Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MPC cleaner help


  • This topic is locked This topic is locked
8 replies to this topic

#1 chiodosin1

chiodosin1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 30 August 2016 - 08:17 PM

I'm a bit new here so hopefully I'm doing this right... but I recently ended up with MPC cleaner on my PC. It was obvious right away it was causing problems such as installing or attempting to install other unwanted programs, change settings on my internet browsers ect. I was able to uninstall the majority of the programs it put on but some appear to be hidden from my list of programs. The cleaner itself was also hidden but I was able to locate it program files, however I was unable to delete or modify them and got a repeated message that I needed to be an administrator (which I am) I tried using safe mode but got the same result. I gave up and tried to use an anti virus program but found that after trying  2 different ones they got stuck during the installation process, I assume do to the virus but I'm not sure. I've never had a virus like this before so I'm unsure of what to do now and I don't wanna have to take my computer in if I can help it.



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:39 PM

Posted 31 August 2016 - 07:56 AM

Hello

  •   Welcome to Bleeping Computer.
  •   My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  •   Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  •   If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  •   Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  •   In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.
  •   Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  •   I will be analyzing your log. I will get back to you with instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 chiodosin1

chiodosin1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 31 August 2016 - 04:51 PM

Thanks a bunch, this should be what you want.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by ir7809qi (administrator) on BOB (31-08-2016 16:39:34)
Running from C:\Users\ir7809qi\Downloads
Loaded Profiles: ir7809qi (Available Profiles: ir7809qi)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\ir7809qi\AppData\Local\BrowserAir\Application\BrowserairExec.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Realtek\REALTEK Bluetooth\BTDevMgr.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe
() C:\Program Files (x86)\dataup\dataup.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(© 2015 Microsoft Corporation) C:\Users\ir7809qi\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
() C:\Users\ir7809qi\AppData\Local\DeskBar\2.7.5.1765\DeskBar.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
() C:\Program Files (x86)\msrtn32\msrtn32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
(Node.js) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Search Module Ltd.) C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe
() C:\Program Files (x86)\msrtn32\cdhtr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Ao LTD                                                      ) C:\Users\ir7809qi\AppData\Local\Temp\BrowserAir.exe
() C:\Users\ir7809qi\AppData\Local\Temp\is-VMRSA.tmp\BrowserAir.tmp
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\msrtn32\rthdcpd.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7659224 2014-11-14] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3957816 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-01] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [4263544 2016-05-27] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM\...\Run: [applica] => "C:\Program Files (x86)\applica\applica.exe"
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [653576 2015-06-29] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [msrtn32] => C:\Program Files (x86)\msrtn32\msrtn32.exe [1141760 2016-04-18] ()
HKLM-x32\...\Run: [applica] => "C:\Program Files (x86)\applica\applica.exe"
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [204560 2016-08-18] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [IDSCPRODUCT] => C:\Program Files (x86)\host\assistance_idsc.exe [510976 2016-08-30] (RyA8204I8)
HKLM\...\RunOnce: [OMEWPRODUCT_OKXF9] => C:\Program Files (x86)\DPower\wemoservice.exe [516096 2016-08-30] (RyA8204I8)
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-16] (Valve Corporation)
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51656320 2016-04-08] (Skype Technologies S.A.)
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [BingSvc] => C:\Users\ir7809qi\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2016-02-01] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1732368 2016-08-05] (Lavasoft)
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [Ad-Aware Search Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\BrowserDock.exe [671504 2016-08-05] ( )
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [56AL2PF1R3] => "C:\Program Files (x86)\DPower\41TLEUBUZ2.exe"
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [DeskBar] => C:\Users\ir7809qi\AppData\Local\DeskBar\dblaunch.exe [239104 2015-11-09] ()
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [applica] => "C:\Program Files (x86)\applica\applica.exe"
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\RunOnce: [Uninstall C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\RunOnce: [Uninstall C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
AppInit_DLLs: C:\ProgramData\Nimfind\Fin-Soft.dll => C:\ProgramData\Nimfind\Fin-Soft.dll [358912 2016-08-30] ()
AppInit_DLLs-x32: C:\ProgramData\Nimfind\Voyakix.dll => C:\ProgramData\Nimfind\Voyakix.dll [248320 2016-08-30] ()
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
AutoConfigURL: [S-1-5-21-3231441937-2742052415-3469287404-1002] => hxxp://nonblock.net/wpad.dat?8a985dddc7d8fce844a8018241b86bbb15368756
Winsock: Catalog9-x64 01 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-08-05] (Lavasoft Limited)
Winsock: Catalog9-x64 02 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-08-05] (Lavasoft Limited)
Winsock: Catalog9-x64 03 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-08-05] (Lavasoft Limited)
Winsock: Catalog9-x64 04 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-08-05] (Lavasoft Limited)
Winsock: Catalog9-x64 17 C:\WINDOWS\system32\LavasoftTcpService64.dll [425744 2016-08-05] (Lavasoft Limited)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{64d59269-47ec-4107-a420-9b3651240858}: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{ab69428d-092d-4e49-ac93-83497007f397}: [DhcpNameServer] 192.168.0.1 205.171.3.25
ManualProxies: 0hxxp://nonblock.net/wpad.dat?8a985dddc7d8fce844a8018241b86bbb15368756
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O-yAVsC-i_c7FNZJAXXcdphmIlF1Q2JBFYOVvdSEhAFeVKyUwCRAhdb2gW6oQ-VbQDlLPLdfVdZe8lwCK7nGmTTQfhTkhL9m6mZnvLruwljrlajcof6MPrIjqcMGGnRC4a3D3MdlfOfFrDZVEd9RGSGmLQvw1mWnz9MlFl14M,&q={searchTerms}
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://homepage-web.com/?s=hp&m=start
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O-yAVsC-i_c7FNZJAXXcdphmIlF1Q2JBFYOVvdSEhAFeVKyUwCRAhdb2gW6oQ-VbQDlLPLdfVdZe8lwCK7nGmTTQfhTkhL9m6mZnvLruwljrlajcof6MPrIjqcMGGnRC4a3D3MdlfOfFrDZVEd9RGSGmLQvw1mWnz9MlFl14M,&q={searchTerms}
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O-yAVsC-i_c7FNZJAXXcdphmIlF1Q2JBFYOVvdSEhAFeVKyUwCRAhdb2gW6oQ-VbQDlLPLdfVdZe8lwCK7nGmTTQfhTkhL9m6mZnvLruwljrlajcof6MPrIjqcMGGnRC4a3D3MdlfOfFrDZVEd9RGSGmLQvw1mWnz9MlFl14M,&q={searchTerms}
SearchScopes: HKLM -> {0BB10433-73DE-4C90-9CC9-B723CDD39AE9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ac6d7181&q={searchTerms}
SearchScopes: HKLM -> {DD692391-2B74-11E5-8260-7077812C2B2A} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ac6d7181&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL = 
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O-yAVsC-i_c7FNZJAXXcdphmIlF1Q2JBFYOVvdSEhAFeVKyUwCRAhdb2gW6oQ-VbQDlLPLdfVdZe8lwCK7nGmTTQfhTkhL9m6mZnvLruwljrlajcof6MPrIjqcMGGnRC4a3D3MdlfOfFrDZVEd9RGSGmLQvw1mWnz9MlFl14M,&q={searchTerms}
SearchScopes: HKLM-x32 -> {0BB10433-73DE-4C90-9CC9-B723CDD39AE9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O-yAVsC-i_c7FNZJAXXcdphmIlF1Q2JBFYOVvdSEhAFeVKyUwCRAhdb2gW6oQ-VbQDlLPLdfVdZe8lwCK7nGmTTQfhTkhL9m6mZnvLruwljrlajcof6MPrIjqcMGGnRC4a3D3MdlfOfFrDZVEd9RGSGmLQvw1mWnz9MlFl14M,&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?pc=COSP&ptag=D080516-A0A14E5293D1943C986F&form=CONBDF&conlogo=CT3330954&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {0BB10433-73DE-4C90-9CC9-B723CDD39AE9} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {73cd434e-8e1e-46b6-bb8d-7dd935140717} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-ac6d7181&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {8C21C920-BADD-4B6E-ADA9-2286693EF9CD} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {C8A15167-2BA6-44F5-86FE-10BFB6C1C80B} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G8Uztutdk0101,0d8b1c17-e20f-429c-8392-704da8882230
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {d4fee3d1-1014-4db8-a824-573bf9ab51c7} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {DD692391-2B74-11E5-8260-7077812C2B2A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=itm&hsimp=yhs-001&type=jmb_ir_16_12&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DJoomborio%26cd%3D2XzuyEtN2Y1L1QzuyBtDyByBzztCtB0CtB0BtB0AyDyE0DzztN0D0Tzu0StCyDyEyCtN1L2XzutAtFtCzytFtAtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2StAzz0F0EtB0EtDzytGyDtByEtDtGzz0B0DyCtGtByDtAtAtGzytD0B0DyEtBzz0Fzzzy0BtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2StA0CtBzy0AyDyEtBtGzztAtD0DtGyEyCzzyCtG0AyDyE0EtGtCzyzytCyByBtD0A0FzztC0C2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCyByEzy%26cr%3D647021466%26a%3Djmb_ir_16_12%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP2DAqp-XHW6O-yAVsC-i_c7FNZJAXXcdphmIlF1Q2JBFYOVvdSEhAFeVKyUwCRAhdb2gW6oQ-VbQDlLPLdfVdZe8lwCK7nGmTTQfhTkhL9m6mZnvLruwljrlajcof6MPrIjqcMGGnRC4a3D3MdlfOfFrDZVEd9RGSGmLQvw1mWnz9MlFl14M,&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-07-12] (Microsoft Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-19] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-09-27] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2015-09-27] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\ir7809qi\AppData\Roaming\Mozilla\Firefox\Profiles\6qtl5d0m.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-09-27] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2015-09-27] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-07-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF SearchPlugin: C:\Users\ir7809qi\AppData\Roaming\Mozilla\Firefox\Profiles\6qtl5d0m.default\searchplugins\bing-lavasoft.xml [2016-08-05]
FF SearchPlugin: C:\Users\ir7809qi\AppData\Roaming\Mozilla\Firefox\Profiles\6qtl5d0m.default\searchplugins\MPC Safe Search.xml [2016-08-30]
FF SearchPlugin: C:\Users\ir7809qi\AppData\Roaming\Mozilla\Firefox\Profiles\6qtl5d0m.default\searchplugins\smod.xml [2016-08-30]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
CHR StartupUrls: Default -> "hxxp://www-searching.com/?pid=s&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,"
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\ir7809qi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\ir7809qi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-20]
CHR Extension: (Adblock Plus) - C:\Users\ir7809qi\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\ir7809qi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Chrome Media Router) - C:\Users\ir7809qi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-29]
CHR HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jlcgehabolcakkjhgmgpkagpolbjlhfa] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0298321472571633mcinstcleanup; C:\Users\ir7809qi\AppData\Local\Temp\029832~1.EXE [882000 2015-06-18] (McAfee, Inc.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2159320 2016-08-22] (Adobe Systems, Incorporated)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-07] (Advanced Micro Devices, Inc.) [File not signed]
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1097488 2016-08-18] (AVG Technologies CZ, s.r.o.)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [88064 2014-03-05] () [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S2 CloudPrinter; C:\ProgramData\\CloudPrinter\\CloudPrinter.exe [699904 2016-08-30] () [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe [411024 2013-02-01] (Nuance Communications, Inc.)
R2 Dataup; C:\Program Files (x86)\dataup\dataup.exe [77824 2015-08-06] () [File not signed]
S2 Holdtam; C:\ProgramData\\Holdtam\\Holdtam.exe [699904 2016-08-30] () [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 HPWMISVC; c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [602888 2015-06-29] (Hewlett-Packard Development Company, L.P.)
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2016-08-05] (Lavasoft Limited)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [782608 2015-09-27] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [368048 2015-07-21] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-06] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc.)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [355808 2016-08-30] (DotC United Inc) <==== ATTENTION
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-01] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-11-14] (Realtek Semiconductor)
R2 SMUpd; C:\Program Files\Common Files\Noobzo\GNUpdate\smu.exe [3109888 2016-08-30] (Search Module Ltd.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [268912 2016-05-27] (Synaptics Incorporated)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [17168 2016-08-05] ()
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S2 Nimfind; C:\ProgramData\\Nimfind\\Nimfind.exe shuz -f "C:\ProgramData\\Nimfind\\Nimfind.dat" -l -a
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-11-04] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-09] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc.)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-08-30] (DotC United Inc) <==== ATTENTION
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [624424 2015-10-30] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-08-28] (Realtek Semiconductor Corporation                           )
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [76408 2016-05-27] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2014-04-21] (Synaptics Incorporated)
R3 SMUpdd; C:\Program Files\Common Files\Noobzo\GNUpdate\smw.sys [52992 2016-08-30] ()
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 16:39 - 2016-08-31 16:40 - 00034266 _____ C:\Users\ir7809qi\Downloads\FRST.txt
2016-08-31 16:38 - 2016-08-31 16:39 - 00000000 ____D C:\FRST
2016-08-31 16:37 - 2016-08-31 16:37 - 02397696 _____ (Farbar) C:\Users\ir7809qi\Downloads\FRST64.exe
2016-08-30 19:43 - 2016-08-31 16:41 - 00003568 _____ C:\WINDOWS\System32\Tasks\IBUpd
2016-08-30 19:43 - 2016-08-31 16:41 - 00003314 _____ C:\WINDOWS\System32\Tasks\IBUpd2
2016-08-30 19:43 - 2016-08-31 16:41 - 00002432 _____ C:\Users\ir7809qi\Desktop\BrowserAir.lnk
2016-08-30 19:43 - 2016-08-31 16:39 - 00002036 _____ C:\Users\ir7809qi\Desktop\Hotmail.lnk
2016-08-30 19:43 - 2016-08-30 19:43 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserAir
2016-08-30 19:42 - 2016-08-31 16:41 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\BrowserAir
2016-08-30 17:31 - 2016-08-30 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-08-30 11:21 - 2016-08-30 11:21 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\MCorp
2016-08-30 11:12 - 2016-08-30 17:34 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\mstrn32
2016-08-30 11:12 - 2016-08-30 11:12 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\cpx
2016-08-30 11:12 - 2016-08-30 11:12 - 00000000 ____D C:\Quarantine
2016-08-30 11:12 - 2016-08-30 11:12 - 00000000 ____D C:\Program Files (x86)\msrtn32
2016-08-30 11:12 - 2016-08-30 11:12 - 00000000 ____D C:\Program Files (x86)\cpx
2016-08-30 10:37 - 2016-08-30 10:38 - 08249096 _____ (McAfee, Inc.) C:\Users\ir7809qi\Downloads\Setup_serial_-GByEFymAvK_MrnDwhEqCA2_key.exe
2016-08-30 10:15 - 2016-08-30 10:33 - 00000000 ____D C:\ProgramData\MFAData
2016-08-30 10:15 - 2016-08-30 10:15 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\MFAData
2016-08-30 10:13 - 2016-08-30 10:14 - 00000000 ____D C:\Program Files (x86)\AVG
2016-08-30 10:11 - 2016-08-30 10:32 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\AvgSetupLog
2016-08-30 10:11 - 2016-08-30 10:14 - 00000000 ____D C:\ProgramData\Avg
2016-08-30 10:11 - 2016-08-30 10:11 - 03135888 _____ (AVG Technologies CZ, s.r.o.) C:\Users\ir7809qi\Downloads\AVG_Antivirus_Free_692.exe
2016-08-30 10:11 - 2016-08-30 10:11 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\Avg
2016-08-30 10:10 - 2016-08-31 13:19 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5CB6474C-B425-4B3B-A2C9-C62DDEC636DE}
2016-08-30 10:09 - 2016-08-30 10:09 - 00000000 ___HD C:\OneDriveTemp
2016-08-30 09:33 - 2016-08-30 09:33 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-30 09:31 - 2016-08-30 09:58 - 00254502 _____ C:\WINDOWS\ntbtlog.txt
2016-08-30 09:22 - 2016-08-30 17:31 - 00001860 _____ C:\Users\Public\Desktop\MPC Desktop.lnk
2016-08-30 09:22 - 2016-08-30 17:31 - 00001853 _____ C:\Users\Public\Desktop\MPC AdCleaner.lnk
2016-08-30 09:22 - 2016-08-30 17:31 - 00001805 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-08-30 06:56 - 2016-08-30 06:56 - 00399360 _____ C:\WINDOWS\system32\bi3.exe
2016-08-30 01:55 - 2016-08-30 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC Desktop
2016-08-30 01:55 - 2016-08-30 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC AdCleaner
2016-08-30 01:50 - 2016-08-30 02:04 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\WikiZ
2016-08-30 01:50 - 2016-08-30 01:49 - 00060136 _____ (DotC United Inc) C:\WINDOWS\system32\Drivers\MPCKpt.sys
2016-08-30 01:50 - 2016-08-30 01:44 - 00699904 _____ C:\Users\ir7809qi\AppData\Roaming\Zimair.exe
2016-08-30 01:49 - 2016-08-30 11:17 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-08-30 01:48 - 2016-08-30 01:44 - 00699904 _____ C:\Users\ir7809qi\AppData\Roaming\Homezap.exe
2016-08-30 01:47 - 2016-08-30 01:47 - 00000000 ____D C:\Users\Public\Documents\ShopperPro3
2016-08-30 01:47 - 2016-08-30 01:47 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\BrowserHelper
2016-08-30 01:47 - 2016-08-30 01:47 - 00000000 ____D C:\ProgramData\Nimfinds
2016-08-30 01:46 - 2016-08-30 19:34 - 00004406 _____ C:\WINDOWS\System32\Tasks\SMW_UpdateTask_Time_3334303338323434342d555b373434412d45325a5b6c
2016-08-30 01:46 - 2016-08-30 01:46 - 00848565 _____ C:\Users\ir7809qi\AppData\Roaming\Rankstock.bin
2016-08-30 01:46 - 2016-08-30 01:46 - 00000000 ____D C:\ProgramData\SearchModule
2016-08-30 01:45 - 2016-08-30 11:12 - 00000000 ____D C:\ProgramData\Nimfind
2016-08-30 01:45 - 2016-08-30 01:59 - 00000000 ____D C:\Program Files (x86)\applica
2016-08-30 01:45 - 2016-08-30 01:47 - 00003680 _____ C:\WINDOWS\System32\Tasks\snp
2016-08-30 01:45 - 2016-08-30 01:47 - 00003272 _____ C:\WINDOWS\System32\Tasks\snf
2016-08-30 01:45 - 2016-08-30 01:45 - 01901685 _____ C:\Users\ir7809qi\AppData\Roaming\Y--Bam.tst
2016-08-30 01:45 - 2016-08-30 01:45 - 00188604 _____ () C:\Users\ir7809qi\AppData\Roaming\KonkFlex.bin
2016-08-30 01:45 - 2016-08-30 01:45 - 00072721 _____ C:\Users\ir7809qi\AppData\Roaming\Vialab.tst
2016-08-30 01:45 - 2016-08-30 01:45 - 00061844 _____ C:\Users\ir7809qi\AppData\Local\setupone.exe
2016-08-30 01:45 - 2016-08-30 01:45 - 00000000 ____D C:\Program Files\Common Files\Noobzo
2016-08-30 01:45 - 2016-08-30 01:42 - 00699904 _____ C:\Users\ir7809qi\AppData\Roaming\Y--Bam.exe
2016-08-30 01:45 - 2016-08-30 01:42 - 00699904 _____ C:\Users\ir7809qi\AppData\Roaming\Vialab.exe
2016-08-30 01:44 - 2016-08-30 19:33 - 00441344 _____ C:\ProgramData\smp2.exe
2016-08-30 01:44 - 2016-08-30 19:33 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-08-30 01:44 - 2016-08-30 19:33 - 00004238 _____ C:\WINDOWS\System32\Tasks\SMW_P
2016-08-30 01:44 - 2016-08-30 02:00 - 00000000 ____D C:\ProgramData\COMODO
2016-08-30 01:44 - 2016-08-30 01:47 - 00015601 _____ C:\WINDOWS\SysWOW64\findit.xml
2016-08-30 01:44 - 2016-08-30 01:45 - 00000000 ____D C:\ProgramData\Holdtams
2016-08-30 01:44 - 2016-08-30 01:44 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\DeskBar
2016-08-30 01:44 - 2016-08-30 01:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-30 01:44 - 2016-08-30 01:44 - 00000000 ____D C:\Program Files\COMODO
2016-08-30 01:44 - 2016-08-30 01:44 - 00000000 ____D C:\Program Files\6d6f0086a2521816dfdcd4312202903d
2016-08-30 01:43 - 2016-08-30 01:49 - 00000000 ____D C:\ProgramData\Holdtam
2016-08-30 01:43 - 2016-08-30 01:43 - 00848565 _____ C:\Users\ir7809qi\AppData\Roaming\Vivalax.bin
2016-08-30 01:43 - 2016-08-30 01:43 - 00003614 _____ C:\WINDOWS\System32\Tasks\Inst_Rep
2016-08-30 01:43 - 2016-08-30 01:43 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\tuto_monetize_120160829
2016-08-30 01:42 - 2016-08-30 02:10 - 00000000 ____D C:\Program Files (x86)\S5
2016-08-30 01:42 - 2016-08-30 02:07 - 00000000 ____D C:\Program Files (x86)\host
2016-08-30 01:42 - 2016-08-30 02:06 - 00000000 ____D C:\Program Files (x86)\DPower
2016-08-30 01:42 - 2016-08-30 01:45 - 07118336 _____ C:\Users\ir7809qi\AppData\Roaming\agent.dat
2016-08-30 01:42 - 2016-08-30 01:45 - 00126464 _____ C:\Users\ir7809qi\AppData\Roaming\lobby.dat
2016-08-30 01:42 - 2016-08-30 01:45 - 00070704 _____ C:\Users\ir7809qi\AppData\Roaming\Config.xml
2016-08-30 01:42 - 2016-08-30 01:45 - 00054272 _____ C:\Users\ir7809qi\AppData\Roaming\ApplicationHosting.dat
2016-08-30 01:42 - 2016-08-30 01:45 - 00018432 _____ C:\Users\ir7809qi\AppData\Roaming\Main.dat
2016-08-30 01:42 - 2016-08-30 01:45 - 00005568 _____ C:\Users\ir7809qi\AppData\Roaming\md.xml
2016-08-30 01:42 - 2016-08-30 01:42 - 01901685 _____ C:\Users\ir7809qi\AppData\Roaming\Sun-Dom.tst
2016-08-30 01:42 - 2016-08-30 01:42 - 00126464 _____ C:\Users\ir7809qi\AppData\Roaming\noah.dat
2016-08-30 01:42 - 2016-08-30 01:42 - 00072721 _____ C:\Users\ir7809qi\AppData\Roaming\Strongstring.tst
2016-08-30 01:42 - 2016-08-30 01:42 - 00000003 _____ C:\Users\ir7809qi\AppData\Local\aatxtname.txt
2016-08-30 01:42 - 2016-08-30 01:42 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\c
2016-08-30 01:42 - 2016-08-30 01:42 - 00000000 ____D C:\ProgramData\CloudPrinter
2016-08-30 01:42 - 2016-08-30 01:42 - 00000000 ____D C:\ProgramData\1472539342
2016-08-30 01:42 - 2016-08-30 01:42 - 00000000 ____D C:\Program Files (x86)\taskvmx
2016-08-30 01:42 - 2016-08-30 01:42 - 00000000 ____D C:\Program Files (x86)\regtool
2016-08-30 01:42 - 2016-08-30 01:42 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-30 01:42 - 2016-08-30 01:42 - 00000000 ____D C:\Program Files (x86)\dataup
2016-08-30 01:42 - 2016-08-30 01:40 - 00699904 _____ C:\Users\ir7809qi\AppData\Roaming\Sun-Dom.exe
2016-08-30 01:42 - 2016-08-30 01:40 - 00699904 _____ C:\Users\ir7809qi\AppData\Roaming\Strongstring.exe
2016-08-30 01:41 - 2016-08-30 01:41 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\SpringFiles
2016-08-30 01:41 - 2016-08-30 01:41 - 00000000 ____D C:\ProgramData\dc3c9e49-4707-0
2016-08-30 01:41 - 2016-08-30 01:41 - 00000000 ____D C:\ProgramData\dc3c9e49-0997-1
2016-08-30 01:40 - 2016-08-30 02:06 - 00000000 ____D C:\Program Files (x86)\Max Driver Updater
2016-08-30 01:40 - 2016-08-30 01:45 - 00020304 _____ C:\Users\ir7809qi\AppData\Roaming\InstallationConfiguration.xml
2016-08-30 01:40 - 2016-08-30 01:40 - 00848565 _____ C:\Users\ir7809qi\AppData\Roaming\CofQvobam.bin
2016-08-30 01:40 - 2016-08-30 01:40 - 00138240 _____ C:\Users\ir7809qi\AppData\Roaming\Installer.dat
2016-08-30 01:40 - 2016-08-30 01:40 - 00000000 ____D C:\Program Files\Caster
2016-08-28 09:47 - 2016-08-28 10:20 - 00065536 _____ C:\Users\ir7809qi\Downloads\yu-gi-oh!reshef_of_destruction.sav
2016-08-28 09:45 - 2016-08-28 09:46 - 10297100 _____ C:\Users\ir7809qi\Downloads\yu-gi-oh!reshef_of_destruction.zip
2016-08-27 18:18 - 2016-08-27 19:00 - 00065536 _____ C:\Users\ir7809qi\Downloads\yu-gi-oh!_dungeon_dice_monsters_[b].sav
2016-08-27 18:16 - 2016-08-27 18:17 - 00000000 ____D C:\Users\ir7809qi\Downloads\yu-gi-oh!_dungeon_dice_monsters_[b]
2016-08-27 18:14 - 2016-08-27 18:16 - 05520759 _____ C:\Users\ir7809qi\Downloads\yu-gi-oh!_dungeon_dice_monsters_[b].zip
2016-08-27 14:48 - 2016-08-27 15:00 - 00000000 ____D C:\Users\ir7809qi\Downloads\1509 - Crash Bandicoot - Purple Ripto's Rampage (U)(Venom)
2016-08-27 14:47 - 2016-08-27 14:49 - 00000000 ____D C:\Users\ir7809qi\Downloads\VisualBoyAdvance-1.8.0-beta3
2016-08-24 11:47 - 2016-08-24 11:47 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-08-24 11:38 - 2016-08-24 11:39 - 00080824 _____ C:\Users\ir7809qi\Downloads\online-undergraduate-program-cost-sheet.pdf
2016-08-22 23:34 - 2016-08-22 23:34 - 00000000 ____D C:\Users\ir7809qi\Documents\Dolphin Emulator
2016-08-22 19:41 - 2016-08-22 19:41 - 00000000 ____D C:\Users\ir7809qi\Downloads\PS2EMU_-_Alpha_01
2016-08-22 19:26 - 2016-08-22 19:26 - 00000000 ____D C:\Users\ir7809qi\Documents\PCSX2
2016-08-22 19:20 - 2016-08-22 19:20 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-08-22 19:18 - 2016-08-22 19:19 - 17837152 _____ C:\Users\ir7809qi\Downloads\pcsx2-1.4.0-setup.exe
2016-08-20 16:43 - 2016-08-20 16:43 - 03081155 _____ C:\Users\ir7809qi\Downloads\the twisted palace.psd
2016-08-20 15:35 - 2016-08-20 15:35 - 03004782 _____ C:\Users\ir7809qi\Downloads\the storm gate.psd
2016-08-20 01:53 - 2016-08-20 13:44 - 03030302 _____ C:\Users\ir7809qi\Downloads\the wave gate.psd
2016-08-17 16:46 - 2016-08-19 19:31 - 03053909 _____ C:\Users\ir7809qi\Downloads\the tremor gate.psd
2016-08-17 13:38 - 2016-08-19 15:07 - 02977198 _____ C:\Users\ir7809qi\Downloads\lava pond.psd
2016-08-17 02:35 - 2016-08-19 13:59 - 03069331 _____ C:\Users\ir7809qi\Downloads\gloom pool.psd
2016-08-13 20:07 - 2016-08-03 05:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-13 20:07 - 2016-08-03 05:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-13 20:07 - 2016-08-03 04:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-13 20:07 - 2016-08-03 04:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-13 20:07 - 2016-08-03 04:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-13 20:07 - 2016-08-03 04:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-13 20:07 - 2016-08-03 04:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-13 20:07 - 2016-08-03 04:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-13 20:07 - 2016-08-03 04:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-13 20:07 - 2016-08-03 04:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-13 20:07 - 2016-08-02 23:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-13 20:07 - 2016-08-02 23:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-13 20:07 - 2016-08-02 23:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-13 20:07 - 2016-08-02 23:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-13 20:06 - 2016-08-03 05:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-13 20:06 - 2016-08-03 05:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-13 20:06 - 2016-08-03 05:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-13 20:06 - 2016-08-03 05:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-13 20:06 - 2016-08-03 05:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-13 20:06 - 2016-08-03 05:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-13 20:06 - 2016-08-03 05:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-13 20:06 - 2016-08-03 05:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-13 20:06 - 2016-08-03 05:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-13 20:06 - 2016-08-03 05:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-13 20:06 - 2016-08-03 05:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-13 20:06 - 2016-08-03 05:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-13 20:06 - 2016-08-03 05:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-13 20:06 - 2016-08-03 05:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-13 20:06 - 2016-08-03 05:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-13 20:06 - 2016-08-03 04:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-13 20:06 - 2016-08-03 04:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-13 20:06 - 2016-08-03 04:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-13 20:06 - 2016-08-03 04:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-13 20:06 - 2016-08-03 04:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-13 20:06 - 2016-08-03 04:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-13 20:06 - 2016-08-03 04:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-13 20:06 - 2016-08-03 04:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-13 20:06 - 2016-08-03 04:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-13 20:06 - 2016-08-03 04:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-13 20:06 - 2016-08-03 04:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-13 20:06 - 2016-08-03 04:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-13 20:06 - 2016-08-03 04:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-13 20:06 - 2016-08-03 04:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-13 20:06 - 2016-08-03 04:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-13 20:06 - 2016-08-03 04:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-13 20:06 - 2016-08-03 04:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-13 20:06 - 2016-08-03 04:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-13 20:06 - 2016-08-03 04:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-13 20:06 - 2016-08-03 04:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-13 20:06 - 2016-08-03 04:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-13 20:06 - 2016-08-03 04:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-13 20:06 - 2016-08-03 04:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-13 20:06 - 2016-08-03 04:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-13 20:06 - 2016-08-03 04:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-13 20:06 - 2016-08-03 04:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-13 20:06 - 2016-08-03 04:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-13 20:06 - 2016-08-03 04:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-13 20:06 - 2016-08-03 04:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-13 20:06 - 2016-08-03 04:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-13 20:06 - 2016-08-03 04:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-13 20:06 - 2016-08-03 04:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-13 20:06 - 2016-08-03 04:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-13 20:06 - 2016-08-03 04:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-13 20:06 - 2016-08-03 00:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-13 20:06 - 2016-08-03 00:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-13 20:06 - 2016-08-03 00:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-13 20:06 - 2016-08-03 00:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-13 20:06 - 2016-08-03 00:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-13 20:06 - 2016-08-03 00:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-13 20:06 - 2016-08-03 00:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-13 20:06 - 2016-08-03 00:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-13 20:06 - 2016-08-02 23:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-13 20:06 - 2016-08-02 23:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-13 20:06 - 2016-08-02 23:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-13 20:06 - 2016-08-02 23:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-13 20:06 - 2016-08-02 23:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-13 20:06 - 2016-08-02 23:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-13 20:06 - 2016-08-02 23:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-13 20:06 - 2016-08-02 23:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-13 20:06 - 2016-08-02 23:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-13 20:06 - 2016-08-02 23:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-13 20:06 - 2016-08-02 23:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-13 20:05 - 2016-08-03 06:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-13 20:05 - 2016-08-03 06:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-13 20:05 - 2016-08-03 06:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-13 20:05 - 2016-08-03 05:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-13 20:05 - 2016-08-03 05:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-13 20:05 - 2016-08-03 05:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-13 20:05 - 2016-08-03 05:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-13 20:05 - 2016-08-03 04:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-13 20:05 - 2016-08-03 04:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-13 20:05 - 2016-08-03 04:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-13 20:05 - 2016-08-03 04:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-13 20:05 - 2016-08-03 04:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-13 20:05 - 2016-08-03 04:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-13 20:05 - 2016-08-03 04:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-13 20:05 - 2016-08-03 04:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-13 20:05 - 2016-08-03 04:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-13 20:05 - 2016-08-03 04:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-13 20:05 - 2016-08-03 04:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-13 20:05 - 2016-08-03 04:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-13 20:05 - 2016-08-03 04:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-13 20:05 - 2016-08-03 04:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-13 20:05 - 2016-08-03 04:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-13 20:05 - 2016-08-03 04:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-13 20:05 - 2016-08-03 04:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-13 20:05 - 2016-08-03 04:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-13 20:05 - 2016-08-03 00:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-13 20:05 - 2016-08-03 00:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-13 20:05 - 2016-08-02 23:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-13 20:05 - 2016-08-02 23:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-13 20:05 - 2016-08-02 23:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-13 20:05 - 2016-08-02 23:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-13 20:05 - 2016-08-02 23:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-13 20:05 - 2016-08-02 23:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-13 20:05 - 2016-08-02 23:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-13 20:05 - 2016-08-02 23:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-13 20:05 - 2016-08-02 23:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-13 20:05 - 2016-08-02 23:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-13 20:05 - 2016-08-02 23:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-13 20:05 - 2016-08-02 23:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-13 20:05 - 2016-08-02 23:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-13 20:05 - 2016-08-02 23:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-13 20:05 - 2016-08-02 23:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-13 20:05 - 2016-08-02 23:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-13 20:04 - 2016-08-03 05:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-13 20:04 - 2016-08-03 05:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-13 20:04 - 2016-08-03 04:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-13 20:04 - 2016-08-03 04:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-13 20:04 - 2016-08-03 04:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-13 20:04 - 2016-08-03 04:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-13 20:04 - 2016-08-03 04:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-13 20:04 - 2016-08-02 23:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-13 20:04 - 2016-08-02 23:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-13 12:58 - 2016-08-13 12:58 - 00007680 _____ C:\Users\ir7809qi\AppData\Local\tinstall4.exe
2016-08-13 12:57 - 2016-08-13 12:57 - 00007680 _____ C:\Users\ir7809qi\AppData\Local\tinstall.exe
2016-08-13 12:52 - 2016-08-13 12:52 - 00005632 _____ C:\Users\ir7809qi\AppData\Local\ddnow4.exe
2016-08-13 12:52 - 2016-08-13 12:52 - 00005120 _____ C:\Users\ir7809qi\AppData\Local\ddnow.exe
2016-08-05 18:21 - 2016-08-05 18:21 - 00000000 ____D C:\ProgramData\LULU Software
2016-08-05 18:20 - 2016-08-16 09:18 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\Lavasoft
2016-08-05 18:20 - 2016-08-05 18:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-08-05 18:19 - 2016-08-16 03:23 - 00002904 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2016-08-05 18:19 - 2016-08-16 03:23 - 00002904 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2016-08-05 18:19 - 2016-08-05 18:19 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\Lavasoft
2016-08-05 18:19 - 2016-08-05 18:19 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-08-05 18:18 - 2016-08-05 18:18 - 00000000 ____D C:\ProgramData\Lavasoft
2016-08-05 18:17 - 2016-08-05 18:19 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\Soda PDF 3D Reader
2016-08-05 18:14 - 2016-08-05 18:23 - 00000000 ____D C:\ProgramData\Soda PDF 3D Reader
2016-08-05 18:14 - 2016-08-05 18:14 - 06003800 _____ (LULU Software Limited) C:\Users\ir7809qi\Downloads\Soda_3D_7_Installer.exe
2016-08-05 18:13 - 2016-08-05 18:13 - 00000000 ____D C:\Users\ir7809qi\Downloads\Superman - Whatever Happened to the Man of Tomorrow (2009) GetComics.INFO
2016-08-05 18:07 - 2016-08-05 18:12 - 180955202 _____ C:\Users\ir7809qi\Downloads\Superman - Whatever Happened to the Man of Tomorrow (2009) GetComics.INFO.zip
2016-08-05 12:25 - 2016-08-05 12:26 - 07472712 _____ (obsproject.com) C:\Users\ir7809qi\Downloads\OBS_0_658b_Installer.exe
2016-08-02 11:27 - 2016-08-02 11:27 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\My Games
2016-08-02 09:35 - 2016-08-02 09:35 - 00000220 _____ C:\Users\ir7809qi\Desktop\Sid Meier's Civilization IV Beyond the Sword.url
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-31 15:53 - 2015-07-15 19:32 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf5edac17cbf.job
2016-08-31 15:43 - 2015-07-19 15:43 - 00000398 _____ C:\WINDOWS\Tasks\CaptainReference.job
2016-08-31 15:39 - 2016-07-05 02:32 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\Deployment
2016-08-31 14:20 - 2016-02-21 22:24 - 00000000 ____D C:\Users\ir7809qi\AppData\Local\Adobe
2016-08-31 13:35 - 2016-05-04 01:49 - 00001328 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-08-31 13:35 - 2016-05-04 01:49 - 00001315 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-08-31 13:35 - 2015-07-15 19:33 - 00002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-31 13:35 - 2015-07-15 19:33 - 00001564 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-31 13:30 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-31 13:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-31 05:37 - 2016-02-01 21:36 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\Skype
2016-08-30 17:42 - 2014-11-17 22:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-08-30 17:41 - 2015-07-14 22:09 - 00000000 ____D C:\Users\ir7809qi\Documents\Youcam
2016-08-30 17:34 - 2016-02-01 21:31 - 00000000 ___RD C:\Users\ir7809qi\OneDrive
2016-08-30 17:32 - 2016-01-19 00:36 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-30 17:28 - 2016-04-27 01:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 11:10 - 2015-06-04 20:02 - 00000000 ____D C:\ProgramData\McAfee
2016-08-30 11:07 - 2016-07-05 00:26 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-30 11:07 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-30 11:02 - 2016-07-05 00:27 - 00000000 ____D C:\Users\ir7809qi
2016-08-30 10:59 - 2015-06-04 20:02 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-08-30 10:40 - 2013-08-22 08:36 - 00000000 ____D C:\Users\Default.migrated
2016-08-30 09:58 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-30 09:31 - 2015-06-04 19:43 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-30 01:54 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-08-30 01:43 - 2016-06-12 11:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-29 15:35 - 2016-05-18 14:10 - 00000352 _____ C:\WINDOWS\Tasks\HPCeeScheduleForir7809qi.job
2016-08-26 00:04 - 2016-02-22 13:24 - 00000000 ____D C:\Users\ir7809qi\Downloads\Finished cards
2016-08-22 19:20 - 2015-08-31 23:18 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-08-22 19:20 - 2015-06-04 19:32 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-22 13:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-19 17:25 - 2016-07-06 02:51 - 00206946 _____ C:\Users\ir7809qi\Downloads\download.jpe
2016-08-19 08:12 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 08:09 - 2015-07-14 15:13 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-19 07:55 - 2016-07-05 01:22 - 00002383 _____ C:\Users\ir7809qi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-17 20:45 - 2016-06-08 21:11 - 02030040 _____ C:\Users\ir7809qi\Downloads\location_by_chiodosin1-da1ariq.psd
2016-08-16 09:16 - 2016-04-27 01:39 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-16 05:09 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-16 03:19 - 2016-04-27 01:20 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-16 03:19 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-16 03:19 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-15 09:16 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-15 09:16 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-15 09:16 - 2015-07-18 14:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-15 09:03 - 2015-07-18 14:48 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-14 12:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-05 19:18 - 2015-08-31 23:30 - 00000000 ____D C:\Users\ir7809qi\AppData\Roaming\OBS
2016-08-05 12:26 - 2015-08-31 23:30 - 00001015 _____ C:\Users\ir7809qi\Desktop\Open Broadcaster Software.lnk
2016-08-02 11:27 - 2016-02-01 10:42 - 00000000 ____D C:\Users\ir7809qi\Documents\My Games
 
==================== Files in the root of some directories =======
 
2016-08-30 01:42 - 2016-08-30 01:45 - 7118336 _____ () C:\Users\ir7809qi\AppData\Roaming\agent.dat
2016-08-30 01:42 - 2016-08-30 01:45 - 0054272 _____ () C:\Users\ir7809qi\AppData\Roaming\ApplicationHosting.dat
2016-01-28 21:09 - 2016-01-28 21:09 - 0000046 _____ () C:\Users\ir7809qi\AppData\Roaming\Camdata.ini
2016-01-28 21:09 - 2016-01-28 21:09 - 0000408 _____ () C:\Users\ir7809qi\AppData\Roaming\CamLayout.ini
2016-01-28 21:09 - 2016-01-28 21:09 - 0000408 _____ () C:\Users\ir7809qi\AppData\Roaming\CamShapes.ini
2016-01-28 21:09 - 2016-01-28 21:09 - 0004536 _____ () C:\Users\ir7809qi\AppData\Roaming\CamStudio.cfg
2016-08-30 01:40 - 2016-08-30 01:40 - 0848565 _____ () C:\Users\ir7809qi\AppData\Roaming\CofQvobam.bin
2016-08-30 01:42 - 2016-08-30 01:45 - 0070704 _____ () C:\Users\ir7809qi\AppData\Roaming\Config.xml
2016-08-30 01:48 - 2016-08-30 01:44 - 0699904 _____ () C:\Users\ir7809qi\AppData\Roaming\Homezap.exe
2016-08-30 01:40 - 2016-08-30 01:45 - 0020304 _____ () C:\Users\ir7809qi\AppData\Roaming\InstallationConfiguration.xml
2016-08-30 01:40 - 2016-08-30 01:40 - 0138240 _____ () C:\Users\ir7809qi\AppData\Roaming\Installer.dat
2016-08-30 01:45 - 2016-08-30 01:45 - 0188604 _____ () C:\Users\ir7809qi\AppData\Roaming\KonkFlex.bin
2016-08-30 01:42 - 2016-08-30 01:45 - 0126464 _____ () C:\Users\ir7809qi\AppData\Roaming\lobby.dat
2016-08-30 01:42 - 2016-08-30 01:45 - 0018432 _____ () C:\Users\ir7809qi\AppData\Roaming\Main.dat
2016-08-30 01:42 - 2016-08-30 01:45 - 0005568 _____ () C:\Users\ir7809qi\AppData\Roaming\md.xml
2016-08-30 01:42 - 2016-08-30 01:42 - 0126464 _____ () C:\Users\ir7809qi\AppData\Roaming\noah.dat
2016-08-30 01:46 - 2016-08-30 01:46 - 0848565 _____ () C:\Users\ir7809qi\AppData\Roaming\Rankstock.bin
2016-04-12 00:37 - 2016-04-12 00:37 - 2323987 _____ () C:\Users\ir7809qi\AppData\Roaming\sb406.dat
2016-04-29 00:38 - 2016-04-29 00:38 - 2449939 _____ () C:\Users\ir7809qi\AppData\Roaming\sb437.dat
2016-08-30 01:42 - 2016-08-30 01:40 - 0699904 _____ () C:\Users\ir7809qi\AppData\Roaming\Strongstring.exe
2016-08-30 01:42 - 2016-08-30 01:42 - 0072721 _____ () C:\Users\ir7809qi\AppData\Roaming\Strongstring.tst
2016-08-30 01:42 - 2016-08-30 01:40 - 0699904 _____ () C:\Users\ir7809qi\AppData\Roaming\Sun-Dom.exe
2016-08-30 01:42 - 2016-08-30 01:42 - 1901685 _____ () C:\Users\ir7809qi\AppData\Roaming\Sun-Dom.tst
2016-01-28 21:07 - 2016-01-28 21:07 - 0000096 _____ () C:\Users\ir7809qi\AppData\Roaming\version2.xml
2016-08-30 01:45 - 2016-08-30 01:42 - 0699904 _____ () C:\Users\ir7809qi\AppData\Roaming\Vialab.exe
2016-08-30 01:45 - 2016-08-30 01:45 - 0072721 _____ () C:\Users\ir7809qi\AppData\Roaming\Vialab.tst
2016-08-30 01:43 - 2016-08-30 01:43 - 0848565 _____ () C:\Users\ir7809qi\AppData\Roaming\Vivalax.bin
2016-03-26 01:37 - 2016-04-29 00:37 - 0000165 _____ () C:\Users\ir7809qi\AppData\Roaming\WB.CFG
2016-08-30 01:45 - 2016-08-30 01:42 - 0699904 _____ () C:\Users\ir7809qi\AppData\Roaming\Y--Bam.exe
2016-08-30 01:45 - 2016-08-30 01:45 - 1901685 _____ () C:\Users\ir7809qi\AppData\Roaming\Y--Bam.tst
2016-08-30 01:50 - 2016-08-30 01:44 - 0699904 _____ () C:\Users\ir7809qi\AppData\Roaming\Zimair.exe
2016-08-30 01:42 - 2016-08-30 01:42 - 0000003 _____ () C:\Users\ir7809qi\AppData\Local\aatxtname.txt
2016-03-24 22:09 - 2016-03-24 22:09 - 238722213 _____ () C:\Users\ir7809qi\AppData\Local\ACCCx3_5_1_209.zip.aamdownload
2016-03-24 22:09 - 2016-03-24 22:09 - 0002741 _____ () C:\Users\ir7809qi\AppData\Local\ACCCx3_5_1_209.zip.aamdownload.aamd
2016-05-12 02:51 - 2016-05-12 02:52 - 266040255 _____ () C:\Users\ir7809qi\AppData\Local\ACCCx3_6_0_248.zip.aamdownload
2016-05-12 02:51 - 2016-05-12 02:52 - 0003014 _____ () C:\Users\ir7809qi\AppData\Local\ACCCx3_6_0_248.zip.aamdownload.aamd
2016-08-13 12:52 - 2016-08-13 12:52 - 0005120 _____ () C:\Users\ir7809qi\AppData\Local\ddnow.exe
2016-08-13 12:52 - 2016-08-13 12:52 - 0005632 _____ () C:\Users\ir7809qi\AppData\Local\ddnow4.exe
2016-03-18 00:00 - 2016-03-18 00:00 - 0000000 _____ () C:\Users\ir7809qi\AppData\Local\ok223.txt
2016-08-30 01:45 - 2016-08-30 01:45 - 0061844 _____ () C:\Users\ir7809qi\AppData\Local\setupone.exe
2016-08-13 12:57 - 2016-08-13 12:57 - 0007680 _____ () C:\Users\ir7809qi\AppData\Local\tinstall.exe
2016-08-13 12:58 - 2016-08-13 12:58 - 0007680 _____ () C:\Users\ir7809qi\AppData\Local\tinstall4.exe
2016-08-30 01:44 - 2016-08-30 19:33 - 0441344 _____ () C:\ProgramData\smp2.exe
 
Files to move or delete:
====================
C:\ProgramData\smp2.exe
 
 
Some files in TEMP:
====================
C:\Users\ir7809qi\AppData\Local\Temp\0298321472571633mcinst.exe
C:\Users\ir7809qi\AppData\Local\Temp\1NBNPTHF7F.exe
C:\Users\ir7809qi\AppData\Local\Temp\26LdvhbbRl.exe
C:\Users\ir7809qi\AppData\Local\Temp\A7Y9WA4CJ0.exe
C:\Users\ir7809qi\AppData\Local\Temp\HNohhlrqy3.exe
C:\Users\ir7809qi\AppData\Local\Temp\JYWAMXHPAL.exe
C:\Users\ir7809qi\AppData\Local\Temp\McCSPInstall.dll
C:\Users\ir7809qi\AppData\Local\Temp\MPCSetup_4.3.exe
C:\Users\ir7809qi\AppData\Local\Temp\nsm7018.tmp.exe
C:\Users\ir7809qi\AppData\Local\Temp\nsn77BA.exe
C:\Users\ir7809qi\AppData\Local\Temp\nsqBC4E.tmp.exe
C:\Users\ir7809qi\AppData\Local\Temp\nsy95DC.tmp.exe
C:\Users\ir7809qi\AppData\Local\Temp\QDKP959JOW.exe
C:\Users\ir7809qi\AppData\Local\Temp\QLFN7DS75O.exe
C:\Users\ir7809qi\AppData\Local\Temp\sdf88AF.exe
C:\Users\ir7809qi\AppData\Local\Temp\Tt3igPyTbt.exe
C:\Users\ir7809qi\AppData\Local\Temp\tu17p84.exe
C:\Users\ir7809qi\AppData\Local\Temp\uHNroxw9Pu.exe
C:\Users\ir7809qi\AppData\Local\Temp\vcredist_2015_Update_1_x86.exe
C:\Users\ir7809qi\AppData\Local\Temp\WebCompanionInstaller.exe
C:\Users\ir7809qi\AppData\Local\Temp\wEIT70SoEo.exe
C:\Users\ir7809qi\AppData\Local\Temp\Z8ROH9OERM.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-24 13:06
 
==================== End of FRST.txt ============================
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by ir7809qi (31-08-2016 16:42:56)
Running from C:\Users\ir7809qi\Downloads
Windows 10 Home Version 1511 (X64) (2016-07-05 06:04:51)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3231441937-2742052415-3469287404-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3231441937-2742052415-3469287404-503 - Limited - Disabled)
Guest (S-1-5-21-3231441937-2742052415-3469287404-501 - Limited - Disabled)
ir7809qi (S-1-5-21-3231441937-2742052415-3469287404-1002 - Administrator - Enabled) => C:\Users\ir7809qi
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Photoshop CC 2015 (HKLM-x32\...\{793C2BF7-A4FE-4608-91C9-9282C5801C21}) (Version: 16.1.2 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
AMD Catalyst Install Manager (HKLM\...\{0B448829-3672-18EA-4117-C1240D4CF140}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BrowserAir (HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\BrowserAir) (Version: 48.0.0.0 - BrowserAir) <==== ATTENTION
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Notes en-US (HKLM-x32\...\{C438C1D0-A46C-4BFA-AFCD-11261DE9CCE0}) (Version: 01.00.100.011 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
FMW 1 (Version: 1.122.3 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Gtk# for .Net 2.12.26 (HKLM-x32\...\{BC25B808-A11C-4C9F-9C0A-6682E47AAB83}) (Version: 2.12.26 - Xamarin, Inc.)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{082B1425-0F24-43FA-9B64-E8F617B0AD3B}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.08 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.3.34.7 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.5.32.37 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{8B4EE87E-6D40-4C91-B5E8-0DC77DC412F1}) (Version: 1.4.1 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{B7B82520-8ECE-4743-BFD7-93B16C64B277}) (Version: 2.4.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.08 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.08 - Softex Inc.) Hidden
Magic The Gathering Online  (HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\01641bea2c75c522) (Version: 3.4.93.625 - Wizards of the Coast, LLC)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Master of Orion (HKLM-x32\...\1207661623_is1) (Version: 2.1.0.17 - GOG.com)
Master of Orion 2 (HKLM-x32\...\1207661633_is1) (Version: 2.1.0.18 - GOG.com)
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.4127 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23506 (HKLM-x32\...\{23daf363-3020-4059-b3ae-dc4ad39fed19}) (Version: 14.0.23506.0 - Microsoft Corporation)
Mozilla Firefox 47.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0 (x86 en-US)) (Version: 47.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.0.5999 - Mozilla)
MPC Cleaner (HKLM-x32\...\MPC) (Version:  - DotC United Inc) <==== ATTENTION
MuseScore 2 (HKLM-x32\...\{D0969A82-E79E-45D9-95D2-B2824880F780}) (Version: 2.0.2 - Werner Schweer and Others)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 1.0.0.6 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7385 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Search module (HKLM-x32\...\Search module) (Version:  - Goobzo) <==== ATTENTION
Sid Meier's Civilization IV: Beyond the Sword (HKLM\...\Steam App 8800) (Version:  - Firaxis Games)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.109 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
TechWorks (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{65e6d763}) (Version:  - TechWorks) <==== ATTENTION
UserTesting (HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\UserTestingPlugin) (Version:  - UserTesting.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Web Companion (HKLM-x32\...\{cf360c2e-ba8a-4f98-b99f-d98f2807ae13}) (Version: 2.3.1441.2805 - Lavasoft)
ZD Soft Screen Recorder (HKLM-x32\...\{B77C3368-6716-46A3-80C3-74AA309F6856}) (Version: 8.1.0 - ZD Soft)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0023705E-ADDC-423F-B575-50AE72FCD66F} - System32\Tasks\IBUpd => C:\Users\ir7809qi\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== ATTENTION
Task: {02A5CDE8-A93E-4337-8981-D22AF93F1C24} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0E7F9402-D4F1-4059-B7CE-2BAE8C5638D0} - \gameo_update -> No File <==== ATTENTION
Task: {14FD4D28-9404-4C64-8DF8-E9E69CB4D495} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {16D2A92A-DF69-43F4-A2EA-B23DCE9D6B99} - \CaptainReference -> No File <==== ATTENTION
Task: {1860249E-6651-4708-A4DE-C6445D99055F} - \OneDrive Standalone Update Task -> No File <==== ATTENTION
Task: {19745BFF-1D12-4FB6-8F6F-A9D254919D26} - System32\Tasks\Inst_Rep => C:\Users\ir7809qi\AppData\Local\Installer\Install_2752\ytdkietut_tutdk_inst.exe <==== ATTENTION
Task: {1BDBA2B5-D851-445D-9B5A-C3EC527EF36C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {241A6472-056A-44B0-8A37-B4DEDDD510C5} - System32\Tasks\snf => C:\ProgramData\Nimfind\Nimfind.exe <==== ATTENTION
Task: {241CE8E8-2FCF-48D4-952A-DE7E9A3BE06D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {364A450B-A95A-4F3C-BEA8-633FBC562228} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {3B3E0E23-DC31-4262-9DCF-BCAF3B9124CB} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3D7C98CC-93EF-4FF2-B641-35CF5A1716F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3DD53502-0A43-4190-97CA-41878D5945D9} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
Task: {475DC68E-0854-46D4-B0C3-0A5C606AF47A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {5111EF9C-02D5-44AC-9FF2-A5A472DC5609} - \McAfeeLogon -> No File <==== ATTENTION
Task: {525D3512-62FF-49D6-8FD7-BE2F6C6D35A4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {66809D7F-6675-4C1F-B8A5-B431AC741107} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {71378E51-DD2E-4F8E-ADDA-91ABAF61547A} - \TinyTakeUpgrade -> No File <==== ATTENTION
Task: {723E1DEA-2CAB-438B-B8D5-A2BF1BF4EE25} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {7C5114BF-AA14-486C-9312-794FA7D02E80} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {7EA343E7-78FD-47DB-8C59-2691C40741A4} - \{C4E2C5E6-CEC7-4F64-B075-8FC5978E9A37} -> No File <==== ATTENTION
Task: {820EB4EB-B4E1-46AC-AC0C-69E9CE9E387B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-30] (Microsoft Corporation)
Task: {891EF4E5-C4F0-4F72-B7C7-60A221BAC9B7} - System32\Tasks\SMW_UpdateTask_Time_3334303338323434342d555b373434412d45325a5b6c => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {898E34FF-A95F-4520-90E7-497138631D53} - System32\Tasks\IBUpd2 => C:\Users\ir7809qi\AppData\Local\BrowserAir\48.0.0.0\updater.exe [2016-06-30] () <==== ATTENTION
Task: {91A79282-57DE-4879-9DF8-7AB045C85D9B} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {9F8E90FD-381C-4C92-8BFD-406171509CE8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A5004920-8D73-4CE8-A7A0-26D2A4048374} - \GoogleUpdateTaskMachineUA1d0bf5edac17cbf -> No File <==== ATTENTION
Task: {B1964194-D603-4CE5-8390-F4C9F8D601D7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-08-15] (Microsoft Corporation)
Task: {B248D6CE-DBD0-46EF-8D71-6730F9D82AF8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {B34E2897-8357-4687-B2C7-7E19C3D75FC0} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {B45F6576-895D-4148-B7BC-4E6F163A09AA} - \HPCeeScheduleForir7809qi -> No File <==== ATTENTION
Task: {B66C6735-668D-48B2-9506-A76E78432C8A} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-08-30] () <==== ATTENTION
Task: {BCCCB533-33FF-4260-B808-67A6E4580BA7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BF9C7693-EAD5-4F0A-AB24-CFE86E19071F} - \AdobeAAMUpdater-1.0-MicrosoftAccount-ilovyah123@gmail.com -> No File <==== ATTENTION
Task: {D3045CA2-FE90-4C31-B9DB-7B062034F6B9} - \Optimize Start Menu Cache Files-S-1-5-21-3231441937-2742052415-3469287404-500 -> No File <==== ATTENTION
Task: {D4B1A016-40AD-495B-9661-13CB1B66FDD5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {D5356C72-2B34-4A3B-9EED-D01F514E1335} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {DEDBDD46-8C70-4185-9EDA-D80DD604976C} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {E4619242-3767-448C-BD9B-2381D45A6F87} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {E4C8D033-DA7E-4F1A-B172-A5E7C31ABE72} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {E6D7D90B-171A-4102-A8A1-7ADCBB234AD5} - System32\Tasks\snp => C:\ProgramData\Nimfind\Nimfind.exe <==== ATTENTION
Task: {E79ED345-4B24-425E-87BD-6BED274A26DC} - \Optimize Start Menu Cache Files-S-1-5-21-3231441937-2742052415-3469287404-1002 -> No File <==== ATTENTION
Task: {E9E5332E-C82E-4A20-903F-BB0DB7C4E3D3} - \YCMServiceAgent -> No File <==== ATTENTION
Task: {F5C59397-1B22-439D-9D67-480EDCBBC268} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {FC114F4A-BEB3-4B7A-9040-1629215D6CE8} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CaptainReference.job => c:\programdata\{07cb3ee2-bd65-468a-07cb-b3ee2bd6fb8a}\legend_of_zelda_the_ocarina_of_time.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA1d0bf5edac17cbf.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForir7809qi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\ir7809qi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
ShortcutWithArgument: C:\Users\ir7809qi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
ShortcutWithArgument: C:\Users\ir7809qi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> "microsoft-edge:hxxp://www%2dsearching.com/?prd=set_epe&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,"
ShortcutWithArgument: C:\Users\ir7809qi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search (2).lnk -> C:\program files (x86)\Google\Chrome\application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
ShortcutWithArgument: C:\Users\ir7809qi\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files (x86)\Google\Chrome\application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
ShortcutWithArgument: C:\Users\Public\Desktop\Mozilla Firefox.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://www-searching.com/?prd=set_epf&s=g8uztutbl101bu,da99f701-deaf-4cac-8331-e4b3a095f9ba,
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-03-01 21:38 - 2014-03-01 21:38 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-01 21:34 - 2014-03-01 21:34 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-01 21:34 - 2014-03-01 21:34 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-01 21:34 - 2014-03-01 21:34 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-01 21:52 - 2014-03-01 21:52 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-01 21:52 - 2014-03-01 21:52 - 00712592 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-09-27 15:04 - 2012-09-18 15:27 - 00192512 _____ () C:\WINDOWS\System32\zlhp1020.dll
2015-09-27 15:04 - 2012-09-18 15:27 - 00065024 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\pphp1020.dll
2014-04-07 00:38 - 2014-04-07 00:38 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-06-04 19:40 - 2014-03-05 20:09 - 00088064 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2015-08-06 12:18 - 2015-08-06 12:18 - 00077824 _____ () C:\Program Files (x86)\dataup\dataup.exe
2015-07-14 15:13 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-12 13:35 - 2016-06-30 23:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 13:35 - 2016-06-30 23:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2016-08-19 07:53 - 2016-08-19 07:53 - 01864384 _____ () C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-07-31 14:45 - 2016-05-24 11:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-07-12 13:35 - 2016-06-30 22:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 13:35 - 2016-06-30 22:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-27 01:10 - 2016-04-27 01:10 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 13:38 - 2016-06-30 22:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 13:35 - 2016-06-30 22:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 13:35 - 2016-06-30 22:22 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-07-12 13:35 - 2016-06-30 22:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-01 21:41 - 2014-03-01 21:41 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2016-08-30 01:44 - 2015-11-09 12:40 - 00599040 _____ () C:\Users\ir7809qi\AppData\Local\DeskBar\2.7.5.1765\DeskBar.exe
2016-04-18 08:53 - 2016-04-18 08:53 - 01141760 _____ () C:\Program Files (x86)\msrtn32\msrtn32.exe
2016-04-01 23:17 - 2016-04-01 23:17 - 31679664 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2016-07-05 02:27 - 2016-07-05 02:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-04-12 16:57 - 2016-04-12 16:57 - 00826368 _____ () C:\Program Files (x86)\msrtn32\cdhtr.exe
2016-04-12 16:34 - 2016-04-12 16:34 - 00404992 _____ () C:\Program Files (x86)\msrtn32\rthdcpd.exe
2015-06-04 20:08 - 2013-02-01 13:16 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\fl_core.dll
2015-06-04 20:08 - 2013-02-01 13:16 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_asr.dll
2015-06-04 20:08 - 2013-02-01 13:16 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_base.dll
2015-06-04 20:08 - 2013-02-01 13:16 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_platform.dll
2015-06-04 20:08 - 2013-02-01 13:16 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\vocon3200_pron.dll
2015-06-04 20:08 - 2013-02-01 13:16 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\sdxg.dll
2015-06-04 20:08 - 2013-02-01 13:15 - 00027136 _____ () C:\Program Files (x86)\Nuance\Dragon Notes\Core\WASAPIResamplingStreamCOMServer.dll
2016-08-19 07:53 - 2016-08-19 07:53 - 01383616 _____ () C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-19 07:53 - 2016-08-19 07:53 - 00118976 _____ () C:\Users\ir7809qi\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00121104 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00050448 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Common.Platform.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00010000 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.UpdateComponents.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00292112 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00022288 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.AvastWrapper.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00050960 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00120080 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.PUP.Management.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00029968 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Repositories.dll
2016-08-05 18:19 - 2016-08-05 18:19 - 00012560 _____ () C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.Utils.SqlLite.dll
2016-04-07 11:44 - 2016-04-07 11:44 - 40523456 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll
2014-10-12 00:26 - 2014-10-12 00:26 - 02299904 _____ () C:\Program Files (x86)\msrtn32\QxOrm.dll
2013-09-24 12:38 - 2013-09-24 12:38 - 00243200 _____ () C:\Program Files (x86)\msrtn32\boost_serialization-vc100-mt-1_54.dll
2014-10-13 19:34 - 2014-10-13 19:34 - 00879104 _____ () C:\Program Files (x86)\msrtn32\platforms\qwindows.dll
2014-10-13 19:31 - 2014-10-13 19:31 - 00635392 _____ () C:\Program Files (x86)\msrtn32\sqldrivers\qsqlite.dll
2016-08-30 10:13 - 2016-08-30 10:12 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-02-26 22:39 - 2016-02-26 22:39 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-03-29 17:19 - 2016-03-29 17:19 - 00118272 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00205824 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00121856 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node
2016-03-29 17:19 - 2016-03-29 17:19 - 00126464 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node
2016-04-07 11:35 - 2016-04-07 11:35 - 00090304 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\build\Release\ProxyResolverWin.dll
2016-03-29 17:19 - 2016-03-29 17:19 - 00166400 _____ () \\?\C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node
2016-07-05 02:27 - 2016-07-05 02:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-07-05 02:27 - 2016-07-05 02:29 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-10-02 16:46 - 2014-10-02 16:46 - 00032256 _____ () C:\Program Files (x86)\msrtn32\imageformats\qdds.dll
2014-10-02 11:00 - 2014-10-02 11:00 - 00021504 _____ () C:\Program Files (x86)\msrtn32\imageformats\qgif.dll
2014-10-02 16:46 - 2014-10-02 16:46 - 00027648 _____ () C:\Program Files (x86)\msrtn32\imageformats\qicns.dll
2014-10-02 11:01 - 2014-10-02 11:01 - 00021504 _____ () C:\Program Files (x86)\msrtn32\imageformats\qico.dll
2014-10-02 16:47 - 2014-10-02 16:47 - 00381952 _____ () C:\Program Files (x86)\msrtn32\imageformats\qjp2.dll
2014-10-02 11:00 - 2014-10-02 11:00 - 00204800 _____ () C:\Program Files (x86)\msrtn32\imageformats\qjpeg.dll
2014-10-02 16:47 - 2014-10-02 16:47 - 00218112 _____ () C:\Program Files (x86)\msrtn32\imageformats\qmng.dll
2014-10-02 16:47 - 2014-10-02 16:47 - 00015360 _____ () C:\Program Files (x86)\msrtn32\imageformats\qtga.dll
2014-10-02 16:48 - 2014-10-02 16:48 - 00307712 _____ () C:\Program Files (x86)\msrtn32\imageformats\qtiff.dll
2014-10-02 16:48 - 2014-10-02 16:48 - 00014848 _____ () C:\Program Files (x86)\msrtn32\imageformats\qwbmp.dll
2014-10-02 16:48 - 2014-10-02 16:48 - 00252928 _____ () C:\Program Files (x86)\msrtn32\imageformats\qwebp.dll
2014-06-28 11:54 - 2014-06-28 11:54 - 14586808 _____ () C:\Program Files (x86)\msrtn32\Plugins\NPSWF32_11_5_502_110.dll
2016-08-13 08:55 - 2016-08-02 19:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-13 08:55 - 2016-08-02 19:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:10894A2E [498]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2016-08-30 01:44 - 00001370 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
127.0.0.1       down.baidu2016.com
127.0.0.1       123.sogou.com
127.0.0.1       www.czzsyzgm.com
127.0.0.1       www.czzsyzxl.com
127.0.0.1       union.baidu2019.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3231441937-2742052415-3469287404-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\ir7809qi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\4f3828fd09498_244731b.jpg
DNS Servers: 192.168.0.1 - 205.171.3.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B849E358-56C9-4257-BC2C-9CFC141FFBC8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{E916C9F2-5505-4376-A95D-F4DE3EF22A84}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{B4C9F458-063E-4FBB-A075-05B15F86A4D7}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [TCP Query User{B4106AF4-AC5F-4139-BA37-D02EF1D2F2BF}C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe] => (Block) C:\program files (x86)\hewlett-packard\hp support solutions\modules\hpdevicedetection3.exe
FirewallRules: [{4C1B8517-F6B2-4C69-ABC4-6CED9F557024}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [{EC28CE58-6302-4EF0-AD97-10479B90217C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tabletop Simulator\Tabletop Simulator.exe
FirewallRules: [UDP Query User{7DD0F073-2E69-40BE-8750-B1FEB708935B}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{4D0BFB42-D516-4BFD-AB8C-2F6040F00BA1}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{CB1A176C-A10F-43FC-9799-13AE78AF033E}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{B281E879-39A6-4691-B3FE-9101F3326CD2}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{378D0AFA-1D21-4C8D-9C9D-05EB213C547F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{89C32956-7573-4582-BA20-78097A787589}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{592BF325-DADC-49D4-8A2A-1C3C2557CC04}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B1372591-CB19-478B-8363-C4E4BC727463}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F98EFF63-E2E0-42DB-920C-0FF1325C22C6}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{C329ACC8-C5AC-4EF6-8CEC-E4851204709D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{FFD5B906-B69C-4E5B-A498-CB16CE44B010}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D950B9FB-9253-4311-B971-4A93F7DC80CE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{18A602E3-7230-4435-A892-0E3860FD8449}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{9B90C019-95E4-4628-907E-C63BACA49A3D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{743155E3-3A9B-4703-A245-26859B060429}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{3B0BC824-C91F-4017-A68D-2369EE8BDDE1}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{63C87891-D59D-42BC-AAE7-F6C4C5347FF5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{AD7B6F02-BB55-4E38-8DA5-5644908703C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{E90FF3B4-74A4-4BDA-B6E5-562853428D6E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{B9B7E8D4-7819-4503-B5BB-B93AFA898D27}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{3CC038D9-52D4-4FE0-ADB6-1FB16A4901AD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{966B0C23-4970-4A61-A588-4B65D18AFFCE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{BA6B5926-E959-4740-8AC5-BFED001C0058}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{69B3F517-81F8-4173-8D3B-28C19954602F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{92119043-723A-4F70-A776-648B19E688A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8C7A7688-04ED-48F5-8DB7-7CAE598E0331}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62222165-209D-4AB9-AF31-EA6C887CA819}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{09742D39-8DB5-4075-AEC6-70FFA80DDF86}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization IV Beyond the Sword\Beyond the Sword\Civ4BeyondSword.exe
FirewallRules: [{CAAA0E0C-0DC5-4573-B709-2B76547C0A91}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{D0A3C311-7A16-4F27-BE8D-E02A743806D8}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{8C446396-12AC-4BEF-9510-F1A401294FA7}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{E42037A9-454A-4CD0-A123-B6AB4BAC124E}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{65794340-86AF-4D5B-B3E4-5B5EA96EF387}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{E8807BC4-2862-4345-8E1E-0A3193FD015E}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{0A62F652-C0F6-4EC3-B88C-E3E902496108}] => (Allow) C:\Users\ir7809qi\AppData\Local\ddnowyes.exe
FirewallRules: [{77429B33-BB59-4EB4-885C-4DEA9C441D3B}] => (Allow) C:\Users\ir7809qi\AppData\Local\Temp\nsu8352.tmp\setup.exe
FirewallRules: [{AA1F2E79-04B8-4079-8986-AE69BF868B94}] => (Allow) C:\Users\ir7809qi\AppData\Local\62445127.exe
FirewallRules: [{663AB2BA-87DA-44B8-B8DE-D2537B84C29D}] => (Allow) C:\Users\ir7809qi\AppData\Local\tinstall.exe
FirewallRules: [{CD06B48D-6A60-4714-BF8C-6CE847EAB147}] => (Allow) C:\Users\ir7809qi\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{4F14EF0F-64A2-492A-8BC5-B8EA635793B0}] => (Allow) C:\Users\ir7809qi\AppData\Local\Temp\MPCOnline\MPCDownload.exe
FirewallRules: [{85404BE3-C55F-43EE-9919-6CAF8662D1C6}] => (Allow) C:\Users\ir7809qi\AppData\Local\BrowserAir\Application\BrowserairExec.exe
 
==================== Restore Points =========================
 
22-08-2016 23:32:20 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/31/2016 04:20:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1375
 
Error: (08/31/2016 04:20:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1375
 
Error: (08/31/2016 04:20:48 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2016 02:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1842219
 
Error: (08/31/2016 02:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1842219
 
Error: (08/31/2016 02:19:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2016 02:19:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1840781
 
Error: (08/31/2016 02:19:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1840781
 
Error: (08/31/2016 02:19:10 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (08/31/2016 01:48:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1391
 
 
System errors:
=============
Error: (08/30/2016 05:39:06 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {209500FC-6B45-4693-8871-6296C4843751} did not register with DCOM within the required timeout.
 
Error: (08/30/2016 05:35:41 PM) (Source: DCOM) (EventID: 10010) (User: BOB)
Description: The server {14286318-B6CF-49A1-81FC-D74AD94902F9} did not register with DCOM within the required timeout.
 
Error: (08/30/2016 05:34:47 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.
 
Error: (08/30/2016 05:32:44 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (08/30/2016 05:29:40 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Holdtam service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/30/2016 05:29:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Holdtam service to connect.
 
Error: (08/30/2016 05:29:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WCAssistantService service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (08/30/2016 05:29:36 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WCAssistantService service to connect.
 
Error: (08/30/2016 05:29:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the 0298321472571633mcinstcleanup service to connect.
 
Error: (08/30/2016 05:29:34 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CloudPrinter service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
 
CodeIntegrity:
===================================
  Date: 2016-08-30 02:17:43.292
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-08-30 01:43:11.633
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-30 01:43:11.508
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-27 18:18:41.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-27 18:18:41.058
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-22 23:35:11.482
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-22 23:35:11.435
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-22 19:43:11.536
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-22 19:43:11.487
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-22 19:22:59.358
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\LavasoftTcpService64.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-5545M APU with Radeon™ HD Graphics 
Percentage of memory in use: 45%
Total physical RAM: 7364.7 MB
Available physical RAM: 4050.46 MB
Total Virtual: 8516.7 MB
Available Virtual: 4827 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:903.88 GB) (Free:835.28 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.76 GB) (Free:2.58 GB) NTFS ==>[system with boot components (obtained from drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FF9D514A)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
 
I'll sit tight for now then, let me know what I need to do and thanks again.


#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:39 PM

Posted 01 September 2016 - 09:39 AM

1.

Please uninstall the following programs as they are related to malware.

BrowserAir
MPC Cleaner
Search module
TechWorks

 

2.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[attachment=184388:fixlist.txt]

 

3.

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double-click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will start to update its database...please wait until complete.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button...a report (AdwCleaner[SX].txt) will open in Notepad (where the largest value of X represents the most recent report).
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 chiodosin1

chiodosin1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 01 September 2016 - 11:15 AM

perhaps you missed my original post but I'm not really able to uninstall them in the traditional way, they don't show up on the list of programs to uninstall and even when I found the files themselves I am denied access even though I am an administrator and even when using safe mode. Is there some other way I should remove them?



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:39 PM

Posted 01 September 2016 - 02:04 PM

You have unwanted programs on your computer system that should be removed.
I recommend using the following program to do this because it is good at removing any stray remnants that uninstallers often leave behind.

1. Please download REVO UNINSTALLER
and save it on your computer.

2. Install Revo Uninstaller on your computer system.

3. Once the program is installed start the program and insure the uninstaller tab is active. (See image below)

revo-main-menu.png

Icons from all your installed programs will appear alphabetically in the main window.

4. Right click the program you wish to uninstall by selecting the program's icon in the main window.
A menu will appear such as that shown below.

revo-uninstall.png

5. Next, choose Uninstall from this menu.

A confirmation from the program you wish to uninstall will appear on your screen, such as the one shown in the image below.

6. Please choose YES that you wish to uninstall the program.

revo-confirm.png

By default, Revo Uninstaller will be set to Moderate uninstall Mode.
Please change it to Advanced by clicking the radio button near Advanced as shown below and then click the NEXT button.

revo-advanced1.png

7. Next, you will see this screen where a system restore back up is made.

uninstall-1.png

The program's built in uninstaller will appear on screen, confirm removal and the uninstall procedure will begin.

confirm.png

The program you uninstalled will confirm it has been uninstalled and may ask for user feedback as shown below. It is really your choice if you wish to take the time to answer their survey, however it is not important if you do or not and you can skip it by clicking NO

uninstall-complete.png

If you are told to reboot to complete the uninstall, choose NO! We still have other things we need to remove from your computer using Revo Uninstaller's other features.

8. Once the program has been successfully uninstalled, click the NEXT button.

next-button.png

Revo Uninstaller will scan your computer for leftover information, files and registry entries.

leftover-info.png

If any registry entries are found, Revo Uninstaller will list those in BOLD text as shown below.

leftover-registry.png

It is safe to remove those entries as they are often only associated with the program you have just removed from your computer system.

9. Look for the Select All button and click it.
All the BOLD entries should now be checked off like shown in the image below.

select-all.png

Look for the DELETE button and click it.
When asked to confirm the deletion, click YES

confirm-delete-registry.png

When finished click the Next button.

Revo may confirm the uninstall is complete and offer a FINISH button. This means the program has been successfully uninstalled and no further action is needed.

If however, any leftover files and folders are found those will be presented. If you want to get rid of them click Select All then Delete.
This will remove those and send them to your RECYCLE BIN. The image below shows Revo Uninstaller asking for your confirmation, before sending them to the recycle bin, simply choose the Yes Button and away they go to the trash. You can then either retrieve them or clean your recycle bin permanently removing them from your computer system.

revo5.png

You can use Revo Uninstaller to remove other unwanted programs from your computer by performing the above procedures for each one.

Edited by fireman4it, 01 September 2016 - 02:05 PM.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 chiodosin1

chiodosin1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 02 September 2016 - 03:32 PM

I was able to use REVO to uninstall most of the programs you listed but MPC cleaners itself didn't works as well. I got to the final step (deleting leftover files and folders) after trying to delete them it gave me a messege saying "selected but remaining files will be deleted during the next system restart." upon restarting however the the files were all still there and trying to delete them again has the same result. Any idea what I should do?



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:39 PM

Posted 05 September 2016 - 07:27 PM

Go ahead and proceed to The next step in the list of steps I gave you in post #4.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,507 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:10:39 PM

Posted 08 September 2016 - 09:14 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users