\Users\julie\Downloads\DLLInjector-LatestVersion.exe
2017-07-29 16:07 - 2017-07-29 16:07 - 001516354 _____ ( ) C:\Users\julie\Downloads\DLLInjector v2.0 Installer_0052953587.exe
2017-07-29 16:03 - 2017-07-29 16:13 - 000659968 _____ C:\Users\julie\Downloads\JJSploit.dll
2017-07-29 16:01 - 2017-07-29 16:01 - 000220672 _____ C:\Users\julie\Downloads\Prison_Life_Client (1).dll
2017-07-29 15:50 - 2017-07-29 15:50 - 000220672 _____ C:\Users\julie\Downloads\Prison_Life_Client.dll
2017-07-29 15:42 - 2017-07-29 15:42 - 000851968 _____ () C:\Users\julie\Downloads\Infinite_Jump.exe
2017-07-29 10:58 - 2017-07-29 10:58 - 049504312 _____ (Grammarly) C:\Users\julie\Downloads\GrammarlySetup.exe
2017-07-28 15:19 - 2017-07-28 15:19 - 001202160 _____ (Adobe Systems Incorporated) C:\Users\julie\Downloads\flashplayer26pp_xa_install.exe
2017-07-23 21:21 - 2017-07-23 21:21 - 005317746 _____ C:\Users\julie\Downloads\robloxapp-20170723-1539096.wmv
2017-07-21 22:17 - 2017-07-21 22:28 - 000000000 ____D C:\Program Files\rempl
2017-07-21 17:53 - 2017-07-21 17:53 - 000000000 ____D C:\Users\julie\AppData\Local\Lavasoft
2017-07-21 17:53 - 2017-07-21 17:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2017-07-21 17:52 - 2017-07-21 21:56 - 000002880 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2017-07-21 17:52 - 2017-07-21 21:56 - 000002880 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2017-07-21 17:52 - 2017-07-21 17:52 - 000425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2017-07-21 17:52 - 2017-07-21 17:52 - 000345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2017-07-21 17:52 - 2017-07-21 17:52 - 000000000 ____D C:\Users\julie\AppData\Roaming\Lavasoft
2017-07-21 17:51 - 2017-07-21 17:51 - 000000000 ____D C:\ProgramData\Lavasoft
2017-07-21 17:51 - 2017-07-21 17:51 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2017-07-21 17:44 - 2017-07-21 17:44 - 000000002 _____ C:\Users\julie\AppData\Roaming\view.txt
2017-07-18 08:10 - 2017-07-18 08:11 - 001981530 _____ C:\Users\julie\Downloads\robloxapp-20170718-1102169.wmv
2017-07-17 17:54 - 2017-07-17 17:54 - 001501144 _____ ( ) C:\Users\julie\Downloads\windows-file-explorer.exe
2017-07-17 17:54 - 2017-07-17 17:54 - 001501144 _____ ( ) C:\Users\julie\Downloads\windows-file-explorer (1).exe
2017-07-17 17:54 - 2017-07-17 17:54 - 001048576 _____ ( ) C:\Users\julie\Downloads\windows-file-explorer (3).exe.hwr9ew5.partial
2017-07-12 17:24 - 2017-07-12 17:24 - 000031325 _____ C:\Users\julie\Downloads\MI5.html
2017-07-12 17:24 - 2017-07-12 17:24 - 000000000 ____D C:\Users\julie\Downloads\MI5_files
2017-07-09 20:03 - 2017-07-28 10:36 - 000000820 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Update Assistant.lnk
2017-07-09 20:03 - 2017-07-28 10:36 - 000000808 _____ C:\Users\julie\Desktop\Windows 10 Update Assistant.lnk
2017-07-09 08:24 - 2017-07-09 08:24 - 000000000 ____D C:\Windows\UpdateAssistant
2017-07-07 17:31 - 2017-06-30 10:45 - 001571520 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-07-07 17:31 - 2017-06-30 10:45 - 001221824 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-07-07 17:31 - 2017-06-30 10:45 - 000636096 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-07-07 17:31 - 2017-06-30 10:45 - 000551104 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-07-07 17:31 - 2017-06-30 10:45 - 000341184 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-07-07 17:31 - 2017-06-30 10:45 - 000143040 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-07-07 17:31 - 2017-06-30 10:45 - 000103616 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-07-07 17:31 - 2017-06-30 10:45 - 000041664 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2017-07-07 17:31 - 2017-06-30 08:34 - 000335712 _____ (Microsoft Corporation) C:\Windows\system32\dcntel.dll
2017-07-07 17:31 - 2017-06-30 08:34 - 000225632 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-07-30 21:45 - 2016-08-18 08:36 - 000000302 _____ C:\Windows\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3}.job
2017-07-30 21:41 - 2016-07-25 08:47 - 000000298 _____ C:\Windows\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D}.job
2017-07-30 21:39 - 2016-07-16 01:37 - 000000306 _____ C:\Windows\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}.job
2017-07-30 20:48 - 2017-02-24 20:44 - 000000544 _____ C:\Windows\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}.job
2017-07-30 16:34 - 2017-02-24 20:43 - 000000000 ____D C:\Users\julie\AppData\Roaming\vSnapshot
2017-07-30 16:31 - 2016-07-25 15:04 - 000004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AE21E331-717B-4378-B372-CE0E1B312EC6}
2017-07-30 15:11 - 2016-08-20 13:41 - 000000000 ____D C:\Users\julie\AppData\Roaming\WeatherTool
2017-07-30 10:20 - 2015-08-06 18:55 - 000000000 ____D C:\Windows\Panther
2017-07-30 10:13 - 2016-01-07 09:43 - 000875126 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-30 10:13 - 2015-07-10 12:02 - 000000000 ____D C:\Windows\INF
2017-07-30 10:12 - 2015-07-10 12:04 - 000000000 ___HD C:\Program Files\WindowsApps
2017-07-30 10:12 - 2015-07-10 12:04 - 000000000 ____D C:\Windows\AppReadiness
2017-07-30 10:11 - 2016-04-28 22:15 - 000000000 ____D C:\Users\julie\AppData\Local\Host App Service
2017-07-30 10:07 - 2016-08-20 13:40 - 000000000 __SHD C:\Users\julie\IntelGraphicsProfiles
2017-07-30 10:07 - 2016-04-28 22:00 - 000000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-07-30 10:07 - 2016-01-07 10:08 - 000000000 ____D C:\Program Files (x86)\McAfee
2017-07-30 10:07 - 2015-07-10 13:21 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-30 10:06 - 2016-07-16 01:35 - 000000000 ____D C:\Program Files\ByteFence
2017-07-30 10:06 - 2015-07-10 10:05 - 000262144 ___SH C:\Windows\system32\config\BBI
2017-07-29 17:03 - 2016-11-26 15:44 - 000000000 ____D C:\Users\julie\AppData\Roaming\discord
2017-07-29 16:17 - 2016-07-16 01:36 - 000004476 _____ C:\Windows\System32\Tasks\Yahoo! Powered recon
2017-07-29 16:16 - 2016-01-07 10:08 - 000000000 ____D C:\ProgramData\McAfee
2017-07-29 15:05 - 2016-08-20 13:32 - 000000000 ____D C:\Users\julie\AppData\Local\Roblox
2017-07-28 12:23 - 2016-08-20 13:32 - 000000000 ____D C:\Users\julie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2017-07-28 10:38 - 2016-06-30 15:37 - 000000000 ____D C:\Windows10Upgrade
2017-07-28 10:26 - 2017-04-21 21:50 - 000003166 _____ C:\Windows\System32\Tasks\Advanced-PC-Care_Logon
2017-07-21 21:57 - 2017-01-02 20:07 - 000041174 _____ C:\appverifier.txt
2017-07-21 21:56 - 2016-04-28 22:15 - 000000000 ____D C:\Users\julie
2017-07-19 07:23 - 2016-04-30 00:44 - 000000000 ____D C:\Windows\system32\MRT
2017-07-19 07:17 - 2016-04-30 00:44 - 135225752 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-07-18 22:15 - 2015-07-10 12:04 - 000000000 ____D C:\Windows\system32\appraiser
2017-07-09 08:24 - 2015-07-10 11:55 - 000000000 ____D C:\Windows\CbsTemp

==================== Files in the root of some directories =======

2017-07-29 16:17 - 2017-07-29 16:17 - 000018050 _____ () C:\Users\julie\AppData\Roaming\Hemamaso
2017-07-21 17:44 - 2017-07-21 17:44 - 000000002 _____ () C:\Users\julie\AppData\Roaming\view.txt
2017-07-30 10:17 - 2017-07-30 10:17 - 000000045 _____ () C:\Users\julie\AppData\Roaming\WB.CFG
2016-01-07 09:56 - 2016-01-07 09:56 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Files to move or delete:
====================
C:\Windows\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642}.job
C:\Windows\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}.job
C:\Windows\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D}.job
C:\Windows\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3}.job


Some files in TEMP:
====================
2017-07-29 16:19 - 2017-07-29 16:16 - 000883024 _____ (McAfee, Inc.) C:\Users\julie\AppData\Local\Temp\0017231501341572mcinst.exe
2017-07-29 16:34 - 2017-07-29 16:34 - 001516354 _____ (                                                            ) C:\Users\julie\AppData\Local\Temp\ICReinstall_DLLInjector v2.0 Installer_1277516118.exe
2017-07-28 10:36 - 2017-07-28 10:36 - 006457520 _____ (Microsoft Corporation) C:\Users\julie\AppData\Local\Temp\Windows10Upgrade.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-07-17 13:30

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-07-2017
Ran by julie (30-07-2017 22:14:04)
Running from C:\Users\julie\Downloads
Windows 10 Home (X64) (2016-04-28 21:00:44)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2551010487-507632001-2136295685-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2551010487-507632001-2136295685-503 - Limited - Disabled)
Guest (S-1-5-21-2551010487-507632001-2136295685-501 - Limited - Disabled)
julie (S-1-5-21-2551010487-507632001-2136295685-1001 - Administrator - Enabled) => C:\Users\julie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

App Explorer (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Host App Service) (Version: 0.273.2.204 - SweetLabs)
Bluetooth(R) Link (HKLM\...\{3F3DCC8C-2C93-4082-A6DE-BBDC74804FA0}) (Version: 4.3.03 - Toshiba Corporation)
ByteFence Anti-Malware (HKLM-x32\...\ByteFence) (Version: 3.9.0.3 - Byte Technologies LLC) <==== ATTENTION
Discord (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\Discord) (Version: 0.0.297 - Hammer & Chisel, Inc.)
ELAN Touchpad 15.8.12.5_X64_WHQL (HKLM\...\Elantech) (Version: 15.8.12.5 - ELAN Microelectronic Corp.)
Get Dropbox (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Gyazo 3.3.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
Intel(R) Chipset Device Software (HKLM-x32\...\{c6cff78a-cccb-49d5-be68-ae0ec5f0d48a}) (Version: 10.1.1.8 - Intel(R) Corporation) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4474 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 2.0.0.1067 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{84DB01CB-7EB7-4261-9249-99A32768D991}) (Version: 1.0.0.523 - Intel Corporation)
KB4023057 (HKLM\...\{27C6D60B-CAD4-4C70-A1F2-299C731EA8F7}) (Version: 2.0.0.0 - Microsoft Corporation)
Malwarebytes version 3.1.2.1733 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.1.2.1733 - Malwarebytes)
McAfee Internet Security (HKLM-x32\...\MSC) (Version:  - )
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.139 - McAfee, Inc.)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 0.16.6 - OBS Project)
PriceFountain (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\FaithfulsUplanders) (Version:  - ) <==== ATTENTION
PRO PC Cleaner (HKLM-x32\...\PRO PC Cleaner) (Version: 3.1.8 - PRO PC Cleaner) <==== ATTENTION
RaidCall (HKLM-x32\...\RaidCall) (Version: 8.2.0-1.0.3231.155 - raidcall.com.ru)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10130.29089 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
ROBLOX Player for julie (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\{373B1718-8CC5-4567-8EE2-9033AD08A680}) (Version:  - ROBLOX Corporation)
ROBLOX Studio for julie (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\{2922D6F1-2865-4EFA-97A9-94EEAB3AFA14}) (Version:  - ROBLOX Corporation)
Screencast-O-Matic v2.0 (HKLM-x32\...\Screencast-O-Matic v2.0) (Version: v2-1.8 - Screencast-O-Matic)
Search the Web (Yahoo) (HKLM-x32\...\a92e2408) (Version:  - ) <==== ATTENTION
Symbaloo (HKLM-x32\...\Symbaloo) (Version: 1.1.0 - Symbaloo Launcher by Toshiba Europe GmbH)
The Desktop Weather 2.0.1.11332 (HKLM\...\WeatherTool) (Version: 2.0.1.11332 - ShenZhen Enode Techology co,.Ltd) <==== ATTENTION
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 3.0.0.9 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.1.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.26 - Toshiba Corporation)
TOSHIBA PC Health Monitor (HKLM\...\{B507386D-1F61-4E55-B05B-F56ACB0086B3}) (Version: 5.01.01.6401 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{EDC626BA-3E59-44C4-96B4-9066E29BF600}) (Version: 3.1.0.2 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 2.00.0005 - Toshiba Corporation)
TOSHIBA System Settings (HKLM\...\{B040D5C9-C9AA-430A-A44E-696656012E61}) (Version: 3.0.0.6406 - Toshiba Corporation)
Toshiba TEMPRO (HKLM-x32\...\{E4C7D9D7-19D4-4623-AF0C-EA313C466411}) (Version: 5.0.0 - Toshiba Europe GmbH)
Update for PriceFountain (HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}) (Version:  - Update for PriceFountain) <==== ATTENTION
UpdateAssistant (HKLM-x32\...\{61B90E2F-2DD9-4581-8856-C2441B61571A}) (Version: 1.7.0.0 - Microsoft Corporation) Hidden
Utility Common Driver (HKLM-x32\...\{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.54.2 - Compal) Hidden
Utility Common Driver (HKLM-x32\...\InstallShield_{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}) (Version: 1.0.54.2 - Compal) Hidden
vSnapshot 1.0.0.0 (HKLM\...\{F772C08D-9F61-45c6-982F-ADDEEE0D92C6}) (Version: 1.0.0.0 - ShenZhen Zhihuimen Techology co,.Ltd) <==== ATTENTION
Web Companion (HKLM-x32\...\{1d697d07-6a9c-4146-afb0-5c30b394f80e}) (Version: 3.1.1602.3093 - Lavasoft)
WebBar Toolbar 5.5.6403.17695 (HKLM\...\{0BCE8B0A-1E76-44E5-9909-3CF804D92E4D}_is1) (Version: 5.5.6403.17695 - WebBar)
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Yahoo! Powered (HKLM-x32\...\{3FFFD73F-6F7F-06BF-DEFF-763F0E7FA5BF}) (Version:  - ) <==== ATTENTION

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2551010487-507632001-2136295685-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6799.0327_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2551010487-507632001-2136295685-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6799.0327_1\amd64\FileSyncShell64.dll => No File
CustomCLSID: HKU\S-1-5-21-2551010487-507632001-2136295685-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\julie\AppData\Local\Microsoft\OneDrive\17.3.6799.0327_1\amd64\FileSyncShell64.dll => No File
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  -> No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2016-08-23] (Intel Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-05-09] (Malwarebytes)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {061A9E36-6AE6-4424-81E0-8BC539FF89B8} - System32\Tasks\WBLaunchTask => C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe [2017-07-13] ()
Task: {068BCC7E-627C-45BB-AB42-D34A16C1CE90} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {170587FA-2EC6-4E0C-BD2E-005FCFC00338} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistant => C:\Windows\UpdateAssistant\UpdateAssistant.exe [2017-06-26] (Microsoft Corporation)
Task: {1DD17FC0-5340-4994-A6FD-11ECD4C635DF} - System32\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3} => C:\users\julie\appdata\local\{382C0~1\UNINST~1.EXE <==== ATTENTION
Task: {2089C66B-4A78-4B84-AD75-31D04F054EB9} - System32\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642} => C:\Users\julie\AppData\Roaming\34DDA7C1-41C8-4ED3-5D07-0F245CEFE642\syncversion.exe [2013-04-16] ()
Task: {241E70F1-1521-47B3-8FDC-1D4DE0ADD9FC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2015-07-15] (TOSHIBA Corporation)
Task: {3ACF944F-42E6-46BB-9F30-B3CA2E309A9E} - System32\Tasks\Yahoo! Powered recon => "wscript.exe" "C:\ProgramData\{516E940D-DB2C-1ECB-5DEA-8089C7A80B47}\sese.txt" "68747470733a2f2f74646670612e636f6d" "433a5c50726f6772616d446174615c7b35313645393430442d444232432d314543422d354445412d3830383943374138304234377d5c6e61646f7269" "433a5c50726f6772616d446174615c7b35313645393430442d444232432d314543422d3544 (the data entry has 80 more characters). <==== ATTENTION
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => %windir%\system32\rundll32.exe generaltel.dll,RunTelemetryW
Task: {51BB9194-EFAF-4B2A-9C70-40B1A6352BE2} - System32\Tasks\App Explorer => C:\Users\julie\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [2017-07-01] (SweetLabs, Inc)
Task: {55308A66-295A-4BB2-8561-C68D190AD992} - System32\Tasks\PROPCCleaner_Start => C:\Program Files (x86)\PRO PC Cleaner\PROPCCleaner.exe <==== ATTENTION
Task: {68907485-7696-4A13-8CDB-2201516FFEEE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {6A96C0ED-6DC4-4ACB-8552-DE937224F0B9} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {71C8F0E2-479A-47FB-B3F5-8EC2A419502E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-28] (Google Inc.)
Task: {789B5B0F-579E-46E2-A566-EAC368F92BD6} - System32\Tasks\Toshiba\CommonNotifier => C:\Program Files (x86)\Toshiba TEMPRO\Toshiba.Tempro.UI.CommonNotifier.exe [2015-11-17] (Toshiba Europe GmbH)
Task: {7A65F6B1-6176-4D34-A3FF-6E9ECE87775A} - System32\Tasks\WBUpdateTask => C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe [2017-07-13] ()
Task: {7E972757-3916-48F8-BBFD-A9F7E1F4AA97} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {8A592C56-D0A6-4012-BFCB-86260AA14694} - System32\Tasks\GyazoUpdateTaskMachineDaily => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2017-05-16] ()
Task: {A6B4FFDD-3FAE-4DB7-821A-0BAAACF820FE} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun => C:\Windows\UpdateAssistant\UpdateAssistant.exe [2017-06-26] (Microsoft Corporation)
Task: {B33BA791-D88F-4E4E-992E-A0B5F196106D} - System32\Tasks\PROPCCleaner_Popup => C:\Program Files (x86)\PRO PC Cleaner\Splash.exe [2017-07-21] () <==== ATTENTION
Task: {B5251E57-8A75-46C6-8BC0-92F5A084CC01} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {B627544D-E1E0-4EAA-A925-DD600AB3C1B0} - System32\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA} => C:\Users\julie\AppData\Roaming\{444BD~1\SyncTask.exe <==== ATTENTION
Task: {B652FF5D-C05A-4357-875C-1FA21E7FD282} - System32\Tasks\6d10cc27-4e9f-4ccc-8e4b-69e4cc3613de => explorer "hxxps://my-safe-registration.com/n-welcome1?rwp_src1source=no"
Task: {B9C0DE45-DFD3-4C34-856A-0D98B0D2C15D} - System32\Tasks\Microsoft\Windows\rempl\shell-unlock => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation)
Task: {CAD7A48D-F33B-44CA-8D35-7D61AF3A99EC} - System32\Tasks\Advanced-PC-Care_Logon => C:\Program Files\Advanced-PC-Care\apc.exe <==== ATTENTION
Task: {CD45E70E-9052-4598-A7A1-0A6F2D597815} - System32\Tasks\julieFaithfulsUplandersV2 => rundll32.exe ChunksTungstens.dll,main 7 1 <==== ATTENTION
Task: {CFF2A3B7-E18E-42AE-AA43-99F02BEA2449} - System32\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873} => C:\Program Files (x86)\tools\update\tools_update.exe [2016-07-04] ()
Task: {D2C700EB-B7E4-418C-9E01-7FF01495EA2C} - System32\Tasks\BTSchedulerTask => C:\Program Files (x86)\TOSHIBA\Toshiba Bluetooth Device Profile Utility\TosBt_NotificationScheduler.exe [2015-07-08] (Toshiba Corporation)
Task: {EA3F3BEE-7490-4247-85AF-67BBC922800D} - System32\Tasks\ByteFence Scan => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {EABC576A-5C3E-44DE-9B89-5026F4131FF4} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {EB77AFE2-1CE3-4A9C-B45F-8D006E9AA232} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2016-08-27] (Realtek Semiconductor)
Task: {ECC36DE0-6E2A-4E2F-AF69-5E0A75DD3C76} - System32\Tasks\Microsoft\Windows\rempl\shell => C:\Program Files\rempl\remsh.exe [2017-07-12] (Microsoft Corporation)
Task: {F42A61A6-56E0-440B-B1FC-5147BC263744} - System32\Tasks\ByteFence => C:\Program Files\ByteFence\ByteFence.exe <==== ATTENTION
Task: {FAC1DE6B-3205-489F-8F5C-7D45D3F15D4B} - System32\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D} => C:\Users\julie\AppData\Roaming\{46B27~1\sync.exe <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Tools_Update_{CFAC34AB-5DB5-4dea-94EC-1D42E3942873}.job => C:\Program Files (x86)\tools\update\tools_update.exe
Task: C:\Windows\Tasks\{34DDA7C1-41C8-4ED3-5D07-0F245CEFE642}.job => C:\Users\julie\AppData\Roaming\34DDA7~1\SYNCVE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\{444BDE33-1364-5DB6-2539-0AE6D27A45BA}.job => C:\Users\julie\AppData\Roaming\{444BD~1\SyncTask.exe <==== ATTENTION
Task: C:\Windows\Tasks\{4BC687CC-06A5-6365-0464-62C43102766D}.job => C:\Users\julie\AppData\Roaming\{46B27~1\sync.exe <==== ATTENTION
Task: C:\Windows\Tasks\{94AE63F8-DEB5-4AE1-A2A5-72629DBE8BF3}.job => C:\users\julie\appdata\local\{382C0~1\UNINST~1.EXE <==== ATTENTION

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2015-07-30 01:58 - 2015-07-30 01:58 - 000032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2016-12-24 04:30 - 2016-12-24 04:30 - 000152264 _____ () C:\Program Files (x86)\vSnapshot\1.0.0.0\vSnapshotServ.exe
2016-04-26 11:47 - 2016-04-26 11:47 - 000155784 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherService.exe
2017-07-21 17:52 - 2017-07-22 22:26 - 000025192 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2017-07-21 17:52 - 2017-07-22 22:26 - 000017000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2017-07-21 17:52 - 2017-07-22 22:26 - 000036968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2017-06-16 07:34 - 2017-06-03 14:39 - 002495776 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-04-26 11:47 - 2016-04-26 11:47 - 001049736 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\WeatherEntryDll.dll
2015-06-18 12:58 - 2016-08-23 13:51 - 000410600 _____ () C:\Windows\system32\igfxTray.exe
2017-05-10 17:05 - 2017-04-28 00:44 - 006569472 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-12-18 00:33 - 2016-11-19 07:06 - 000471040 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-05-10 17:05 - 2017-04-28 00:42 - 001808384 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-30 00:20 - 2015-09-17 06:43 - 002274816 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-07-29 16:16 - 2017-07-13 10:49 - 000190184 _____ () C:\Program Files\WebBarMedia\5.5.6403.17695\winwb.exe
2016-11-17 20:42 - 2016-10-25 08:15 - 000404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-02-26 10:12 - 2015-02-26 10:12 - 000330240 _____ () C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
2017-07-29 16:41 - 2017-06-27 12:06 - 002260432 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-04-30 00:13 - 2015-09-17 06:48 - 000429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2017-05-10 17:06 - 2017-04-28 02:58 - 000642048 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-12-24 04:30 - 2016-12-24 04:30 - 000574152 _____ () C:\Program Files (x86)\vSnapshot\1.0.0.0\Updata.dll
2016-04-26 11:46 - 2016-04-26 11:46 - 000543368 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPTask.dll
2016-04-26 11:46 - 2016-04-26 11:46 - 000406664 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPNet.dll
2016-04-26 11:46 - 2016-04-26 11:46 - 000428680 _____ () C:\Program Files (x86)\WeatherTool\2.0.1.11332\EVPDR.dll
2017-06-29 16:14 - 2017-06-23 03:21 - 002877272 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-29 16:14 - 2017-06-23 03:21 - 000086360 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-01-12 00:55 - 2017-01-04 15:28 - 001958912 _____ () C:\Users\julie\AppData\Local\Discord\app-0.0.297\ffmpeg.dll
2017-01-12 09:38 - 2017-01-12 09:38 - 001082880 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_voice\discord_voice.node
2017-01-12 09:38 - 2017-01-12 09:38 - 003750400 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_voice\libdiscord.dll
2017-01-12 09:38 - 2017-01-12 09:38 - 000914432 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_utils\discord_utils.node
2017-01-12 09:38 - 2017-01-12 09:38 - 001127424 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_toaster\discord_toaster.node
2017-01-12 00:55 - 2017-01-04 15:28 - 002278912 _____ () C:\Users\julie\AppData\Local\Discord\app-0.0.297\libglesv2.dll
2017-01-12 00:55 - 2017-01-04 15:28 - 000096768 _____ () C:\Users\julie\AppData\Local\Discord\app-0.0.297\libegl.dll
2017-07-30 20:51 - 2017-07-30 20:51 - 000148992 _____ () \\?\C:\Users\julie\AppData\Local\Temp\9BBD.tmp.node
2017-01-12 09:38 - 2017-04-29 10:04 - 002658296 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_rpc\discord_rpc.node
2017-01-12 09:39 - 2017-03-22 19:00 - 002665976 _____ () \\?\C:\Users\julie\AppData\Roaming\discord\0.0.297\modules\discord_contact_import\discord_contact_import.node

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 12:04 - 2017-07-21 21:56 - 000002024 _____ C:\Windows\system32\Drivers\etc\hosts

0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
0.0.0.0 media.opencandy.com
0.0.0.0 cdn.opencandy.com
0.0.0.0 tracking.opencandy.com
0.0.0.0 api.opencandy.com
0.0.0.0 api.recommendedsw.com
0.0.0.0 installer.betterinstaller.com
0.0.0.0 installer.filebulldog.com
0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
0.0.0.0 inno.bisrv.com
0.0.0.0 nsis.bisrv.com
0.0.0.0 cdn.file2desktop.com
0.0.0.0 cdn.goateastcach.us
0.0.0.0 cdn.guttastatdk.us
0.0.0.0 cdn.inskinmedia.com
0.0.0.0 cdn.insta.oibundles2.com
0.0.0.0 cdn.insta.playbryte.com
0.0.0.0 cdn.llogetfastcach.us
0.0.0.0 cdn.montiera.com
0.0.0.0 cdn.msdwnld.com
0.0.0.0 cdn.mypcbackup.com
0.0.0.0 cdn.ppdownload.com
0.0.0.0 cdn.riceateastcach.us
0.0.0.0 cdn.shyapotato.us
0.0.0.0 cdn.solimba.com
0.0.0.0 cdn.tuto4pc.com
0.0.0.0 cdn.appround.biz
0.0.0.0 cdn.bigspeedpro.com
0.0.0.0 cdn.bispd.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2551010487-507632001-2136295685-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "ETDCtrl"
HKLM\...\StartupApproved\Run: => "TecoResident"
HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run: => "TosWaitSrv"
HKLM\...\StartupApproved\Run32: => "isa"
HKLM\...\StartupApproved\Run32: => "RaidCall"
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2551010487-507632001-2136295685-1001\...\StartupApproved\Run: => "Gyazo"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{D95DEA41-3B0E-4B34-B797-8FD7181E699B}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{B66D737B-8411-4BCE-9730-95BF6720023C}] => (Allow) C:\Program Files (x86)\Spotify\Spotify.exe
FirewallRules: [{EA5392A7-3EBD-4D44-B09A-3CC34F694813}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{1A76E133-C588-4C5F-8F62-B157A01423A8}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyWebHelper.exe
FirewallRules: [{D1218A83-1FB8-4B61-A8AD-95E484732AB9}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{E7C98A21-7ADB-4877-830F-27230ED8E18E}] => (Allow) C:\Program Files (x86)\Spotify\SpotifyCrashService.exe
FirewallRules: [{A701DB51-DE0A-4B72-AAD1-505EBEB1CDFD}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{FF7FD586-4AE2-4D6F-AF8A-B4311ED93027}] => (Allow) C:\Users\julie\Steam.exe
FirewallRules: [{02601B73-67E2-4391-9552-9505BD068AC3}] => (Allow) C:\Users\julie\Steam.exe
FirewallRules: [{10871108-288A-45A0-A4B4-BF59B733FAF1}] => (Allow) C:\Users\julie\bin\steamwebhelper.exe
FirewallRules: [{9F6FE9B3-0B80-4448-AB69-5B6AA23512A1}] => (Allow) C:\Users\julie\bin\steamwebhelper.exe
FirewallRules: [{75D9594E-C0E4-4EC1-964D-DE8EFD8F843C}] => (Allow) C:\Program Files (x86)\RaidCall.RU\rcplugin.exe
FirewallRules: [{43B1AD62-B3C7-40E9-B154-AD73D41BAC4A}] => (Allow) C:\Program Files (x86)\RaidCall.RU\rcplugin.exe
FirewallRules: [TCP Query User{B3EC33A3-32F9-4AB4-A6B0-A949B4181337}C:\users\julie\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\julie\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{42C51A1E-8A19-444A-834A-6173D7BA8535}C:\users\julie\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\julie\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [{55659157-8D23-49B7-BE17-6D30BB07F5CE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/30/2017 03:18:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Discord.exe, version: 0.0.41.0, time stamp: 0x586d73db
Faulting module name: Discord.exe, version: 0.0.41.0, time stamp: 0x586d73db
Exception code: 0xc0000005
Fault offset: 0x0008f874
Faulting process ID: 0x1724
Faulting application start time: 0x01d309136dbc42a5
Faulting application path: C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe
Faulting module path: C:\Users\julie\AppData\Local\Discord\app-0.0.297\Discord.exe
Report ID: c179f25e-430f-4169-9ac1-f69d08189c0a
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/30/2017 01:34:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program ShellExperienceHost.exe version 10.0.10240.16766 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 820

Start Time: 01d3092d9caf4b75

Termination Time: 4294967295

Application Path: C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

Report Id: 74915c20-7523-11e7-9d46-bf27a282b8b9

Faulting package full name: Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy

Faulting package-relative application ID: App

Error: (07/30/2017 01:34:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP-IV3TQNOO)
Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10240.16384_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

Error: (07/30/2017 12:02:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.479, time stamp: 0x58f6af02
Faulting module name: CleanControllerImpl.dll, version: 3.1.0.317, time stamp: 0x594401af
Exception code: 0xc0000005
Fault offset: 0x00000000000b6c0a
Faulting process ID: 0x698
Faulting application start time: 0x01d309133611d155
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\CleanControllerImpl.dll
Report ID: 84490d85-27e1-4d67-beb6-f109fe98cdf0
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/30/2017 11:57:17 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 11:54:59 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO)
Description: Activation of application Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 11:49:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_Wcmsvc, version: 10.0.10240.16384, time stamp: 0x559f38cb
Faulting module name: SubscriptionMgr.dll, version: 10.0.10240.16515, time stamp: 0x55fa5509
Exception code: 0xe0464645
Fault offset: 0x000000000000a7a6
Faulting process ID: 0x420
Faulting application start time: 0x01d3091333f5923c
Faulting application path: C:\Windows\System32\svchost.exe
Faulting module path: C:\Windows\System32\SubscriptionMgr.dll
Report ID: 384fd967-e378-4f83-85f3-554dd1779c01
Faulting package full name: 
Faulting package-relative application ID:

Error: (07/30/2017 11:47:57 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO)
Description: Activation of application Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 10:22:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP-IV3TQNOO)
Description: Activation of application Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe!Microsoft.MicrosoftOfficeHub failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/30/2017 10:22:14 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HubTaskHost.exe, version: 16.0.7608.2350, time stamp: 0x58222a62
Faulting module name: Mso20Imm.dll, version: 16.0.7518.1000, time stamp: 0x5807b6ea
Exception code: 0x0071d20d
Fault offset: 0x000000000011a882
Faulting process ID: 0x1578
Faulting application start time: 0x01d309154d9b55df
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe\Mso20Imm.dll
Report ID: b57c402c-bb80-413f-879e-627ef7c65985
Faulting package full name: Microsoft.MicrosoftOfficeHub_17.7608.23501.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: Microsoft.MicrosoftOfficeHub


System errors:
=============
Error: (07/30/2017 12:03:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (07/30/2017 11:57:16 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-IV3TQNOO)
Description: The server CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca did not register with DCOM within the required timeout.

Error: (07/30/2017 11:54:56 AM) (Source: DCOM) (EventID: 10010) (User: LAPTOP-IV3TQNOO)
Description: The server CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca did not register with DCOM within the required timeout.

Error: (07/30/2017 10:23:08 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2017 10:23:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2017 10:23:06 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2017 10:23:05 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2017 10:23:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (07/30/2017 10:23:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


CodeIntegrity:
===================================
  Date: 2017-07-21 22:31:41.855
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:41.742
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:41.231
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:41.140
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:26.417
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:26.297
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:25.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:25.154
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:24.179
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-07-21 22:31:23.689
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Celeron(R) CPU N3050 @ 1.60GHz
Percentage of memory in use: 91%
Total physical RAM: 1894 MB
Available physical RAM: 160.17 MB
Total Virtual: 5095.52 MB
Available Virtual: 1135.04 MB

==================== Drives ================================

Drive c: (TIH0035500A) (Fixed) (Total:28.36 GB) (Free:0.7 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Ill get back with you tommorow night GMT After work.

Thanks for your help.

Stay Happy :)

 

Link to post
Share on other sites

Nice to meet you Leo :) And copy/paste works for me as well, no worries!

Follow the instructions below.

warning.gifMalicious Programs Warning!

I noticed that you have malicious programs installed on your system. I'll ask you to uninstall them since uninstalling such programs before running malware removal tools will ensure a better clean-up.

  • ByteFence Anti-Malware
  • PriceFountain
  • PRO PC Cleaner
  • Search the Web (Yahoo)
  • The Desktop Weather 2.0.1.11332
  • Update for PriceFountain
  • vSnapshot 1.0.0.0
  • Web Companion
  • WebBar Toolbar 5.5.6403.17695
  • Yahoo! Powered


If you have an issue when uninstalling a program, please let me know.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST.exe/FRST64.exe executable is located);
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users);
  • Click on the Fix button;
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Copy and paste its content in your next reply;

fixlist.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.