Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Trojan ZeroAccess


  • This topic is locked This topic is locked
33 replies to this topic

#1 Jazzdad51

Jazzdad51

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 01 March 2016 - 02:08 PM

I was re-directed here to complete the virus removal. I was having pop ups and videos telling me to call an 800 number. I have tried posting the FRST scans and an additional one from the other post but it times out. I will now try to post them one at a time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Stuart (administrator) on STUART-PC (01-03-2016 13:27:40)
Running from C:\Users\Stuart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56VN1WM6
Loaded Profiles: Stuart (Available Profiles: Stuart)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Lexmark International, Inc.) C:\Windows\System32\spool\drivers\x64\3\lxdnserv.exe
( ) C:\Windows\System32\lxdncoms.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
() C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Symantec Corporation) C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
(Lexmark International Inc.) C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Get-a-Clip\mflstart.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12446824 2012-01-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2867984 2011-12-22] (Synaptics Incorporated)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-02-06] (SRS Labs, Inc.)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1548208 2011-11-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [lxdnmon.exe] => C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe [660136 2010-02-03] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [107176 2010-02-03] (Lexmark International Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-05] (Intel Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [mflstart] => C:\Program Files (x86)\Get-a-Clip\mflstart.exe [116208 2016-01-07] ()
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\...\Run: [GoogleChromeAutoLaunch_C547D43CD725728C8B60ADB062C7B06A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [746648 2016-02-17] (Google Inc.)
HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\...\MountPoints2: {9b27efa9-d71b-11e1-ae97-446d57fd9d14} - E:\HPLauncher.exe
AppInit_DLLs-x32: mfllib.dll => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-29]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{1CEA1E07-124E-4738-99A8-5B995D1373FE}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{DAA485CD-C2C1-422D-B2CB-3E6F73CAA54B}: [DhcpNameServer] 82.163.142.7

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aol.com/
HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.toshiba.com
SearchScopes: HKLM -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> DefaultScope {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> DefaultScope {C68F0B74-0320-4EBA-80DC-3F6D5B8AC9CE} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> {C68F0B74-0320-4EBA-80DC-3F6D5B8AC9CE} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\.DEFAULT -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL =
SearchScopes: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> {97955683-C7D0-4208-BD9A-94716782D11C} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS494
SearchScopes: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> {{67A2568C-7A0A-4EED-AECC-B5405DE63B64}} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
Toolbar: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-11] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2015-12-03] (McAfee, Inc.)

FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-12] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-12] (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR HomePage: Default -> hxxp://start.toshiba.com
CHR StartupUrls: Default -> "hxxp://start.toshiba.com"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=orcl_default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-01-07]
CHR Extension: (Google Docs) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-07]
CHR Extension: (Google Drive) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-07]
CHR Extension: (YouTube) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-07]
CHR Extension: (Google Sheets) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-07]
CHR Extension: (SiteAdvisor) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-07]
CHR Extension: (Gmail) - C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-07]
CHR Extension: (Get-a-Clip Shopping Assistant) - C:\Program Files (x86)\Get-a-Clip\Plugins\CH [2016-01-07]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-17]
CHR HKLM-x32\...\Chrome\Extension: [aaffhmecfaelkngcbnfdkcckmillnoki] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 0220041456855427mcinstcleanup; C:\windows\TEMP\022004~1.EXE [883024 2015-05-04] (McAfee, Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-01-20] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-01-20] (Intel Corporation)
R2 lxdnCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe [29184 2009-04-28] (Lexmark International, Inc.)
R2 lxdn_device; C:\windows\system32\lxdncoms.exe [1039872 2007-11-28] ( )
R2 lxdn_device; C:\windows\SysWOW64\lxdncoms.exe [589824 2007-11-28] ( )
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2016-02-11] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-05] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [679120 2015-10-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)
R3 mfevtp; C:\windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)
R2 MFLService2; C:\Program Files (x86)\Get-a-Clip\MFLService2.exe [1983640 2016-01-07] () [File not signed]
R2 NAT; C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\NAT.exe [232424 2013-10-11] (Symantec Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\PC Checkup\SymcPCCULaunchSvc.exe [131512 2012-08-23] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ccSet_NAT; C:\Windows\system32\drivers\NATx64\010A000.009\ccSetx64.sys [150104 2013-07-29] (Symantec Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [537192 2015-10-06] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-10-06] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)
R3 SmbDrv; C:\Windows\System32\DRIVERS\Smb_driver.sys [21264 2011-12-22] (Synaptics Incorporated)
S3 mfeavfk01; \Device\mfeavfk01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 13:26 - 2016-03-01 13:27 - 00000000 ____D C:\FRST
2016-03-01 13:00 - 2016-03-01 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-02-29 13:23 - 2016-02-29 13:23 - 00022953 _____ C:\Users\Stuart\Desktop\scan2.txt
2016-02-29 13:22 - 2016-02-29 13:22 - 00002140 _____ C:\Users\Stuart\Desktop\scan1.txt
2016-02-29 13:01 - 2016-02-29 13:01 - 00000000 _____ C:\Users\Stuart\Downloads\esetsmartinstaller_enu_exe (1).2tk9qwm.partial
2016-02-29 13:00 - 2016-02-29 13:00 - 00000000 _____ C:\Users\Stuart\Downloads\esetsmartinstaller_enu_exe.cdawult.partial
2016-02-29 12:55 - 2016-02-29 12:55 - 00019028 _____ C:\Users\Stuart\Desktop\JRT.txt
2016-02-29 12:41 - 2016-02-29 12:44 - 00000000 ____D C:\AdwCleaner
2016-02-29 11:02 - 2016-03-01 12:57 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-02-29 11:01 - 2016-02-29 11:56 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-29 11:01 - 2016-02-29 11:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-29 11:01 - 2016-02-29 11:01 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-29 11:01 - 2016-02-29 11:01 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-29 11:01 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-02-29 11:01 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-02-29 11:01 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-02-27 13:54 - 2016-03-01 13:05 - 00003846 _____ C:\windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-02-27 11:28 - 2016-02-27 11:28 - 00003726 _____ C:\windows\System32\Tasks\{44FD033C-1E30-EFBA-756B-9B414722BF69}
2016-02-27 11:28 - 2016-02-27 11:28 - 00000000 ____D C:\ProgramData\622f843
2016-02-19 23:03 - 2016-02-29 11:56 - 00002013 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2016-02-19 23:03 - 2016-02-19 23:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-02-10 12:01 - 2016-02-06 05:48 - 25839104 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-02-10 12:01 - 2016-02-06 05:32 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-02-10 12:01 - 2016-02-06 05:24 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-02-10 12:01 - 2016-02-06 05:11 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-02-10 12:01 - 2016-02-06 05:10 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-02-10 12:01 - 2016-02-06 05:01 - 20366848 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-02-10 12:01 - 2016-02-06 04:54 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-02-10 12:01 - 2016-02-06 04:43 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-02-10 12:01 - 2016-02-06 04:38 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-02-10 12:01 - 2016-02-06 04:37 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-02-10 12:01 - 2016-02-06 04:32 - 14458368 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-02-10 12:01 - 2016-02-06 04:16 - 12857856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-02-10 12:01 - 2016-02-06 04:09 - 01547264 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-02-10 12:01 - 2016-02-06 03:54 - 01312256 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-02-10 12:01 - 2016-01-22 15:31 - 00387784 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-02-10 12:01 - 2016-01-22 15:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-02-10 12:01 - 2016-01-22 01:56 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-02-10 12:01 - 2016-01-22 01:41 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-02-10 12:01 - 2016-01-22 01:40 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-02-10 12:01 - 2016-01-22 01:40 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-02-10 12:01 - 2016-01-22 01:40 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-02-10 12:01 - 2016-01-22 01:40 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-02-10 12:01 - 2016-01-22 01:33 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-02-10 12:01 - 2016-01-22 01:32 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-02-10 12:01 - 2016-01-22 01:29 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-02-10 12:01 - 2016-01-22 01:27 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-02-10 12:01 - 2016-01-22 01:27 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-02-10 12:01 - 2016-01-22 01:27 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-02-10 12:01 - 2016-01-22 01:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-02-10 12:01 - 2016-01-22 01:17 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-02-10 12:01 - 2016-01-22 01:09 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-02-10 12:01 - 2016-01-22 01:08 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-02-10 12:01 - 2016-01-22 01:05 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-02-10 12:01 - 2016-01-22 01:04 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-02-10 12:01 - 2016-01-22 01:02 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-02-10 12:01 - 2016-01-22 01:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-02-10 12:01 - 2016-01-22 01:02 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-02-10 12:01 - 2016-01-22 01:01 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-02-10 12:01 - 2016-01-22 01:01 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-02-10 12:01 - 2016-01-22 01:00 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-02-10 12:01 - 2016-01-22 01:00 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-02-10 12:01 - 2016-01-22 00:55 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-02-10 12:01 - 2016-01-22 00:55 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-02-10 12:01 - 2016-01-22 00:51 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-02-10 12:01 - 2016-01-22 00:51 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-02-10 12:01 - 2016-01-22 00:50 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-02-10 12:01 - 2016-01-22 00:48 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-02-10 12:01 - 2016-01-22 00:47 - 00798208 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-02-10 12:01 - 2016-01-22 00:46 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-02-10 12:01 - 2016-01-22 00:46 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-02-10 12:01 - 2016-01-22 00:43 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-02-10 12:01 - 2016-01-22 00:39 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-10 12:01 - 2016-01-22 00:38 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-02-10 12:01 - 2016-01-22 00:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-02-10 12:01 - 2016-01-22 00:35 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-02-10 12:01 - 2016-01-22 00:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-02-10 12:01 - 2016-01-22 00:34 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-02-10 12:01 - 2016-01-22 00:33 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-02-10 12:01 - 2016-01-22 00:31 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-02-10 12:01 - 2016-01-22 00:27 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-02-10 12:01 - 2016-01-22 00:25 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-02-10 12:01 - 2016-01-22 00:24 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-02-10 12:01 - 2016-01-22 00:24 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-02-10 12:01 - 2016-01-22 00:08 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-02-10 12:01 - 2016-01-22 00:07 - 02120704 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-02-10 12:01 - 2016-01-22 00:02 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-02-10 12:01 - 2016-01-16 14:06 - 00025024 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-02-10 12:01 - 2016-01-16 13:54 - 01162240 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-02-10 12:01 - 2016-01-11 09:08 - 01362944 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-02-10 12:01 - 2016-01-11 09:08 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-02-10 12:01 - 2016-01-11 09:08 - 00677376 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-02-10 12:01 - 2016-01-11 09:08 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-02-10 12:01 - 2016-01-11 09:08 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-02-10 12:01 - 2016-01-06 14:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-02-10 12:01 - 2016-01-06 14:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-02-10 12:01 - 2016-01-06 13:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-02-10 12:00 - 2016-01-11 14:05 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-02-10 12:00 - 2016-01-11 14:05 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-02-10 12:00 - 2016-01-11 14:05 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-02-10 12:00 - 2016-01-11 13:52 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-02-10 12:00 - 2016-01-11 13:47 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-02-10 12:00 - 2016-01-11 13:26 - 02610176 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-02-10 12:00 - 2016-01-11 13:24 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-02-10 12:00 - 2016-01-11 13:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-02-10 12:00 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-02-10 12:00 - 2016-01-11 13:23 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-02-10 12:00 - 2016-01-11 13:23 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-02-10 12:00 - 2016-01-11 13:23 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-02-10 12:00 - 2016-01-11 13:14 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-02-10 12:00 - 2016-01-11 13:14 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-02-10 12:00 - 2016-01-11 13:14 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-02-10 12:00 - 2016-01-11 13:14 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-02-10 12:00 - 2016-01-07 12:53 - 03211776 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-02-10 12:00 - 2016-01-07 12:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-02-10 11:59 - 2016-01-22 01:27 - 05573056 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-02-10 11:59 - 2016-01-22 01:27 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-02-10 11:59 - 2016-01-22 01:27 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-02-10 11:59 - 2016-01-22 01:24 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-02-10 11:59 - 2016-01-22 01:20 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-02-10 11:59 - 2016-01-22 01:19 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-02-10 11:59 - 2016-01-22 01:19 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-02-10 11:59 - 2016-01-22 01:19 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-02-10 11:59 - 2016-01-22 01:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-02-10 11:59 - 2016-01-22 01:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-02-10 11:59 - 2016-01-22 01:18 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-02-10 11:59 - 2016-01-22 01:17 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-02-10 11:59 - 2016-01-22 01:17 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-02-10 11:59 - 2016-01-22 01:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-02-10 11:59 - 2016-01-22 01:16 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-02-10 11:59 - 2016-01-22 01:16 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-02-10 11:59 - 2016-01-22 01:16 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-02-10 11:59 - 2016-01-22 01:15 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-02-10 11:59 - 2016-01-22 01:15 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-02-10 11:59 - 2016-01-22 01:15 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-02-10 11:59 - 2016-01-22 01:13 - 03993536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-02-10 11:59 - 2016-01-22 01:13 - 03938752 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-02-10 11:59 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-02-10 11:59 - 2016-01-22 01:13 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-02-10 11:59 - 2016-01-22 01:13 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:12 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 01:09 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-02-10 11:59 - 2016-01-22 01:06 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-02-10 11:59 - 2016-01-22 01:05 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-02-10 11:59 - 2016-01-22 01:05 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-02-10 11:59 - 2016-01-22 01:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-02-10 11:59 - 2016-01-22 01:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-02-10 11:59 - 2016-01-22 01:02 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-02-10 11:59 - 2016-01-22 01:02 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-02-10 11:59 - 2016-01-22 01:02 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-02-10 11:59 - 2016-01-22 01:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-02-10 11:59 - 2016-01-22 01:02 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-02-10 11:59 - 2016-01-22 01:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-02-10 11:59 - 2016-01-22 01:02 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:59 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-10 11:59 - 2016-01-22 00:13 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-02-10 11:59 - 2016-01-22 00:07 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-02-10 11:59 - 2016-01-22 00:07 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-02-10 11:59 - 2016-01-22 00:05 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-02-10 11:59 - 2016-01-21 23:59 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-02-10 11:59 - 2016-01-21 23:58 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-02-10 11:59 - 2016-01-21 23:58 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-02-10 11:59 - 2016-01-21 23:57 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-02-10 11:59 - 2016-01-21 23:57 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-02-10 11:59 - 2016-01-21 23:53 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-02-10 11:59 - 2016-01-21 23:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-02-10 11:59 - 2016-01-21 23:53 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-02-10 11:59 - 2016-01-21 23:53 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-02-10 11:59 - 2016-01-21 23:51 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-02-10 11:59 - 2016-01-21 23:51 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-10 11:59 - 2016-01-21 23:51 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-10 11:59 - 2016-01-21 23:51 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-10 11:59 - 2016-01-21 23:51 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-10 11:59 - 2016-01-16 14:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-02-10 11:59 - 2016-01-16 13:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-02-10 11:58 - 2016-01-22 01:19 - 14179840 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-02-10 11:58 - 2016-01-22 01:15 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-02-10 11:58 - 2016-01-22 01:12 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-02-10 11:58 - 2016-01-22 01:05 - 12877824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-02-10 11:58 - 2016-01-22 01:00 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-02-10 11:58 - 2016-01-22 00:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-02-10 11:58 - 2016-01-22 00:19 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-02-10 11:58 - 2016-01-22 00:12 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-01 13:10 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-01 13:10 - 2009-07-13 23:45 - 00024608 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-01 13:04 - 2009-07-14 00:13 - 00783424 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-01 13:04 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2016-03-01 13:03 - 2015-12-06 17:32 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-01 12:56 - 2012-06-20 02:54 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-01 12:56 - 2012-06-20 02:12 - 00000828 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-03-01 12:55 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-02-29 15:50 - 2012-06-20 03:13 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2016-02-29 15:47 - 2012-06-20 02:54 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-29 13:53 - 2012-06-20 02:12 - 00000830 _____ C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-02-29 11:56 - 2015-12-12 13:40 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-29 11:56 - 2015-12-12 13:40 - 00002052 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2016-02-29 11:56 - 2015-07-30 11:04 - 00000871 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-02-29 11:56 - 2013-01-11 08:58 - 00002024 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-02-29 11:56 - 2012-07-25 17:33 - 00001404 _____ C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-02-29 11:56 - 2012-06-20 03:10 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk
2016-02-29 11:56 - 2012-06-20 03:03 - 00001373 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
2016-02-29 11:56 - 2012-06-20 03:03 - 00001304 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
2016-02-29 11:56 - 2012-06-20 03:02 - 00002485 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-02-29 11:56 - 2012-06-20 03:02 - 00001457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-02-29 11:56 - 2012-06-20 02:55 - 00002201 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-29 11:56 - 2012-06-20 02:54 - 00001714 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
2016-02-29 11:56 - 2012-03-22 16:44 - 00002423 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
2016-02-29 11:56 - 2012-03-22 16:02 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-02-29 11:56 - 2012-03-22 16:02 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-02-29 11:56 - 2009-07-14 00:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-02-29 11:56 - 2009-07-13 23:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-29 11:56 - 2009-07-13 23:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-02-29 11:56 - 2009-07-13 23:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-02-29 11:56 - 2009-07-13 23:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-02-29 11:56 - 2009-07-13 23:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-02-29 11:56 - 2009-07-13 23:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-02-29 11:55 - 2014-03-13 19:55 - 00000136 _____ C:\Users\Stuart\Desktop\Solitaire - Shortcut.lnk
2016-02-29 11:55 - 2012-10-02 18:19 - 00000356 _____ C:\Users\Stuart\Desktop\Hearts.lnk
2016-02-29 11:55 - 2012-07-31 17:46 - 00001341 _____ C:\Users\Stuart\Desktop\Essential Jazz Guitar Vol. 3 - Low Comping.lnk
2016-02-29 11:54 - 2012-03-22 16:32 - 00000000 ____D C:\windows\Panther
2016-02-29 11:10 - 2016-01-09 11:56 - 00000000 ____D C:\Program Files (x86)\YourHelper
2016-02-28 15:10 - 2012-07-29 21:19 - 00000000 ____D C:\Users\Stuart\AppData\Local\CrashDumps
2016-02-25 20:54 - 2015-04-05 08:42 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-02-25 20:54 - 2015-04-05 08:42 - 00000000 ___SD C:\windows\system32\GWX
2016-02-24 10:55 - 2013-04-27 08:15 - 00000000 ____D C:\ProgramData\McAfee
2016-02-23 19:09 - 2015-12-06 17:33 - 00003348 _____ C:\windows\System32\Tasks\McAfee Remediation (Prepare)
2016-02-19 23:03 - 2015-11-21 09:08 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-02-10 20:57 - 2009-07-13 23:45 - 00272664 _____ C:\windows\system32\FNTCACHE.DAT
2016-02-10 20:55 - 2014-12-13 10:21 - 00000000 ____D C:\windows\system32\appraiser
2016-02-10 20:55 - 2014-05-10 09:59 - 00000000 ___SD C:\windows\system32\CompatTel
2016-02-10 20:55 - 2010-11-21 02:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-10 13:05 - 2013-08-11 08:00 - 00000000 ____D C:\windows\system32\MRT
2016-02-10 13:00 - 2012-07-26 20:14 - 146614896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-02-10 11:50 - 2012-06-20 03:13 - 00796864 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2016-02-10 11:50 - 2012-06-20 03:13 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2016-02-10 11:50 - 2012-03-22 16:34 - 00142528 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-02 13:42 - 2012-06-20 02:54 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-02 13:42 - 2012-06-20 02:54 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-01 13:41 - 2009-07-14 00:08 - 00032594 _____ C:\windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2013-01-18 11:25 - 2014-09-08 20:30 - 0000504 _____ () C:\ProgramData\FastPics.log
ZeroAccess:
C:\Users\Stuart\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some files in TEMP:
====================
C:\Users\Stuart\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-11-20 07:03

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


#2 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 01 March 2016 - 02:11 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Stuart (2016-03-01 13:28:42)
Running from C:\Users\Stuart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56VN1WM6
Windows 7 Home Premium Service Pack 1 (X64) (2012-07-25 22:30:38)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1995501055-2899037972-3326893948-500 - Administrator - Disabled)
Guest (S-1-5-21-1995501055-2899037972-3326893948-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1995501055-2899037972-3326893948-1004 - Limited - Enabled)
Stuart (S-1-5-21-1995501055-2899037972-3326893948-1000 - Administrator - Enabled) => C:\Users\Stuart

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Amazon Links (HKLM-x32\...\{3135D885-9D9A-4B4D-8D45-9DB05DA115CA}) (Version: 2.02 - TOSHIBA Corporation)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Essential Jazz Guitar Vol. 3 - 20 Tunes (HKLM-x32\...\VGLJG1_is1) (Version:  - PG Music Inc.)
Get-a-Clip (HKLM-x32\...\Get-a-Clip) (Version:  - Get-a-Clip)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.1.1399 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2639 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{538B98C3-773F-4F20-9C66-802D104DCBE2}) (Version: 1.23.219.2 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark 2600 Series (HKLM\...\Lexmark 2600 Series) (Version:  - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
McAfee SecurityCenter (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Norton Anti-Theft (HKLM-x32\...\NAT) (Version: 1.10.0.9 - Symantec Corporation)
Norton PC Checkup (HKLM-x32\...\Norton PC Checkup_is1) (Version: 3.0.2.90.0 - NortonLive Services)
PG Music DirectX Plugins 2.0.0.0 (HKLM-x32\...\PG Music DirectX Plugins_is1) (Version:  - PG Music Inc.)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Premium Sound HD (HKLM\...\{439A73C2-8CFA-4630-8484-36BCA2AEBB0A}) (Version: 1.12.0300 - SRS Labs, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6559 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7601.39013 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0016 - REALTEK Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.39.0 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{2C486987-D447-4E36-8D61-86E48E24199C}) (Version: 1.3.10.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{97965331-BC5D-4D9F-B6DF-5C0A123E4AE0}) (Version: 2.1.0.8 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.11 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2004 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{0AF17224-CF88-40B8-BB1A-D179369847B4}) (Version: 2.1.0.3 - TOSHIBA Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0021.640203 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0BA172BA-0EDB-4833-9CBE-2C882B55A720} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {169EACB1-9DAD-4365-ADC0-380163BB0D2B} - \{0C0F0D47-0A0C-0E78-7811-08780D05117A} -> No File <==== ATTENTION
Task: {1A8C0AFF-060C-4390-AE4C-8F057CCAA86F} - System32\Tasks\PC Checkup 3 Weekly Scan => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2012-08-23] (Symantec Corporation)
Task: {24665612-8F0D-4532-AA35-18767CFEB8D9} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {3086DBF9-F87F-4BF5-B614-2C8452511DBE} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
Task: {34C8259A-69B8-4FF6-8C8F-D1893407D9E6} - System32\Tasks\{44FD033C-1E30-EFBA-756B-9B414722BF69} => /s /n /i:"/rt" "C:\PROGRA~3\622f843\1dbdfda9.dll"
Task: {4700B0FB-20C5-4365-AF94-A59A4D951C81} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-12] (McAfee, Inc.)
Task: {56B6D25E-3ADF-4C66-9D86-15DDC8AF6659} - System32\Tasks\Scheduled Task Name => C:\Program Files (x86)\PC Checkup\NLAppLauncher.exe [2012-08-23] (Symantec Corporation)
Task: {5B8CDBEE-F312-407A-8EE9-BDA254AB2252} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {5ECAE8F8-D52F-49A9-B8C4-61B5C025EB66} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {87A67F71-B0E0-44BF-A91B-190B650D3A36} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {894331E8-A19C-4DDB-A4DB-9DA2A16DC847} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {9807BEC6-C01E-40C7-BF00-BF141EA47353} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {C5E2F289-7E72-4C85-B9C3-69882D81A640} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {D4748B4E-A6DC-429F-BD7E-CD9102F330DB} - System32\Tasks\Installation App Launcher => C:\Program Files (x86)\Lexmark 2600 Series\ezprint.exe [2010-02-03] (Lexmark International Inc.)
Task: {E470BDC1-0B4F-4981-9F64-408FDF229E90} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {E716F704-7273-4151-89AD-0B3E99DEBAA4} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {FC9AE56B-E83C-4509-928B-36C691E99B86} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2013-01-18 11:28 - 2009-08-13 03:06 - 00177152 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxdndrpp.dll
2012-06-20 02:11 - 2012-01-20 13:45 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2016-01-07 18:48 - 2016-01-07 18:48 - 01983640 _____ () C:\Program Files (x86)\Get-a-Clip\MFLService2.exe
2011-08-22 17:19 - 2011-08-22 17:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2012-02-01 13:34 - 2012-02-01 13:34 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-01-18 11:25 - 2010-02-03 23:05 - 00660136 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
2016-01-07 18:48 - 2016-01-07 18:48 - 00116208 _____ () C:\Program Files (x86)\Get-a-Clip\mflstart.exe
2011-11-25 20:51 - 2011-11-25 20:51 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2016-01-07 18:48 - 2016-01-07 18:48 - 00121912 _____ () C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.Config.dll
2013-01-18 11:25 - 2009-07-23 10:48 - 00380928 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
2013-01-18 11:24 - 2007-05-28 22:39 - 00589824 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
2013-01-18 11:24 - 2007-03-25 22:39 - 00073728 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
2013-01-18 11:25 - 2009-07-23 10:49 - 00782336 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
2013-01-18 11:25 - 2009-05-14 04:46 - 00081920 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
2013-01-18 11:25 - 2007-10-02 05:51 - 00069632 _____ () C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
2013-01-18 11:25 - 2007-10-12 09:24 - 00364544 _____ () C:\Program Files (x86)\Lexmark 2600 Series\iptk.dll
2016-02-19 23:49 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-19 23:49 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2012-06-20 02:11 - 2012-01-20 13:23 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2016-02-19 23:03 - 00000855 ____A C:\windows\system32\Drivers\etc\hosts

0.0.0.1 mssplus.mcafee.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stuart\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Restore Points =========================

13-01-2016 14:12:32 Windows Update
10-02-2016 12:49:05 Windows Update
25-02-2016 20:54:37 Windows Update
29-02-2016 12:52:08 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2016 12:57:19 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (03/01/2016 12:56:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/29/2016 12:47:57 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/29/2016 12:47:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/29/2016 12:45:21 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: PC Health Info Connection. Error: Operation failed.

Error: (02/29/2016 12:45:21 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Alerts. Error: Operation failed.

Error: (02/29/2016 12:45:21 PM) (Source: TOSHIBA Service Station) (EventID: 0) (User: )
Description: The following module failed to stop processing: Software Updates. Error: Operation failed.

Error: (02/29/2016 12:31:06 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (02/29/2016 12:30:55 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "41.0.2272.74,language="&#x2a;",type="win32",version="41.0.2272.74"1".
Dependent Assembly 41.0.2272.74,language="&#x2a;",type="win32",version="41.0.2272.74" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (02/29/2016 12:30:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (03/01/2016 12:57:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005

Error: (02/29/2016 12:57:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/29/2016 12:57:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/29/2016 12:57:34 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (02/29/2016 12:52:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Anti-Theft service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (02/29/2016 12:44:56 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (02/29/2016 12:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/29/2016 12:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/29/2016 12:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (02/29/2016 12:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TPCH Service service terminated unexpectedly.  It has done this 1 time(s).

==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 6036.8 MB
Available physical RAM: 3538.41 MB
Total Virtual: 12071.82 MB
Available Virtual: 9242.97 MB

==================== Drives ================================

Drive c: (TI106401W0D) (Fixed) (Total:581.42 GB) (Free:504.96 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 4537E8B6)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.3 GB) - (Type=17)

==================== End of Addition.txt ============================


Trojan.0Access, C:\Users\Stuart\AppData\Local\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\???, Quarantined, [5226e3838f0ad1657c23986a07f9728e],
Trojan.0Access, C:\Users\Stuart\AppData\Local\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\???\???, Quarantined, [5226e3838f0ad1657c23986a07f9728e],
Trojan.0Access, C:\Users\Stuart\AppData\Local\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\???\???\???, Quarantined, [5226e3838f0ad1657c23986a07f9728e],
Trojan.0Access, C:\Users\Stuart\AppData\Local\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\???\???\???\{f4e27e32-d5b5-bc82-61cb-000bef51340d}, Quarantined, [5226e3838f0ad1657c23986a07f9728e],
Trojan.0Access, C:\Users\Stuart\AppData\Local\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\???\???\???\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\L, Quarantined, [5226e3838f0ad1657c23986a07f9728e],
Trojan.0Access, C:\Users\Stuart\AppData\Local\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\???\???\???\{f4e27e32-d5b5-bc82-61cb-000bef51340d}\U, Quarantined, [5226e3838f0ad1657c23986a07f9728e],
Trojan.0Access, C:\Users\Stuart\AppData\Local\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}, Quarantined, [98e00066326775c15f41ff03dd239967],
Trojan.0Access, c:\Program Files (x86)\Google\Desktop\Install\{f4e27e32-d5b5-bc82-61cb-000bef51340d}, Delete-on-Reboot, [14646204efaa2e083c6503ff5ca4a858],



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 02 March 2016 - 08:55 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

This is a A potentially unwanted

Get-a-Clip (HKLM-x32\...\Get-a-Clip) (Version: - Get-a-Clip)
Check it out.
https://www.virustotal.com/en/file/af910e80f17e2bfcd58e74674624fd3f312df2dba441c782fd2b1124ac08621e/analysis/
.
https://www.reasoncoresecurity.com/mflservice2.exe-ff451155ea0eac44a2159b18918e8ee437b0c2fb.aspx
60% remove it

Use the Control Panel > Programs and Features applet if you decide to remove it.
====

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to the a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
AppInit_DLLs-x32: mfllib.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
Task: {169EACB1-9DAD-4365-ADC0-380163BB0D2B} - \{0C0F0D47-0A0C-0E78-7811-08780D05117A} -> No File <==== ATTENTION
Task: {34C8259A-69B8-4FF6-8C8F-D1893407D9E6} - System32\Tasks\{44FD033C-1E30-EFBA-756B-9B414722BF69} => /s /n /i:"/rt" "C:\PROGRA~3\622f843\1dbdfda9.dll"
C:\PROGRA~3\622f843\1dbdfda9.dll
C:\Users\Stuart\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java via the Control Panel > Programs and Features applet.
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)

Please post the logs let me know what problem persists with this computer.

#4 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 02 March 2016 - 12:45 PM

Hi Nasdaq, I'm not a computer geek so I may not be doing something correctly. I saved the fixlist.txt as directed and I went to the next step to run the FRST scan. I had to download it again because I could not find the tool. It made two list and I clicked fix once but it said no text was found and I clicked ok and it disappeared. I shut down and rebooted and I could not find a fixlog.txt.

 

Also I uninstalled get a clip again from the control panel but it's still there.

 

I really don't know if I need java or not. I play guitar and mostly I use the computer for music audio(youtube, etc) and for reading news articles.

 

When I first boot up the Malwarebites blocks several pop ups.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 02 March 2016 - 02:08 PM


The files you Download with IE are being saved in the Internet Explorer Temporary folders.
Running from C:\Users\Stuart\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\56VN1WM6

This is not recommended.

Please follow the Instructions on this page.
http://www.sevenforums.com/tutorials/112232-internet-explorer-change-default-download-location.html
Follow the instructions in Option 1.

When you have set this, all your Downloads will from now on be saved in the C:\User name\Download folder.

Download the Farbar tool again.

Navigate to the folder and right click on the .exe file and select Copy.

Open your Desktop and paste the file on it.

Now copy the file fixlist.txt that you have created to the Desktop.(If not already there.)

Run my suggested fix that should work.

Post the Fixlog.txt for my review.
===

Run the Malwarebytes tool and post the log for my review.

#6 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 02 March 2016 - 05:13 PM

I think I did it.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
Ran by Stuart (2016-03-02 17:01:48) Run:1
Running from C:\Users\Stuart\Downloads
Loaded Profiles: Stuart (Available Profiles: Stuart)
Boot Mode: Normal
==============================================

fixlist content:
*****************

Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [] => [X]
AppInit_DLLs-x32: mfllib.dll => No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-1995501055-2899037972-3326893948-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\new_plugin\npjp2.dll [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
S3 mfeavfk01; \Device\mfeavfk01.sys [X]
Task: {169EACB1-9DAD-4365-ADC0-380163BB0D2B} - \{0C0F0D47-0A0C-0E78-7811-08780D05117A} -> No File <==== ATTENTION
Task: {34C8259A-69B8-4FF6-8C8F-D1893407D9E6} - System32\Tasks\{44FD033C-1E30-EFBA-756B-9B414722BF69} => /s /n /i:"/rt" "C:\PROGRA~3\622f843\1dbdfda9.dll"
C:\PROGRA~3\622f843\1dbdfda9.dll
C:\Users\Stuart\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install

End

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"mfllib.dll" => Value data removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-1995501055-2899037972-3326893948-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
mfeavfk01 => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{169EACB1-9DAD-4365-ADC0-380163BB0D2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{169EACB1-9DAD-4365-ADC0-380163BB0D2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{0C0F0D47-0A0C-0E78-7811-08780D05117A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34C8259A-69B8-4FF6-8C8F-D1893407D9E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34C8259A-69B8-4FF6-8C8F-D1893407D9E6}" => key removed successfully
C:\windows\System32\Tasks\{44FD033C-1E30-EFBA-756B-9B414722BF69} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44FD033C-1E30-EFBA-756B-9B414722BF69}" => key removed successfully
C:\PROGRA~3\622f843\1dbdfda9.dll => moved successfully
C:\Users\Stuart\AppData\Local\Google\Desktop\Install => moved successfully
C:\Program Files (x86)\Google\Desktop\Install => moved successfully
EmptyTemp: => 285.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 17:02:32 ====



#7 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 02 March 2016 - 06:04 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/2/2016
Scan Time: 5:14 PM
Logfile: AdwCleaner1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.02.05
Rootkit Database: v2016.02.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Stuart

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 342710
Time Elapsed: 22 min, 40 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-42b5-0, Quarantined, [01fc384ae5b424124cfab67934d1e719],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-61e5-1, Quarantined, [ad500e74683159dd2d19fa359273ab55],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-6de7-1, Quarantined, [8c71780a2b6ea49262e4cd62c63f39c7],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-6fb5-0, Quarantined, [e419fe84960359ddfd4967c8c045a759],

Files: 4
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-42b5-0\419b6b75-42b5-0.d, Quarantined, [01fc384ae5b424124cfab67934d1e719],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-61e5-1\419b6b75-61e5-1.d, Quarantined, [ad500e74683159dd2d19fa359273ab55],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-6de7-1\419b6b75-6de7-1.d, Quarantined, [8c71780a2b6ea49262e4cd62c63f39c7],
PUP.Optional.DNSUnlocker.BrwsrFlsh, C:\ProgramData\419b6b75-6fb5-0\419b6b75-6fb5-0.d, Quarantined, [e419fe84960359ddfd4967c8c045a759],

Physical Sectors: 0
(No malicious items detected)

(end)



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 03 March 2016 - 09:14 AM

Good work.

Is the problem with popups resolved?

#9 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 03 March 2016 - 10:32 AM

Yes. It looks like things are back to normal. I really appreciate this. For your information I have an external hard drive that has a music program on it called Band-in-a-box and I ran the Malwarebytes on it and it found the Trojan0access on it. That's one nasty virus. Also I still have the get a clip in my programs. When I run the uninstall it says it removes it but it doesn't.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 03 March 2016 - 01:44 PM

Is you external Hard Drive a USB type?

Which program is reporting this ZeroAccess virus.
What is the exact error message.
===

Also I still have the get a clip in my programs


Lets check it out.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :regfind
    Get-a-Clip
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.
===

#11 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 03 March 2016 - 02:00 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 13:55 on 03/03/2016 by Stuart
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== regfind ==========

Searching for "Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Get-a-Clip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Get-a-Clip]
"InstallDir"="C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mflstart"="C:\Program Files (x86)\Get-a-Clip\mflstart.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"DisplayName"="Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"DisplayIcon"="C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"UninstallString"="C:\Program Files (x86)\Get-a-Clip\SetupWizard.exe /u /uid E6E9331E-AF9D-9FB2-E7AF-03EF0C3FA5F5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"Publisher"="Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"URLInfoAbout"="http://get-a-clip.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"HelpLink"="http://get-a-clip.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
@="C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
@="C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MFLService2]
"ImagePath"=""C:\Program Files (x86)\Get-a-Clip\MFLService2.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MFLService2]
"Description"="Get-A-Clip helper service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MFLService2]
"ImagePath"=""C:\Program Files (x86)\Get-a-Clip\MFLService2.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MFLService2]
"Description"="Get-A-Clip helper service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFLService2]
"ImagePath"=""C:\Program Files (x86)\Get-a-Clip\MFLService2.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFLService2]
"Description"="Get-A-Clip helper service"

-= EOF =-


SystemLook 30.07.11 by jpshortstuff
Log created at 13:57 on 03/03/2016 by Stuart
Administrator - Elevation successful

========== regfind ==========

Searching for "Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
@="C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
@="C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Get-a-Clip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Get-a-Clip]
"InstallDir"="C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mflstart"="C:\Program Files (x86)\Get-a-Clip\mflstart.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"DisplayName"="Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"DisplayIcon"="C:\Program Files (x86)\Get-a-Clip\Get-a-Clip.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"UninstallString"="C:\Program Files (x86)\Get-a-Clip\SetupWizard.exe /u /uid E6E9331E-AF9D-9FB2-E7AF-03EF0C3FA5F5"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"Publisher"="Get-a-Clip"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"URLInfoAbout"="http://get-a-clip.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
"HelpLink"="http://get-a-clip.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
@="C:\Program Files (x86)\Get-a-Clip\MFLPluginIE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
@="C:\Program Files (x86)\Get-a-Clip"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MFLService2]
"ImagePath"=""C:\Program Files (x86)\Get-a-Clip\MFLService2.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MFLService2]
"Description"="Get-A-Clip helper service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MFLService2]
"ImagePath"=""C:\Program Files (x86)\Get-a-Clip\MFLService2.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MFLService2]
"Description"="Get-A-Clip helper service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFLService2]
"ImagePath"=""C:\Program Files (x86)\Get-a-Clip\MFLService2.exe""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFLService2]
"Description"="Get-A-Clip helper service"

-= EOF =-



#12 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 03 March 2016 - 02:06 PM

Yes my external hd is usb. There wasn't an error message. I just decided to check it because I keep losing space on it for no reason.



#13 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 03 March 2016 - 02:19 PM

I just checked the ext hd again and it found 0 threats.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:56 AM

Posted 03 March 2016 - 03:00 PM

Copy the text IN THE QUOTE BOX below to notepad. Save it as fixme.reg to your desktop.
Be sure the "Save as" type is set to "all files" Once you have saved Right click the .reg file and allow it to merge with the registry.
 

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Get-a-Clip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mflstart"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Get-a-Clip]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B0932222-51E2-47D1-A4EF-CB10AE7DF086}\InprocServer32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\0\win32]
@=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{5DC6C679-3C7F-49C7-A12D-4D9E9DB8274B}\1.0\HELPDIR]
@=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MFLService2]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MFLService2]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MFLService2]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\MFLService2]
"Description"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFLService2]
"ImagePath"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MFLService2]
"Description"=-


Restart the when completed.

You can delete the fixme.reg file when done.
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#15 Jazzdad51

Jazzdad51
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:11:56 AM

Posted 03 March 2016 - 03:19 PM

It would not let it merge. It said:

 

Cannot import specified file C:/users/stuart/desktop/fixme.reg. File is not a registry script. You can only import binary registry files from within the registry editor.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users