MPC Cleaner
Hi, MPC cleaner got onto my machine when I tried to get a free manual for my car, no such thing as free clearly. I have spent a day getting rid of all the crap that came with it, but mpc cannot be deleted by me or anyone it seems, so i bought spybot and tried to shred it or destroy it but it won't do it either, what can I do to remove it please?
Last edited by tashi; 2016-04-26 at 19:02. Reason: Moved from the 3 day waiting room. ;-)
Hello metalpods,
In case you missed it please see the sticky which includes guidelines for this forum and instructions in post #2 on how to provide the logs from Farbar Recovery Scan Tool and aswMBR, which are the logs used in the preliminary analysis.
http://forums.spybot.info/showthread.php?t=288
Once you add the logs to this topic I will remove my post and merge yours.
Best regards.
Microsoft MVP Reconnect 2018-
Windows Insider MVP 2016-2018
Microsoft Consumer Security MVP 2006-2016
scan
Hi Tasha here is the scan as requested
thanks
metalpods
scan
Hi Tashi here is the scan as requested
thanks
metalpodsAddition.txtAddition.txt
Hi
When FRST was first run it should had also produced a log FRST.txt
Can you locate this please and post it in your next reply.
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
frst.txt
This will not upload as it is 69kb which is above the limit for the site?
FRST.txt copied in!
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by brian (administrator) on FENNAH-TOSHIBA (27-04-2016 12:31:14)
Running from C:\Users\brian\Downloads
Loaded Profiles: brian (Available Profiles: Fennah & brian)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\ioloGovernor64.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Toshiba Europe GmbH) C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CYREN Inc.) C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\System Shield\ioloSSTray.exe
(Google Inc.) C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe
(Google, Inc) C:\Users\brian\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic Professional\LiveBoost.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtHSP.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Toshiba TEMPRO] => C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-10] (Toshiba Europe GmbH)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [Toshiba Registration] => C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2011-05-05] (Toshiba Europe GmbH)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\...\Run: [GoogleChromeAutoLaunch_DFE0B742127DE253F5D136A387FB27D5] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-04-06] (Google Inc.)
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\...\Run: [Google Update] => C:\Users\brian\AppData\Local\Google\Update\GoogleUpdate.exe [154440 2016-02-08] (Google Inc.)
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\...\Run: [Google Photos Backup] => C:\Users\brian\AppData\Local\Programs\Google\Google Photos Backup\Google Photos Backup.exe [3790936 2016-04-08] (Google, Inc)
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\...\MountPoints2: {909388a7-ae07-11e5-ad83-e89a8f705902} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\...\MountPoints2: {f1bdf55d-a88b-11e4-a8af-e89a8f705902} - F:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403304 2016-01-28] (Garmin Ltd. or its subsidiaries)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2011-11-14]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
BootExecute: autocheck autochk * sdnclean64.exebddel.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-4192471749-589627928-3305957805-1001] => hxxp://unstops.net/wpad.dat?4ad7d27fb046f77153911995810224079363555
Winsock: Catalog9 01 C:\Windows\system32\iavlsp.dll No File
Winsock: Catalog9 02 C:\Windows\system32\iavlsp.dll No File
Winsock: Catalog9 14 C:\Windows\system32\iavlsp.dll No File
Winsock: Catalog9-x64 01 C:\Windows\system32\iavlsp64.dll [160256 2016-02-19] ()
Winsock: Catalog9-x64 02 C:\Windows\system32\iavlsp64.dll [160256 2016-02-19] ()
Winsock: Catalog9-x64 14 C:\Windows\system32\iavlsp64.dll [160256 2016-02-19] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1381C236-CE3E-4ABD-A0F0-2A2A4D9D5D82}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{BB9C1DB9-2298-4996-9C11-11635C010048}: [DhcpNameServer] 192.168.11.1
Tcpip\..\Interfaces\{F0C57A9E-7B53-46E5-A3E5-F34BD1036732}: [NameServer] 208.87.151.20,208.87.151.21
Tcpip\..\Interfaces\{F0C57A9E-7B53-46E5-A3E5-F34BD1036732}: [DhcpNameServer] 192.168.1.1 192.168.1.1
ManualProxies: 0hxxp://unstops.net/wpad.dat?4ad7d27fb046f77153911995810224079363555
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://toshiba.eu/places?touch=4&cat=1
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyBtDyDzytDtBtA0AyB0EtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1029339382
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {1A585308-226F-46B3-8179-FA5A060522AB} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Pzftpbl0cshmoAM,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL =
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {C0CBAC0F-963B-4EC0-BC3D-6370F16E24AB} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {CE7004D9-9DAF-4F31-AFCA-1FA36CAC2535} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-12-26] (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-12-26] (Google Inc.)
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4192471749-589627928-3305957805-1001: @tools.google.com/Google Update;version=3 -> C:\Users\brian\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
FF Plugin HKU\S-1-5-21-4192471749-589627928-3305957805-1001: @tools.google.com/Google Update;version=9 -> C:\Users\brian\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-08] (Google Inc.)
Chrome:
=======
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4Pzftpbl0cshmoAM,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,&vp=ch&prd=set_ch
CHR StartupUrls: Default -> "hxxps://www.google.co.uk/"
CHR Profile: C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (Rapport) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-10]
CHR Extension: (YouTube) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Google Search) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Sheets) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-04]
CHR Extension: (Gmail) - C:\Users\brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-23]
CHR HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-16] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-16] (Dropbox, Inc.)
R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [803856 2016-01-28] (Garmin Ltd. or its subsidiaries)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [350688 2016-04-25] (DotC United Inc)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2372080 2016-03-23] (IBM Corp.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1740760 2014-09-03] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 TemproMonitoringService; C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [112080 2011-02-10] (Toshiba Europe GmbH)
R2 Thpsrv; C:\Windows\system32\ThpSrv.exe [526848 2010-12-24] (TOSHIBA Corporation) [File not signed]
R2 vseamps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseamps.exe [122120 2014-03-25] (CYREN Inc.)
R2 vsedsps; C:\Program Files\Common Files\Commtouch\AntiVirus5\vsedsps.exe [119560 2014-03-25] (CYREN Inc.)
S3 vseqrts; C:\Program Files\Common Files\Commtouch\AntiVirus5\vseqrts.exe [181512 2014-03-25] (CYREN Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMP; C:\Windows\system32\Drivers\amp.sys [174856 2014-03-25] (CYREN Inc.)
R2 AMPSE; C:\Windows\system32\Drivers\ampse.sys [1728776 2014-03-25] (CYREN Inc.)
S3 BVRPMPR5; C:\Windows\SysWOW64\drivers\BVRPMPR5.SYS [44224 2006-10-06] (BVRP Software) [File not signed]
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [30752 2013-09-15] (EldoS Corporation)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [60136 2016-04-25] (DotC United Inc)
R1 RapportCerberus_1609035; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609035.sys [1156456 2016-04-05] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-03-23] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-03-23] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-03-23] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [523432 2016-03-23] (IBM Corp.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [64160 2014-04-25] ()
S3 SMUpdd; C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys [43264 2016-04-23] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-27 12:31 - 2016-04-27 12:32 - 00024597 _____ C:\Users\brian\Downloads\FRST.txt
2016-04-27 12:28 - 2016-04-27 12:31 - 00000000 ___DC C:\FRST
2016-04-27 12:28 - 2016-04-27 12:28 - 02376704 _____ (Farbar) C:\Users\brian\Downloads\FRST64.exe
2016-04-27 12:26 - 2016-04-27 12:26 - 01728000 _____ (Farbar) C:\Users\brian\Downloads\FRST.exe
2016-04-27 12:21 - 2016-04-27 12:21 - 00000207 _____ C:\Windows\tweaking.com-regbackup-FENNAH-TOSHIBA-Windows-7-Home-Premium-(64-bit).dat
2016-04-27 12:21 - 2016-04-27 12:21 - 00000000 ___DC C:\RegBackup
2016-04-27 12:20 - 2016-04-27 12:20 - 00000539 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-04-27 12:20 - 2016-04-27 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-04-27 12:19 - 2016-04-27 12:21 - 00012865 _____ C:\Windows\Tweaking.com - Registry Backup Setup Log.txt
2016-04-27 12:19 - 2016-04-27 12:19 - 05523840 _____ (Tweaking.com) C:\Users\brian\Downloads\tweaking.com_registry_backup_setup.exe
2016-04-27 12:06 - 2016-04-27 12:06 - 00000000 ___DC C:\Program Files\Common Files\AV
2016-04-27 12:06 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-04-27 11:59 - 2016-04-27 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-26 10:06 - 2016-04-26 10:06 - 00017692 _____ C:\Windows\SysWOW64\bddel.dat
2016-04-26 09:35 - 2016-04-26 09:35 - 00558336 _____ (Safer-Networking Ltd. ) C:\Users\brian\Downloads\spybot2-license.exe
2016-04-26 09:35 - 2016-04-26 09:35 - 00558336 _____ (Safer-Networking Ltd. ) C:\Users\brian\Downloads\spybot2-license (1).exe
2016-04-26 09:20 - 2016-04-27 12:06 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-04-26 09:20 - 2016-04-26 10:02 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-04-26 09:20 - 2016-04-26 09:20 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-04-26 09:20 - 2016-04-26 09:20 - 00001346 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-04-26 09:20 - 2016-04-26 09:20 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-04-26 09:20 - 2016-04-26 09:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-04-26 09:20 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-04-26 09:18 - 2016-04-26 09:19 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\brian\Downloads\spybot-2.4.exe
2016-04-26 08:00 - 2016-04-27 12:00 - 00000408 _____ C:\Windows\SysWOW64\iolo.ini
2016-04-26 08:00 - 2016-04-27 12:00 - 00000408 _____ C:\Windows\system32\iolo.ini
2016-04-25 22:22 - 2016-04-25 22:22 - 00000000 ____D C:\Users\Fennah\AppData\Roaming\MCorp
2016-04-25 22:17 - 2016-04-27 11:59 - 00001696 _____ C:\Users\Public\Desktop\MPC Cleaner.lnk
2016-04-25 19:18 - 2016-04-27 12:00 - 00000392 _____ C:\Windows\SysWOW64\iolo.ini.txt
2016-04-25 19:15 - 2016-04-25 19:15 - 00000000 ___DC C:\Program Files\Common Files\Commtouch
2016-04-25 19:15 - 2016-04-25 19:15 - 00000000 ____D C:\ProgramData\Commtouch
2016-04-25 19:15 - 2016-02-19 07:15 - 00160256 _____ C:\Windows\system32\iavlsp64.dll
2016-04-25 19:15 - 2016-02-19 07:15 - 00118784 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\iavlsp.dll
2016-04-25 19:15 - 2014-03-25 15:59 - 01728776 ____R (CYREN Inc.) C:\Windows\system32\Drivers\ampse.sys
2016-04-25 19:14 - 2016-04-25 19:14 - 00003144 _____ C:\Windows\System32\Tasks\iolo Process Governor
2016-04-25 19:14 - 2016-04-25 19:14 - 00001444 _____ C:\Users\Public\Desktop\System Mechanic Professional.lnk
2016-04-25 19:14 - 2016-04-25 19:14 - 00000000 ____D C:\Users\brian\AppData\Roaming\ioloGovernor
2016-04-25 19:14 - 2016-04-25 19:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic Professional
2016-04-25 19:14 - 2016-04-25 19:14 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-04-25 19:14 - 2016-04-25 19:14 - 00000000 ____D C:\Program Files (x86)\iolo
2016-04-25 19:14 - 2016-02-19 07:30 - 00066392 _____ (iolo technologies, LLC) C:\Windows\system32\iolobtdfg.exe
2016-04-25 19:14 - 2016-02-19 07:30 - 00034736 _____ (iolo technologies, LLC) C:\Windows\system32\smrgdf.exe
2016-04-25 19:14 - 2016-02-19 07:20 - 02182248 _____ (iolo technologies, LLC) C:\Windows\system32\Incinerator64.dll
2016-04-25 19:14 - 2016-02-19 07:20 - 02123552 _____ (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll
2016-04-25 19:14 - 2016-02-19 07:15 - 00069000 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2016-04-25 19:14 - 2016-02-19 07:15 - 00056200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2016-04-25 19:12 - 2016-04-25 19:12 - 00426352 _____ C:\Users\brian\Downloads\smpro_dm (1).exe
2016-04-25 18:46 - 2016-04-25 19:20 - 00000000 ____D C:\Users\brian\AppData\Roaming\iolo
2016-04-25 18:43 - 2016-04-25 18:43 - 00074703 _____ C:\Windows\SysWOW64\mfc45.dat
2016-04-25 18:35 - 2016-04-25 18:35 - 00426352 _____ C:\Users\brian\Downloads\smpro_dm.exe
2016-04-25 18:26 - 2016-04-25 18:26 - 00187904 _____ C:\Users\brian\Downloads\adobe_flash_setup.exe
2016-04-25 16:33 - 2016-04-25 16:34 - 00000999 _____ C:\Windows\SysWOW64\${LOGFILE}
2016-04-25 16:17 - 2016-04-25 16:17 - 00000000 ____D C:\Users\brian\AppData\Roaming\MCorp
2016-04-25 15:52 - 2016-04-25 15:52 - 00262144 _____ C:\Windows\system32\config\elam
2016-04-25 13:57 - 2016-04-25 16:12 - 00000000 ___DC C:\Program Files (x86)\MPC Cleaner
2016-04-25 13:57 - 2016-04-25 13:57 - 00356864 _____ C:\ProgramData\smp2.exe
2016-04-25 13:57 - 2016-04-25 13:57 - 00060136 _____ (DotC United Inc) C:\Windows\system32\Drivers\MPCKpt.sys
2016-04-25 13:57 - 2016-04-25 13:57 - 00004252 _____ C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333630323336353531342d4a785b455a2a783445323757
2016-04-25 13:57 - 2016-04-25 13:57 - 00004172 _____ C:\Windows\System32\Tasks\SMW_P
2016-04-25 13:57 - 2016-04-25 13:57 - 00000000 ___DC C:\Program Files\Common Files\Doobzo
2016-04-25 13:57 - 2016-04-25 13:57 - 00000000 ____D C:\ProgramData\SearchModule
2016-04-25 13:53 - 2016-04-25 17:44 - 00000000 ____D C:\Users\brian\AppData\Roaming\WTools
2016-04-25 13:53 - 2016-04-25 16:42 - 00000000 ____D C:\Users\brian\AppData\Roaming\Store
2016-04-25 13:50 - 2016-04-25 16:34 - 00000000 ____D C:\Users\brian\AppData\Roaming\Nosibay
2016-04-25 13:50 - 2016-04-25 13:50 - 00000000 ____D C:\Users\brian\AppData\Roaming\SpringFiles
2016-04-25 13:49 - 2016-04-26 10:06 - 00000000 ____D C:\Program Files (x86)\289AD480-1461588595-11E0-A46E-E89A8F705902
2016-04-25 13:47 - 2016-04-25 13:47 - 00000000 ____D C:\ProgramData\7941b2cf-7d67-0
2016-04-25 13:47 - 2016-04-25 13:47 - 00000000 ____D C:\ProgramData\7941b2cf-3e13-1
2016-04-25 13:46 - 2016-04-25 13:46 - 03908336 _____ (Zurumbia Incorpatated) C:\Users\brian\Downloads\renault-megane-15-dci-manual_downloader.exe
2016-04-17 23:37 - 2016-04-17 23:37 - 00460081 _____ C:\Users\Fennah\Documents\F Podschies - No Claims Discount proof p2.pdf
2016-04-17 23:35 - 2016-04-17 23:35 - 00671543 _____ C:\Users\Fennah\Documents\F Podschies - No Claims Discount proof p1.pdf
2016-04-17 23:34 - 2016-04-17 23:35 - 00000000 ____D C:\Users\Fennah\AppData\Roaming\Canon
2016-04-13 21:34 - 2016-04-24 20:02 - 00000000 ____D C:\Users\Fennah\Documents\Linden Crescent
2016-04-13 14:57 - 2016-04-13 14:57 - 00001986 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-04-13 14:54 - 2016-04-13 14:54 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-04-13 14:51 - 2016-03-29 18:53 - 03216896 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-13 14:51 - 2016-03-18 00:04 - 05551336 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-13 14:51 - 2016-03-18 00:04 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-13 14:51 - 2016-03-18 00:04 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-13 14:51 - 2016-03-18 00:04 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-04-13 14:51 - 2016-03-18 00:01 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-13 14:51 - 2016-03-18 00:01 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-13 14:51 - 2016-03-17 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-04-13 14:51 - 2016-03-17 23:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-04-13 14:51 - 2016-03-17 23:57 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-04-13 14:51 - 2016-03-17 23:57 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-13 14:51 - 2016-03-17 23:57 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-04-13 14:51 - 2016-03-17 23:57 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-04-13 14:51 - 2016-03-17 23:57 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-04-13 14:51 - 2016-03-17 23:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-13 14:51 - 2016-03-17 23:56 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-04-13 14:51 - 2016-03-17 23:54 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-13 14:51 - 2016-03-17 23:54 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-13 14:51 - 2016-03-17 23:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-04-13 14:51 - 2016-03-17 23:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-04-13 14:51 - 2016-03-17 23:53 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-13 14:51 - 2016-03-17 23:53 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-04-13 14:51 - 2016-03-17 23:53 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-13 14:51 - 2016-03-17 23:53 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:36 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-04-13 14:51 - 2016-03-17 23:36 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-04-13 14:51 - 2016-03-17 23:33 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-13 14:51 - 2016-03-17 23:31 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-04-13 14:51 - 2016-03-17 23:31 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-04-13 14:51 - 2016-03-17 23:31 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-13 14:51 - 2016-03-17 23:31 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-04-13 14:51 - 2016-03-17 23:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-04-13 14:51 - 2016-03-17 23:30 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-04-13 14:51 - 2016-03-17 23:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-04-13 14:51 - 2016-03-17 23:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-04-13 14:51 - 2016-03-17 23:29 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-13 14:51 - 2016-03-17 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-04-13 14:51 - 2016-03-17 23:29 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-04-13 14:51 - 2016-03-17 23:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-13 14:51 - 2016-03-17 23:27 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-13 14:51 - 2016-03-17 23:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-13 14:51 - 2016-03-17 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-04-13 14:51 - 2016-03-17 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-04-13 14:51 - 2016-03-17 23:26 - 00553984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-13 14:51 - 2016-03-17 23:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 23:24 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 22:53 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-04-13 14:51 - 2016-03-17 22:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-04-13 14:51 - 2016-03-17 22:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-04-13 14:51 - 2016-03-17 22:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-04-13 14:51 - 2016-03-17 22:44 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-04-13 14:51 - 2016-03-17 22:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-04-13 14:51 - 2016-03-17 22:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-04-13 14:51 - 2016-03-17 22:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-13 14:51 - 2016-03-17 22:37 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-13 14:51 - 2016-03-17 22:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-13 14:51 - 2016-03-17 22:35 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-04-13 14:51 - 2016-03-17 22:35 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-04-13 14:51 - 2016-03-17 22:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-04-13 14:51 - 2016-03-17 22:30 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-04-13 14:51 - 2016-03-17 22:30 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-04-13 14:51 - 2016-03-17 22:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-04-13 14:51 - 2016-03-17 22:29 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-04-13 14:51 - 2016-03-17 22:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 22:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 22:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-04-13 14:51 - 2016-03-17 22:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-04-13 14:51 - 2016-03-16 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-13 14:51 - 2016-03-16 19:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-13 14:51 - 2016-03-16 19:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-13 14:51 - 2016-03-06 19:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-13 14:51 - 2016-03-06 19:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-04-13 14:51 - 2016-03-06 19:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-13 14:51 - 2016-03-06 19:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-04-13 14:51 - 2016-02-05 19:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-04-13 14:51 - 2016-02-05 19:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-13 14:51 - 2016-02-05 18:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-04-13 14:51 - 2016-02-02 19:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-13 14:51 - 2016-01-21 01:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-13 14:51 - 2015-06-03 21:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-13 14:50 - 2016-04-04 19:14 - 00038120 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-13 14:50 - 2016-04-04 19:02 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-13 14:50 - 2016-04-02 14:08 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-13 14:50 - 2016-03-31 20:25 - 00394952 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-04-13 14:50 - 2016-03-31 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-04-13 14:50 - 2016-03-31 01:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-04-13 14:50 - 2016-03-31 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-04-13 14:50 - 2016-03-31 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-04-13 14:50 - 2016-03-31 01:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-04-13 14:50 - 2016-03-31 01:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-04-13 14:50 - 2016-03-31 01:28 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-04-13 14:50 - 2016-03-31 01:27 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-04-13 14:50 - 2016-03-31 01:27 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-04-13 14:50 - 2016-03-31 01:27 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-04-13 14:50 - 2016-03-31 01:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-04-13 14:50 - 2016-03-31 01:22 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-04-13 14:50 - 2016-03-31 01:21 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-04-13 14:50 - 2016-03-31 01:19 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-04-13 14:50 - 2016-03-31 01:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-04-13 14:50 - 2016-03-31 01:17 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-04-13 14:50 - 2016-03-31 01:17 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-04-13 14:50 - 2016-03-31 01:17 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-04-13 14:50 - 2016-03-31 01:11 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-04-13 14:50 - 2016-03-31 01:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-04-13 14:50 - 2016-03-31 01:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-04-13 14:50 - 2016-03-31 01:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-04-13 14:50 - 2016-03-31 01:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-04-13 14:50 - 2016-03-31 00:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-04-13 14:50 - 2016-03-31 00:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-04-13 14:50 - 2016-03-31 00:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-04-13 14:50 - 2016-03-31 00:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-04-13 14:50 - 2016-03-31 00:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-04-13 14:50 - 2016-03-31 00:53 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-04-13 14:50 - 2016-03-31 00:52 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-04-13 14:50 - 2016-03-31 00:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-04-13 14:50 - 2016-03-31 00:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-04-13 14:50 - 2016-03-31 00:52 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-04-13 14:50 - 2016-03-31 00:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-04-13 14:50 - 2016-03-31 00:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-04-13 14:50 - 2016-03-31 00:48 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-04-13 14:50 - 2016-03-31 00:46 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-04-13 14:50 - 2016-03-31 00:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-04-13 14:50 - 2016-03-31 00:45 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-04-13 14:50 - 2016-03-31 00:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-04-13 14:50 - 2016-03-31 00:45 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-04-13 14:50 - 2016-03-31 00:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-04-13 14:50 - 2016-03-31 00:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-04-13 14:50 - 2016-03-31 00:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-04-13 14:50 - 2016-03-31 00:42 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-04-13 14:50 - 2016-03-31 00:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-04-13 14:50 - 2016-03-31 00:38 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-04-13 14:50 - 2016-03-31 00:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-04-13 14:50 - 2016-03-31 00:33 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-04-13 14:50 - 2016-03-31 00:31 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-04-13 14:50 - 2016-03-31 00:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-04-13 14:50 - 2016-03-31 00:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-04-13 14:50 - 2016-03-31 00:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-04-13 14:50 - 2016-03-31 00:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-04-13 14:50 - 2016-03-31 00:29 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-04-13 14:50 - 2016-03-31 00:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-04-13 14:50 - 2016-03-31 00:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-04-13 14:50 - 2016-03-31 00:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-04-13 14:50 - 2016-03-31 00:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-04-13 14:50 - 2016-03-31 00:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-04-13 14:50 - 2016-03-31 00:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-04-13 14:50 - 2016-03-31 00:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-04-13 14:50 - 2016-03-31 00:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-04-13 14:50 - 2016-03-31 00:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-04-13 14:50 - 2016-03-31 00:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-04-13 14:50 - 2016-03-23 15:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-13 14:50 - 2016-03-17 19:04 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-13 14:50 - 2016-03-17 19:04 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-13 14:50 - 2016-03-17 19:04 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-13 14:50 - 2016-03-17 19:04 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-13 14:50 - 2016-03-16 01:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-13 14:50 - 2016-03-16 01:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-13 14:50 - 2016-03-16 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-13 14:50 - 2016-03-11 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-04-13 14:50 - 2016-03-11 19:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-04-13 14:44 - 2016-04-13 14:44 - 00579619 _____ C:\Users\Fennah\Documents\IKEA Bathrooms Brochure 2016.mht
2016-04-13 14:41 - 2016-04-13 14:41 - 00579765 _____ C:\Users\Fennah\Documents\IKEA Kitchens & Appliances Brochure 2016.mht
2016-04-13 14:37 - 2016-04-13 14:37 - 00579473 _____ C:\Users\Fennah\Documents\IKEA Catalogue 2016.mht
2016-04-13 09:51 - 2016-04-13 09:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-11 15:12 - 2016-04-11 15:12 - 00296038 _____ C:\Users\brian\Downloads\Proforma Factuur 000*451 (1).pdf
2016-04-11 14:58 - 2016-04-11 14:59 - 00296038 _____ C:\Users\brian\Downloads\Proforma Factuur 000*451.pdf
2016-04-08 19:34 - 2016-04-08 19:34 - 00445624 _____ C:\Users\brian\Downloads\e-poster April.zip
2016-04-05 11:45 - 2016-04-05 11:45 - 00348952 _____ C:\Users\brian\Documents\dfds scan.pdf
2016-04-05 11:44 - 2016-04-05 11:44 - 00355533 _____ C:\Users\brian\Documents\IMG_20160405_0001.pdf
2016-04-04 11:09 - 2016-04-04 11:09 - 00313049 _____ C:\Users\brian\Downloads\yourinsurancedocuments.zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-04-27 12:15 - 2009-07-14 05:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-27 12:15 - 2009-07-14 05:45 - 00025120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-27 12:10 - 2015-11-10 09:45 - 00002358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-27 12:10 - 2015-11-10 09:45 - 00002346 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-27 12:10 - 2011-11-14 22:37 - 00001616 _____ C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-27 12:02 - 2016-01-10 14:02 - 00000000 ___RD C:\Users\brian\Dropbox
2016-04-27 11:59 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-26 10:23 - 2009-07-14 06:13 - 00797436 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-26 10:23 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-04-26 08:02 - 2015-08-16 14:57 - 00000000 ___RD C:\Users\Fennah\Dropbox
2016-04-26 08:02 - 2013-02-14 17:23 - 00000000 ____D C:\Users\Fennah\Documents\Bluetooth
2016-04-26 02:33 - 2015-07-14 21:16 - 00000000 ____D C:\Users\Fennah\Documents\MAO
2016-04-25 19:20 - 2013-10-19 10:51 - 00000000 ____D C:\ProgramData\iolo
2016-04-25 19:15 - 2012-05-16 09:42 - 00003148 _____ C:\Windows\System32\Tasks\SidebarExecute
2016-04-25 19:14 - 2009-07-14 04:20 - 00000000 __RSD C:\Windows\Media
2016-04-25 18:55 - 2014-05-22 14:42 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-04-25 16:08 - 2016-02-08 13:40 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4192471749-589627928-3305957805-1001Core.job
2016-04-25 16:08 - 2015-08-16 14:53 - 00000908 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-25 16:08 - 2015-08-16 14:53 - 00000904 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-25 16:08 - 2013-01-24 11:30 - 00000354 _____ C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job
2016-04-25 16:08 - 2012-08-02 13:17 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-25 16:08 - 2012-08-02 13:17 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-25 16:08 - 2012-04-14 10:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-25 13:46 - 2015-06-18 22:15 - 00001604 _____ C:\Users\Fennah\Desktop\Internet Explorer.lnk
2016-04-25 13:46 - 2011-09-26 18:25 - 00001634 _____ C:\Users\Fennah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-04-24 17:43 - 2012-04-14 10:42 - 00797376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-24 17:43 - 2011-10-05 09:43 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-23 13:20 - 2015-02-02 18:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-21 17:56 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-21 15:05 - 2010-11-21 04:27 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-20 20:39 - 2013-02-08 13:56 - 00000000 ____D C:\Users\Fennah\Documents\0. Fennah
2016-04-19 18:43 - 2015-04-16 20:49 - 00000000 ____D C:\Users\brian\Documents\brian podschies Designs
2016-04-15 18:02 - 2009-07-14 05:45 - 00283792 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-15 17:59 - 2014-12-14 22:19 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-13 22:07 - 2013-08-14 09:43 - 00000000 ____D C:\Windows\system32\MRT
2016-04-13 21:49 - 2011-10-02 22:02 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-13 14:57 - 2011-05-05 05:49 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-04-13 09:51 - 2015-08-16 14:53 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-13 09:43 - 2015-08-20 15:12 - 00000000 ____D C:\Users\brian\AppData\Local\Dropbox
2016-04-12 12:49 - 2011-11-14 22:37 - 00000000 ____D C:\Users\brian
2016-04-12 12:33 - 2015-08-16 14:53 - 00000000 ____D C:\Users\Fennah\AppData\Local\Dropbox
2016-04-08 10:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2016-04-06 11:44 - 2015-12-08 11:06 - 00000000 ____D C:\Users\brian\Downloads\Shopping Cart - Pioneer Bathrooms Ltd_files
2016-04-06 11:44 - 2012-12-10 15:22 - 00000000 ____D C:\Users\brian\Downloads\A new stepper motor driver circuit_files
2016-04-06 11:42 - 2015-05-29 23:46 - 00118784 ___SH C:\Users\brian\Documents\Thumbs.db
2016-04-06 10:43 - 2015-05-28 19:39 - 00000000 ____D C:\Users\brian\Documents\luxe 2015
2016-04-05 14:15 - 2013-08-01 09:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-04-05 03:01 - 2015-04-17 08:30 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-04-05 03:01 - 2015-04-17 08:30 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-04 10:18 - 2011-09-26 18:23 - 00000000 ____D C:\Users\Fennah
==================== Files in the root of some directories =======
2014-10-01 15:37 - 2014-10-01 15:37 - 0001315 _____ () C:\Program Files (x86)\acknowledge.txt
2014-10-01 15:37 - 2014-10-01 15:37 - 1129984 _____ () C:\Program Files (x86)\aspx_cdr_lib.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0355328 _____ () C:\Program Files (x86)\aspx_hunspell_lib.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0485888 _____ (Aspex Software) C:\Program Files (x86)\aspx_util_lib.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0125560 _____ (Graphtec Corporation) C:\Program Files (x86)\GITKUSBP.DLL
2014-10-01 15:37 - 2014-10-01 15:37 - 23507968 _____ (The ICU Project) C:\Program Files (x86)\icudt52.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 1419776 _____ (The ICU Project) C:\Program Files (x86)\icuin52.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0037376 _____ (The ICU Project) C:\Program Files (x86)\icuio52.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0212992 _____ (The ICU Project) C:\Program Files (x86)\icule52.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0038912 _____ (The ICU Project) C:\Program Files (x86)\iculx52.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0159744 _____ () C:\Program Files (x86)\icutu52.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 1068032 _____ (The ICU Project) C:\Program Files (x86)\icuuc52.dll
2014-10-01 15:42 - 2014-10-01 15:42 - 4337248 _____ () C:\Program Files (x86)\Install Fonts.exe
2014-10-01 15:37 - 2014-10-01 15:37 - 0462336 _____ () C:\Program Files (x86)\libfreetype-6.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0017408 _____ () C:\Program Files (x86)\mkbitmap.dll
2014-10-01 15:42 - 2014-10-01 15:42 - 2259528 _____ () C:\Program Files (x86)\Permissions.exe
2014-10-01 15:37 - 2014-10-01 15:37 - 0036352 _____ () C:\Program Files (x86)\potrace.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 1278464 _____ (Dipl.-Ing. Frank Siegert) C:\Program Files (x86)\pstilldll.dll
2014-10-01 15:42 - 2014-10-01 15:42 - 61677968 _____ () C:\Program Files (x86)\Silhouette Studio.exe
2014-10-01 15:37 - 2014-10-01 15:37 - 0028309 _____ () C:\Program Files (x86)\sstudio1.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0009216 _____ () C:\Program Files (x86)\testplug.dll
2014-10-01 15:37 - 2014-10-01 15:37 - 0072192 _____ (GnuWin32 <http://gnuwin32.sourceforge.net>) C:\Program Files (x86)\zlib1.dll
2016-04-25 13:50 - 2016-04-25 13:53 - 0001257 _____ () C:\Users\brian\AppData\Roaming\Bubble Dock.boostrap.log
2016-04-25 13:50 - 2016-04-25 13:52 - 0005712 _____ () C:\Users\brian\AppData\Roaming\Bubble Dock.installation.log
2016-04-25 13:53 - 2016-04-25 13:53 - 0000078 _____ () C:\Users\brian\AppData\Roaming\Selection Tools.installation.log
2016-04-25 13:50 - 2016-04-25 13:50 - 0000097 _____ () C:\Users\brian\AppData\Roaming\WindApp.boostrap.log
2016-04-25 13:53 - 2016-04-25 13:53 - 0000078 _____ () C:\Users\brian\AppData\Roaming\WindApp.installation.log
2013-11-13 22:55 - 2014-10-24 11:20 - 0008192 _____ () C:\Users\brian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-18 07:57 - 2014-06-18 07:57 - 0000000 _____ () C:\Users\brian\AppData\Local\{8C7ACE5A-B8F5-4FC3-97B2-635153B8D579}
2016-04-25 13:57 - 2016-04-25 13:57 - 0356864 _____ () C:\ProgramData\smp2.exe
2014-01-18 09:23 - 2014-01-18 09:31 - 0000000 _____ () C:\ProgramData\vlwlirjf.odd
2013-11-12 11:03 - 2013-11-12 13:04 - 95025368 ____T () C:\ProgramData\vzj9dqt.bxx
2013-11-12 11:03 - 2013-11-12 12:08 - 0000000 _____ () C:\ProgramData\vzj9dqt.fvv
2013-11-12 13:04 - 2013-11-12 13:04 - 0000279 _____ () C:\ProgramData\vzj9dqt.reg
Files to move or delete:
====================
C:\ProgramData\smp2.exe
C:\ProgramData\vlwlirjf.odd
C:\ProgramData\vzj9dqt.bxx
C:\ProgramData\vzj9dqt.fvv
C:\ProgramData\vzj9dqt.reg
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-02-08 10:00
==================== End of FRST.txt ============================
System Mechanic, they deal with the registry, which normally should be left alone, to some unnecessary tool,
We do not recommend the use of registry cleaners. No registry cleaner is completely safe since most do not even create a backup the potential is ever present to cause more problems than they claim to fix.
If you do not have knowledge of the registry, then you would probably be better off leaving it alone, and definitely not placing blind trust in a program to do the job for you.
Our colleague miekiemoes has an excellent writeup here
http://miekiemoes.blogspot.com/2008/...eaking_13.html
I recommend the uninstalling of the below
iolo System Mechanic
Running from C:\Users\brian\Downloads
It's best we move Farbar's to desktop.
Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
Open FRST/FRST64 and press the > Fix < button just once and wait.start
CreateRestorePoint:
CloseProcesses:
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {87FD958C-6DCD-4030-9C86-8645A8EE7F7C} - System32\Tasks\SMW_UpdateTask_Time_333630323336353531342d4a785b455a2a783445323757 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AE16BD67-1375-4F04-89BF-4BDC320E17BB} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-04-25] () <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DFAB8729-7FA3-4445-9B86-C972183E8732} - System32\Tasks\Funmoods => C:\Users\brian\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyBtDyDzytDtBtA0AyB0EtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1029339382
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {1A585308-226F-46B3-8179-FA5A060522AB} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Pzftpbl0cshmoAM,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL =
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {C0CBAC0F-963B-4EC0-BC3D-6370F16E24AB} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {CE7004D9-9DAF-4F31-AFCA-1FA36CAC2535} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4Pzftpbl0cshmoAM,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,&vp=ch&prd=set_ch
S3 SMUpdd; C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys [43264 2016-04-23] ()
C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys
C:\Program Files\Common Files\Doobzo
C:\ProgramData\SearchModule
C:\ProgramData\smp2.exe
C:\ProgramData\vlwlirjf.odd
C:\ProgramData\vzj9dqt.bxx
C:\ProgramData\vzj9dqt.fvv
C:\ProgramData\vzj9dqt.reg
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
Hosts:
End
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~`
AdwCleaner
- Please download AdwCleaner and save the file to your Desktop.
- Right-click AdwCleaner.exe and select
Run as administrator to run the programme.
- Follow the prompts.
- Click
Scan.
- Upon completion, click
Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
- Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
- Click
Clean.
- Follow the prompts and allow your computer to reboot.
- After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.
======================================================
Please download Junkware Removal Tool
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.
- Shut down your protection software now to avoid potential conflicts.
- Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
- The tool will open and start scanning your system.
- Please be patient as this can take a while to complete depending on your system's specifications.
- On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
- Post the contents of JRT.txt into your next message.
~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt
Windows Insider MVP Consumer Security 2009 - 2017
Please do not PM me for Malware help, we all benefit from posting on the open board.
here is th as requested! still have the MPC Cleaner files I can't delete?
Fix result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by brian (2016-04-28 11:22:00) Run:2
Running from C:\Users\brian\Desktop
Loaded Profiles: brian (Available Profiles: Fennah & brian)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {87FD958C-6DCD-4030-9C86-8645A8EE7F7C} - System32\Tasks\SMW_UpdateTask_Time_333630323336353531342d4a785b455a2a783445323757 => Wscript.exe //B "C:\ProgramData\SearchModule\smhe.js" smu.exe /invoke /f:check_services /l:0 <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {AE16BD67-1375-4F04-89BF-4BDC320E17BB} - System32\Tasks\SMW_P => C:\ProgramData\smp2.exe [2016-04-25] () <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {DFAB8729-7FA3-4445-9B86-C972183E8732} - System32\Tasks\Funmoods => C:\Users\brian\AppData\Roaming\Funmoods\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
ShortcutWithArgument: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www%2dsearching.com/?prd=set_epf&s=g4pzftpbl0cshmoam,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKLM -> {B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} URL = hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=as1212y&ir=as1212y&cd=2XzuyEtN2Y1L1Qzu0Ezzzy0Azz0FyBtDyDzytDtBtA0AyB0EtN0D0Tzu0CtAyDtBtN1L2XzutBtFtBtFtCtFyEtDyB&cr=1029339382
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=TSHMDF&pc=MATM&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {1A585308-226F-46B3-8179-FA5A060522AB} URL = hxxp://www-searching.com/s.ashx?prd=opensearch&q={searchTerms}&s=G4Pzftpbl0cshmoAM,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} URL =
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {C0CBAC0F-963B-4EC0-BC3D-6370F16E24AB} URL = hxxp://www.google.co.uk/search?hl=en&q={searchTerms}&meta=
SearchScopes: HKU\S-1-5-21-4192471749-589627928-3305957805-1001 -> {CE7004D9-9DAF-4F31-AFCA-1FA36CAC2535} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR HomePage: Default -> hxxp://www-searching.com/?pid=s&s=G4Pzftpbl0cshmoAM,7520fe93-9ec8-4c3d-a2a3-985c1e4ab80c,&vp=ch&prd=set_ch
S3 SMUpdd; C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys [43264 2016-04-23] ()
C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys
C:\Program Files\Common Files\Doobzo
C:\ProgramData\SearchModule
C:\ProgramData\smp2.exe
C:\ProgramData\vlwlirjf.odd
C:\ProgramData\vzj9dqt.bxx
C:\ProgramData\vzj9dqt.fvv
C:\ProgramData\vzj9dqt.reg
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{87FD958C-6DCD-4030-9C86-8645A8EE7F7C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FD958C-6DCD-4030-9C86-8645A8EE7F7C}" => key removed successfully
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333630323336353531342d4a785b455a2a783445323757 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333630323336353531342d4a785b455a2a783445323757" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE16BD67-1375-4F04-89BF-4BDC320E17BB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE16BD67-1375-4F04-89BF-4BDC320E17BB}" => key removed successfully
C:\Windows\System32\Tasks\SMW_P => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DFAB8729-7FA3-4445-9B86-C972183E8732}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFAB8729-7FA3-4445-9B86-C972183E8732}" => key removed successfully
C:\Windows\System32\Tasks\Funmoods => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods" => key removed successfully
C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B}" => key removed successfully
HKCR\CLSID\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}" => key removed successfully
HKCR\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B}" => key removed successfully
HKCR\Wow6432Node\CLSID\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
"HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A585308-226F-46B3-8179-FA5A060522AB}" => key removed successfully
HKCR\CLSID\{1A585308-226F-46B3-8179-FA5A060522AB} => key not found.
"HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B}" => key removed successfully
HKCR\CLSID\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
"HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0CBAC0F-963B-4EC0-BC3D-6370F16E24AB}" => key removed successfully
HKCR\CLSID\{C0CBAC0F-963B-4EC0-BC3D-6370F16E24AB} => key not found.
"HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE7004D9-9DAF-4F31-AFCA-1FA36CAC2535}" => key removed successfully
HKCR\CLSID\{CE7004D9-9DAF-4F31-AFCA-1FA36CAC2535} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}" => key removed successfully
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
Chrome HomePage => removed successfully
SMUpdd => service removed successfully
C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys => moved successfully
C:\Program Files\Common Files\Doobzo => moved successfully
C:\ProgramData\SearchModule => moved successfully
C:\ProgramData\smp2.exe => moved successfully
C:\ProgramData\vlwlirjf.odd => moved successfully
C:\ProgramData\vzj9dqt.bxx => moved successfully
C:\ProgramData\vzj9dqt.fvv => moved successfully
C:\ProgramData\vzj9dqt.reg => moved successfully
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= netsh int ipv6 reset =========
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
========= End of CMD: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
Restore point was successfully created.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87FD958C-6DCD-4030-9C86-8645A8EE7F7C} => key not found.
C:\Windows\System32\Tasks\SMW_UpdateTask_Time_333630323336353531342d4a785b455a2a783445323757 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_333630323336353531342d4a785b455a2a783445323757 => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE16BD67-1375-4F04-89BF-4BDC320E17BB} => key not found.
C:\Windows\System32\Tasks\SMW_P => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_P => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DFAB8729-7FA3-4445-9B86-C972183E8732} => key not found.
C:\Windows\System32\Tasks\Funmoods => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Funmoods => key not found.
C:\Users\brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\brian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Public\Desktop\Google Chrome.lnk => Shortcut argument removed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
HKCR\CLSID\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => key not found.
HKCR\CLSID\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
HKCR\Wow6432Node\CLSID\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1A585308-226F-46B3-8179-FA5A060522AB} => key not found.
HKCR\CLSID\{1A585308-226F-46B3-8179-FA5A060522AB} => key not found.
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
HKCR\CLSID\{7ABB8264-F25C-44C9-AD4E-4F4CE9D0F08B} => key not found.
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C0CBAC0F-963B-4EC0-BC3D-6370F16E24AB} => key not found.
HKCR\CLSID\{C0CBAC0F-963B-4EC0-BC3D-6370F16E24AB} => key not found.
HKU\S-1-5-21-4192471749-589627928-3305957805-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE7004D9-9DAF-4F31-AFCA-1FA36CAC2535} => key not found.
HKCR\CLSID\{CE7004D9-9DAF-4F31-AFCA-1FA36CAC2535} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKCR\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKCR\Wow6432Node\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} => key not found.
HKCR\PROTOCOLS\Handler\linkscanner => key not found.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
Chrome HomePage => not found.
SMUpdd => service not found.
"C:\Program Files\Common Files\Doobzo\GSUpdate\smw.sys" => not found.
"C:\Program Files\Common Files\Doobzo" => not found.
"C:\ProgramData\SearchModule" => not found.
"C:\ProgramData\smp2.exe" => not found.
"C:\ProgramData\vlwlirjf.odd" => not found.
"C:\ProgramData\vzj9dqt.bxx" => not found.
"C:\ProgramData\vzj9dqt.fvv" => not found.
"C:\ProgramData\vzj9dqt.reg" => not found.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
There's no user specified settings to be reset.
========= End of CMD: =========
========= netsh int ipv6 reset =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
There's no user specified settings to be reset.
========= End of CMD: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
The operation completed successfully.
========= End of Reg: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 1.2 GB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 11:27:39 ====
lastest report
# AdwCleaner v5.114 - Logfile created 28/04/2016 at 11:47:59
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (X64)
# Username : brian - FENNAH-TOSHIBA
# Running from : C:\Users\brian\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum
***** [ Services ] *****
[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
***** [ Folders ] *****
[-] Folder Deleted : C:\ProgramData\Tarma Installer
[-] Folder Deleted : C:\ProgramData\7941b2cf-3e13-1
[-] Folder Deleted : C:\ProgramData\7941b2cf-7d67-0
[#] Folder Deleted : C:\ProgramData\Application Data\Tarma Installer
[#] Folder Deleted : C:\ProgramData\Application Data\7941b2cf-3e13-1
[#] Folder Deleted : C:\ProgramData\Application Data\7941b2cf-7d67-0
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\289AD480-1461588595-11E0-A46E-E89A8F705902
[-] Folder Deleted : C:\Users\brian\AppData\Roaming\Funmoods
[-] Folder Deleted : C:\Users\brian\AppData\Roaming\Nosibay
[-] Folder Deleted : C:\Users\brian\AppData\Roaming\Store
[-] Folder Deleted : C:\Users\brian\AppData\Roaming\WTools
[-] Folder Deleted : C:\Users\brian\AppData\Roaming\SpringFiles
[-] Folder Deleted : C:\Windows\SysNative\Store
***** [ Files ] *****
[-] File Deleted : C:\END
[-] File Deleted : C:\Users\brian\AppData\Roaming\Bubble Dock.boostrap.log
[-] File Deleted : C:\Users\brian\AppData\Roaming\Bubble Dock.installation.log
[-] File Deleted : C:\Users\brian\AppData\Roaming\Selection Tools.installation.log
[-] File Deleted : C:\Users\brian\AppData\Roaming\WindApp.boostrap.log
[-] File Deleted : C:\Users\brian\AppData\Roaming\WindApp.installation.log
[-] File Deleted : C:\Users\Fennah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage
[-] File Deleted : C:\Users\Fennah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ndibdjnfmopecpmkdieinmbadjfpblof_0.localstorage-journal
[-] File Deleted : C:\Users\Fennah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Fennah\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal
[#] File Deleted : C:\Windows\SysNative\drivers\MPCKpt.sys
***** [ DLLs ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Crush the Castle 2.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Dark Orbit.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Farmerama.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Free Realms.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Seafight.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Shaiya.lnk
[-] Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft.lnk
[-] Shortcut Disinfected : C:\Users\Fennah\Desktop\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Fennah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[-] Shortcut Disinfected : C:\Users\Fennah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[-] Shortcut Disinfected : C:\Users\Fennah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[-] Shortcut Disinfected : C:\Users\Fennah\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk
***** [ Scheduled tasks ] *****
***** [ Registry ] *****
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\smu.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\IGearSettings
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\Nosibay
[-] Key Deleted : HKCU\Software\Store
[-] Key Deleted : HKCU\Software\System Healer
[-] Key Deleted : HKCU\Software\Wajam
[-] Key Deleted : HKCU\Software\WTools
[-] Key Deleted : HKCU\Software\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\InstallCore
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\SearchModule
[-] Key Deleted : HKLM\SOFTWARE\SrpnFiles
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\SearchModule
[-] Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{E85F5890-70F9-4C6C-BFA0-30B8116CDDD2}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{027B4D6C-B024-4AB8-B01A-D612E9588A75}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{7192E15E-5ECB-4FCA-BF7D-D7D0723368BC}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{F08F0770-844E-44E1-8B90-87A1B897E6C2}]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{F0C57A9E-7B53-46E5-A3E5-F34BD1036732} [NameServer]
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C1].txt - [7096 bytes] - [28/04/2016 11:47:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [8682 bytes] - [28/04/2016 11:45:38]
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7242 bytes] ##########
Posting Permissions
