User Tag List

mpc cleaner issue

This is a discussion on mpc cleaner issue within the Resolved HJT Threads forums, part of the Tech Support Forum category. I am working on a different PC for my nephew but cannot connect to the interet with that one, so,


 
 
Thread Tools Search this Thread
Old 04-17-2016, 07:15 PM   #1
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



I am working on a different PC for my nephew but cannot connect to the interet with that one, so, as I am lothe to copy info from a USB from an infected computer, here is the info requested. I tried bitdefender boot disc which found and cleaned a few, but I can not get rid of the mpc cleaner and a few others. I get an error message when I try to install malwarebyes.
Thanks for the help!

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412
Run by Matt at 19:37:53 on 2016-04-17
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.3765.2351 [GMT -5:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall *Disabled* {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31\knsr63F9.tmpfs
C:\ProgramData\CloudPrinter\CloudPrinter.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Users\Matt\AppData\Roaming\CujjocForre\Rucgh.exe
svchost.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Users\Matt\AppData\Local\Dynamation\Dynamation.exe
C:\Users\Matt\AppData\Local\winone\WinoneApp.exe
C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
C:\Program Files (x86)\Note-up\Note-up.exe
C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\System32\NetworkUXBroker.exe
C:\WINDOWS\System32\svchost.exe -k smphost
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
\\?\C:\WINDOWS\system32\wbem\WMIADAP.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP24eo9kfZX0nx5RMnF8q7m-bdyJXQQYZ_5D2Ljnr3enyUKDOo7miJ2uxMHaEmLVTO0aOG337pJfenl4-6eOhLCGhLbOEXW8tmpWKvcy2anSWGObpZvBbtxUKuMDpOlhPEHsc7B8qY5vRL_zZ3RHfRkqx33GuA1LY2cJ5DfD317wogaWLuNRUc3qg,&q={searchTerms}
uSearch Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61
BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
BHO: Find Search Window: {39049009-b87a-49f2-9434-9ed790347db2} -
BHO: {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} - <orphaned>
uRun: [OneDrive] "C:\Users\Matt\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Chromium] "c:\users\matt\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
uRun: [Dynamation] C:\Users\Matt\AppData\Local\Dynamation\Dynamation.exe
uRun: [Winoneexe] C:\Users\Matt\AppData\Local\winone\WinoneApp.exe
uRun: [Itibiti.exe] C:\Program Files (x86)\Itibiti Soft Phone\Itibiti.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Note-up] C:\Program Files (x86)\Note-up\note-up.exe /watch
mRun: [ospd_us_037010249] <no file>
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.11.309\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: EnableLUA = dword:0
TCP: NameServer = 82.163.142.7 95.211.158.134
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0d536d49-a0bb-4c1e-8d48-b3937d764934} : NameServer = 104.197.191.4
TCP: Interfaces\{0f175a53-46f4-4ccb-a05d-5ce2329c8c0e} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{0f175a53-46f4-4ccb-a05d-5ce2329c8c0e} : DHCPNameServer = 82.163.142.7
TCP: Interfaces\{10c92548-b393-4b09-b3d1-f7ab2d512448} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{10c92548-b393-4b09-b3d1-f7ab2d512448} : DHCPNameServer = 82.163.142.7
TCP: Interfaces\{2c5889e9-a37c-40e5-b676-e90d617bfcf8} : NameServer = 104.197.191.4
TCP: Interfaces\{428e7eda-581b-11e5-9bc2-806e6f6e6963} : NameServer = 104.197.191.4
TCP: Interfaces\{6bb4f047-2706-11e5-9bbe-806e6f6e6963} : NameServer = 104.197.191.4
TCP: Interfaces\{7ef9cf75-ff17-4f47-ad3b-e3f0ffe7cc3d} : NameServer = 82.163.142.7 95.211.158.134
TCP: Interfaces\{7ef9cf75-ff17-4f47-ad3b-e3f0ffe7cc3d} : DHCPNameServer = 192.168.1.1
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
AppInit_DLLs= C:\ProgramData\Zonekix\Zathtam.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: {1036AD63-AEAC-460B-9060-C96005D4DC86} - <orphaned>
x64-Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-Run: [SpaceSoundPro] "C:\Program Files\SpaceSoundPro\SpaceSoundPro.exe"
x64-Run: [IDSCPRODUCT] "C:\Program Files\SpaceSoundPro\\idscservice.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: EnableLUA = dword:0
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 107.178.255.88 Google Analytics - Mobile, Premium and Free Website Analytics ? Google
Hosts: 107.178.255.88 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats
Hosts: 107.178.255.88 statcounter.com
Hosts: 107.178.255.88 ssl.google-analytics.com
Hosts: 107.178.255.88 partner.googleadservices.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R?2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2015-12-6 157928]
R0 mfehidk;McAfee Inc. mfehidk;C:\WINDOWS\System32\drivers\mfehidk.sys [2014-4-3 841944]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\WINDOWS\System32\drivers\mfewfpk.sys [2015-12-20 244544]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-9-10 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 avgtp;avgtp;C:\WINDOWS\System32\drivers\avgtpx64.sys [2012-11-8 50976]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R1 MPCKpt;MPCKpt;C:\WINDOWS\System32\drivers\MPCKpt.sys [2016-2-25 59112]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-10-7 77104]
R2 CloudPrinter;CloudPrinter;C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a --> C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f C:\ProgramData\\CloudPrinter\\CloudPrinter.dat [?]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 gihucimizbt;Scan Function Key;C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31\knsr63F9.tmpfs [2016-2-25 214016]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-7-6 453520]
R2 McAPExe;McAfee AP Service;C:\Program Files\McAfee\MSC\McAPExe.exe [2014-7-6 863448]
R2 McBootDelayStartSvc;McAfee Boot Delay Start Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-7-6 453520]
R2 mccspsvc;McAfee CSP Service;C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [2016-2-23 1696712]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-7-6 453520]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-7-6 453520]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-7-6 453520]
R2 mfemms;McAfee Service Controller;C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe [2015-6-16 378848]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\WINDOWS\System32\mfevtps.exe [2014-7-6 256840]
R2 MPCProtectService;MPC Core Protect Service;C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [2016-2-25 348640]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 Tojryn;Tojryn;C:\Users\Matt\AppData\Roaming\CujjocForre\Rucgh.exe [2016-2-25 125768]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 HECIx64;Intel(R) Management Engine Interface;C:\WINDOWS\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 mfeaack;McAfee Inc. mfeaack;C:\WINDOWS\System32\drivers\mfeaack.sys [2015-2-17 415976]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\WINDOWS\System32\drivers\mfeavfk.sys [2014-4-3 351120]
R3 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2014-7-6 233680]
R3 mfefirek;McAfee Inc. mfefirek;C:\WINDOWS\System32\drivers\mfefirek.sys [2014-4-3 497888]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\WINDOWS\System32\drivers\mfencbdc.sys [2015-11-20 539496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2015-7-2 82072]
S2 Cotruwbo;Cotruwbo;"C:\Users\Matt\AppData\Roaming\ZipliFujri\Cynmo.exe" -cms --> C:\Users\Matt\AppData\Roaming\ZipliFujri\Cynmo.exe [?]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 FlashBeat;FlashBeat;C:\ProgramData\FlashBeat\FlashBeat.exe -s --> C:\ProgramData\FlashBeat\FlashBeat.exe -s [?]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [2014-7-6 453520]
S2 nplus;Net Plus;C:\Program Files\nplus\nplus.exe [2016-2-25 383488]
S2 OsNmSanYBd;OsNmSanYBd;C:\ProgramData\HPwEdtiX\OsNmSanYBd.exe [2016-2-25 3001832]
S2 Zonekix;Zonekix;C:\ProgramData\\Zonekix\\Zonekix.exe shuz -f "C:\ProgramData\\Zonekix\\Zonekix.dat" -l -a --> C:\ProgramData\\Zonekix\\Zonekix.exe shuz -f C:\ProgramData\\Zonekix\\Zonekix.dat [?]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-3 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 cfwids;McAfee Inc. cfwids;C:\WINDOWS\System32\drivers\cfwids.sys [2014-4-3 80760]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 fcvsc;fcvsc;C:\WINDOWS\System32\drivers\fcvsc.sys [2015-7-10 31232]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\WINDOWS\System32\drivers\HipShieldK.sys [2015-8-6 207208]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.11.309\McCHSvc.exe [2016-3-11 293128]
S3 mfencrk;McAfee Inc. mfencrk;C:\WINDOWS\System32\drivers\mfencrk.sys [2015-11-20 109480]
S3 mfesapsn;McAfee Process Start Notification Service;C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [2015-12-6 37960]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-9-10 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-9-10 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-9-10 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-9-10 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2015-6-10 54784]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-9-10 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
.
=============== Created Last 30 ================
.
2016-04-18 00:08:08 16148 ----a-w- C:\WINDOWS\System32\MATT-PC_Matt_HistoryPrediction.bin
2016-04-18 0041 -------- d-----w- C:\WINDOWS\System32\icos
2016-04-17 18:43:44 -------- d-----w- C:\WINDOWS\System32\xhlo
2016-04-17 18:09:34 -------- d-----w- C:\AdwCleaner
2016-04-15 04:16:55 -------- d-----w- C:\WINDOWS\System32\uzu
2016-04-15 03:54:19 -------- d-----w- C:\WINDOWS\System32\cur
2016-04-15 03:50:36 -------- d-----w- C:\WINDOWS\System32\eru
2016-04-15 01:48:34 -------- d-----w- C:\WINDOWS\System32\sid
2016-04-15 01:45:03 -------- d-----w- C:\WINDOWS\System32\ane
2016-04-15 01:33:42 -------- d-----w- C:\WINDOWS\System32\bup
2016-04-15 0118 -------- d-----w- C:\ProgramData\41872b28
2016-04-15 0117 -------- d-----w- C:\ProgramData\{04064df8-312c-0}
2016-04-15 0116 -------- d-----w- C:\ProgramData\{029f50aa-612c-0}
2016-04-15 0116 -------- d-----w- C:\ProgramData\{0081baf8-112c-1}
2016-04-14 16:13:24 -------- d---a-w- C:\RescueCD Logs
.
==================== Find3M ====================
.
2016-02-26 04:34:25 188559 ----a-w- C:\Users\Matt\AppData\Roaming\Hayit.bin
2016-02-26 04:33:59 762880 ----a-w- C:\Users\Matt\AppData\Roaming\Triogois.exe
2016-02-26 04:33:59 762880 ----a-w- C:\Users\Matt\AppData\Roaming\Lat-Core.exe
2016-02-26 01:58:48 59112 ----a-w- C:\WINDOWS\System32\drivers\MPCKpt.sys
2016-02-26 01:42:47 187904 ----a-w- C:\WINDOWS\rsrcs.dll
2016-02-02 22:47:29 828920 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-02-02 22:47:29 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-07-24 17:09:16 6420480 ----a-w- C:\Program Files (x86)\GUTC034.tmp
.
============= FINISH: 19:40:04.97 ===============
Attached Files
File Type: txt Attach.txt (17.0 KB, 29 views)
BlueMoon is offline  
Sponsored Links
Advertisement
 
Old 04-17-2016, 11:11 PM   #2
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello BlueMoon,

My name is Tolga and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
Please download to and run all requested tools from your Desktop.
Perform everything in the correct order. Sometimes one step requires the previous one.
If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
My native language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
Back up important files before we start.

Now, let's get started, shall we?

Please download Farbar Recovery Scan Tool and save it to your desktop.

Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
Make sure the Addition.txt button is ticked.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
__________________
tekir06 is offline  
Old 04-18-2016, 05:00 AM   #3
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



Thank you so much for your assistance!
Attached are the files you requested.
Attached Files
File Type: txt FRST.txt (31.6 KB, 44 views)
File Type: txt Addition.txt (31.2 KB, 25 views)
BlueMoon is offline  
Sponsored Links
Advertisement
 
Old 04-18-2016, 06:43 AM   #4
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello BlueMoon,

Your system is in poor condition. The problem is not only MPC cleaner. You're hosting a lot of adware, malware, browser hijacker.

Okey, let's get started.

We need to uninstall some programs.

Press the Windows Key + R on your keyboard at the same time. Type appwiz.cpl and click OK.
Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

ARO 2012 >>>>>>>>: Please Read
Privacy SafeGuard version 1.1
>>>>> Please Read
SafeFinder>>>>>>> Please Read

==============================================

Download attached fixlist.txt file and save it to the Desktop.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

Double-click FRST64.exe to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
Click the Fix button just once, and wait.
If you receive a message that a reboot is required, please make sure you allow it to restart normally.
The tool will complete its run after the restart.
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Attached Files
File Type: txt fixlist.txt (12.7 KB, 293 views)
__________________
tekir06 is offline  
Old 04-18-2016, 05:04 PM   #5
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



The first 2 uninstalled ok, however SafeFinder will not uninstall. The little blue circle goes around but then stops after a few seconds and the program is still there.
Should I continue with the Fixlist.txt even though the Safefinder is still present or do you have another way to remove it?

Thanks again for your help!
BlueMoon is offline  
Old 04-18-2016, 07:26 PM   #6
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



Also, as before mentioned, I do not have interet access on the PC we are working on so if it asks for an update, I will not be able to do it.
BlueMoon is offline  
Old 04-18-2016, 11:02 PM   #7
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello BlueMoon,

Thanks for the information. Did you run the FRST tool with fixlist ? Did you lose internet access after this procedure? Please let me know.
__________________
tekir06 is offline  
Old 04-19-2016, 04:19 AM   #8
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



I had asked if I should still run it since i cannot get rid of the SafeFinder so no, i have not run it yet.
Internet was down before all of this. Says it is missing a module.
BlueMoon is offline  
Old 04-19-2016, 04:55 AM   #9
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again BlueMoon,

Please try run the FRST tool with fixlist. if it does not work, please let me know.
__________________
tekir06 is offline  
Old 04-19-2016, 05:35 AM   #10
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



It is still running but there is a box that says "ipconfig.exe - system error. The program can't start because DNSAPI.dll is missing from your computer. Try reinstalling the program to fix this problem."
Should I click "OK" or just let it finish?
BlueMoon is offline  
Old 04-19-2016, 05:49 AM   #11
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



clicked ok for it and the next 3 boxes just like it and it is running again. I will wait to see if it finishes.
Thanks
BlueMoon is offline  
Old 04-19-2016, 07:43 AM   #12
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



It has completed and the results are as follows, however SafeFinder and MPC Cleaner are still on the system.

Fix result of Farbar Recovery Scan Tool (x64) Version:17-04-2016 01
Ran by Matt (2016-04-19 07:00:01) Run:1
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
() C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31\knsr63F9.tmpfs
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe
() C:\Users\Matt\AppData\Roaming\CujjocForre\Rucgh.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray.exe
(DotC United Inc) C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe
() C:\Users\Matt\AppData\Local\Dynamation\Dynamation.exe
HKLM-x32\...\Run: [ospd_us_037010249] => [X]
HKLM-x32\...\Run: [win_en_77] => [X]
HKLM-x32\...\Run: [mpck_en_005030249] => [X]
HKLM-x32\...\Run: [sun13] => [X]
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\...\Run: [Chromium] => "c:\users\matt\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\...\Run: [Dynamation] => C:\Users\Matt\AppData\Local\Dynamation\Dynamation.exe [14336 2016-02-25] ()
AppInit_DLLs: C:\ProgramData\Zonekix\Blackdondax.dll => No File
AppInit_DLLs-x32: C:\ProgramData\Zonekix\Zathtam.dll => C:\ProgramData\Zonekix\Zathtam.dll [257536 2016-02-25] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-1748121237-3943246308-539808196-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> OldSearch URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyB0B0C0Bzz0E0EzztC0B0E0CtC0BtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtA0CtA0B0AtCyCtGyEzz0ByCtG0CtDyD0BtGtByC0FyBtGyD0AtB0DtD0A0CtDtAzz0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyB0C0CzyyEtBtGtB0EyEzztGyEyEyEzytGzyzyyB0CtGtDtDzytAyDzy0FzyyE0FtB0F2QtN0A0LzuyE%26cr%3D2135089128%26a%3Dwbf_mdaffmarmarie_16_08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP24eo9kfZX0nx5RMnF8q7m-bdyJXQQYZ_5D2Ljnr3enyUKDOo7miJ2uxMHaEmLVTO0aOG337pJfenl4-6eOhLCGhLbOEXW8tmpWKvcy2anSWGObpZvBbtxUKuMDpOlhPEHsc7B8qY5vRL_zZ3RHfRkqx33GuA1LY2cJ5DfD317wogaWLuNRUc3qg,&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> OldSearch URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_mdaffmarmarie_16_08&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FtDyB0B0C0Bzz0E0EzztC0B0E0CtC0BtN0D0Tzu0StCyDtCyCtN1L2XzutAtFtCzztFtCtFtCtN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StCtA0CtA0B0AtCyCtGyEzz0ByCtG0CtDyD0BtGtByC0FyBtGyD0AtB0DtD0A0CtDtAzz0EtA2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzyyB0C0CzyyEtBtGtB0EyEzztGyEyEyEzytGzyzyyB0CtGtDtDzytAyDzy0FzyyE0FtB0F2QtN0A0LzuyE%26cr%3D2135089128%26a%3Dwbf_mdaffmarmarie_16_08%26os_ver%3D10.0%26os%3DWindows%2B10%2BHome&p={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBP24eo9kfZX0nx5RMnF8q7m-bdyJXQQYZ_5D2Ljnr3enyUKDOo7miJ2uxMHaEmLVTO0aOG337pJfenl4-6eOhLCGhLbOEXW8tmpWKvcy2anSWGObpZvBbtxUKuMDpOlhPEHsc7B8qY5vRL_zZ3RHfRkqx33GuA1LY2cJ5DfD317wogaWLuNRUc3qg,&q={searchTerms}
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1748121237-3943246308-539808196-1000 -> {B021500A-8A1F-46E6-B5D6-22C6BDE38747} URL = hxxp://www.mysearchresults.com/search?&c=0000&t=01&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1748121237-3943246308-539808196-1000 -> {ielnksrch} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgBU1pHGFQTbQkIVF1cFQQbIhRZAwoTDFYVIg4KUglAQwNFdh9aFQQTSEcFME0FCFwEURNNfX9RD10iRFRRI1FvCFcVTkI=&q={searchTerms}
BHO: No Name -> {1036AD63-AEAC-460B-9060-C96005D4DC86} -> No File
BHO-x32: No Name -> {1036AD63-AEAC-460B-9060-C96005D4DC86} -> No File
BHO-x32: Find Search Window -> {39049009-b87a-49f2-9434-9ed790347db2} -> C:\Program Files (x86)\Find Search Window\Extensions\39049009-b87a-49f2-9434-9ed790347db2.dll => No File
BHO-x32: No Name -> {A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} -> No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Page: Default -> search.mpc.am
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCeQtbVwAQERgTcAxcTA1AGVcOIVsLAxQSF1cUcgoIUFtHRwMFIk0FA1oDB0VXfV5bFElXTwhlKVdcMlwQU1ZLF1BWBVYG"
CHR StartupUrls: Default -> "search.mpc.am"
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgBU1pHGFQTbQkIVF1cFQQbIhRZAwoTDFYVIg4KUglAQwNFdh9aFQQTQkcFME0FBloEURNNfX9RD10iRFRRI1FvCFcVTkI=&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFQacloOWFhBDAUTdV0VVQhJQxhCIgpaTFpHQwIRcwkJAw8XFxNBNARaAktXUUEeJ1pNER8fHHNKLl1rBFgDQl10KVdcDk4=
R2 MPCProtectService; C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe [348640 2016-02-25] (DotC United Inc)
R2 Tojryn; C:\Users\Matt\AppData\Roaming\CujjocForre\Rucgh.exe [125768 2016-02-25] ()
S2 Cotruwbo; "C:\Users\Matt\AppData\Roaming\ZipliFujri\Cynmo.exe" -cms [X]
S2 FlashBeat; C:\ProgramData\FlashBeat\FlashBeat.exe -s [X]
R2 gihucimizbt; C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31\knsr63F9.tmpfs [X]
S2 Zonekix; C:\ProgramData\\Zonekix\\Zonekix.exe shuz -f "C:\ProgramData\\Zonekix\\Zonekix.dat" -l -a
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R1 MPCKpt; C:\Windows\System32\DRIVERS\MPCKpt.sys [59112 2016-02-25] (DotC United Inc)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
2016-04-18 06:42 - 2016-04-18 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
2016-04-14 20:06 - 2016-04-14 20:06 - 00000000 ____D C:\ProgramData\{04064df8-312c-0}
2016-04-14 20:06 - 2016-04-14 20:06 - 00000000 ____D C:\ProgramData\{029f50aa-612c-0}
2016-04-14 20:06 - 2016-04-14 20:06 - 00000000 ____D C:\ProgramData\{0081baf8-112c-1}
2016-04-18 06:42 - 2016-02-25 20:28 - 00000000 ____D C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31
2016-04-18 06:42 - 2013-06-09 14:33 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2016-04-18 06:42 - 2013-01-25 00:02 - 00000354 _____ C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2016-04-14 20:11 - 2016-02-25 20:26 - 00000000 ____D C:\Program Files (x86)\MPC Cleaner
2016-04-14 20:06 - 2016-02-25 20:18 - 00000000 ____D C:\ProgramData\34152ec7-7f45-1
2016-04-14 20:06 - 2016-02-25 20:18 - 00000000 ____D C:\ProgramData\34152ec7-4325-0
2016-04-14 13:45 - 2016-02-25 20:58 - 00000000 ____D C:\ProgramData\Service1291
2015-07-24 12:09 - 2015-07-24 12:09 - 6420480 _____ () C:\Program Files (x86)\GUTC034.tmp
2016-02-25 23:34 - 2016-02-25 23:33 - 0762880 _____ () C:\Users\Matt\AppData\Roaming\Lat-Core.exe
2016-02-25 23:34 - 2016-02-25 23:34 - 0072722 _____ () C:\Users\Matt\AppData\Roaming\Lat-Core.tst
2016-02-25 23:34 - 2016-02-25 23:33 - 0762880 _____ () C:\Users\Matt\AppData\Roaming\Triogois.exe
2016-02-25 23:34 - 2016-02-25 23:34 - 1894360 _____ () C:\Users\Matt\AppData\Roaming\Triogois.tst
Task: {052B47E0-3557-4B5E-8860-7E7D273327A1} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {0C972CE2-51C7-4A3C-AEC5-1219CFB0BF4E} - System32\Tasks\psv_Fixtrax => /c regedit.exe /s "C:\ProgramData\Zonekix\LatDom.reg" &amp; del "C:\ProgramData\Zonekix\LatDom.reg" &amp; SCHTASKS /Delete /TN "psv_Fixtrax" /F <==== ATTENTION
Task: {2F94941D-0344-439C-948C-2FED69524E49} - System32\Tasks\{FCEE44CB-9293-429C-B27B-5745C203D2BF} => pcalua.exe -a "C:\Program Files (x86)\AVG Secure Search\UNINSTALL.exe" -c /PROMPT /UNINSTALL
Task: {31D3C94B-145E-476A-9190-F21436175AA9} - System32\Tasks\DSRWJGBRDDKLIIIU => C:\ProgramData\Service1291\Service1291.exe <==== ATTENTION
Task: {3D58F38A-1596-4B6D-BB68-C4F13005246B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {54BBE10B-D7E7-4A96-B837-F343AA3EF7F8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {6047B883-88F8-4191-8499-1F5C288295A0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {68D73A36-270A-4331-8098-C7B1BE879082} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{3D1F8965-EEAD-4716-B145-26F920479439}.exe
Task: {6DE9DD28-0358-4138-916D-5AE9D870C038} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {724E2CAB-7EB8-4F8C-B4BA-D4452350C89B} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {8314F210-392E-4D50-A4AE-F018382CDA60} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {ABF7F4AC-AF45-435A-AD6B-5990B11F649F} - System32\Tasks\Folosupl => C:\PROGRA~1\GROOVE~1\Rupose.bat <==== ATTENTION
Task: {AD51FA3D-0A18-4CCF-AF29-455D02EE65F5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B4534267-0750-4239-A319-163C8587A5EF} - System32\Tasks\Ugadopiw => C:\PROGRA~1\GROOVE~2\Jefujh.bat <==== ATTENTION
Task: {BCD5DE66-7279-4F2A-A581-D7A8AED16E31} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C5E21505-D003-46F3-81B3-D239396BAE38} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CE880D33-382B-44DD-8AA4-BAC7138A8C5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D47041F5-5C71-4E24-8D4B-197EEFEE65C0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F7D791BD-4D2C-4276-86C5-06E1A04077F4} - System32\Tasks\IBUpd => C:\Users\Matt\AppData\Local\TheBrowser\Application\updater.exe <==== ATTENTION
Task: {FC7D8493-7CCF-4202-947B-D44197BF6598} - System32\Tasks\{4741D3DE-3E67-4DC6-8740-00149F786A23} => pcalua.exe -a C:\Users\Matt\AppData\Local\{58CF6E93-7C67-022B-11FF-27C33597DB5B}\uninstall.exe -c /Uninstall /s /noun /DelSelfDir
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{3D1F8965-EEAD-4716-B145-26F920479439}.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G2Qzftptn095001,0f54d3c6-8b72-4575-83b6-af190a6dcd0e,
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G2Qzftptn095001,0f54d3c6-8b72-4575-83b6-af190a6dcd0e,
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> %SNP%
ShortcutWithArgument: C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk -> C:\program files\internet explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www%2dmysearch.com/?prd=set_epc&s=G2Qzftptn095001,0f54d3c6-8b72-4575-83b6-af190a6dcd0e,
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> %SNP%
2016-02-25 19:24 - 2016-02-25 19:24 - 00214016 _____ () C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31\knsr63F9.tmpfs
2016-02-25 19:41 - 2016-02-25 19:41 - 00125768 _____ () C:\Users\Matt\AppData\Roaming\CujjocForre\Rucgh.exe
2016-02-25 20:42 - 2016-02-25 20:42 - 00014336 _____ () C:\Users\Matt\AppData\Local\Dynamation\Dynamation.exe
2016-02-25 19:41 - 2016-02-25 20:40 - 00173384 _____ () C:\Users\Matt\AppData\Roaming\CujjocForre\Uwukdut.din
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: sfc /scanfile=C:\Windows\system32\dnsapi.dll
CMD: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll
RemoveProxy:
Hosts:
CMD: bitsadmin /reset /allusers
EmptyTemp:




*****************

Restore point was successfully created.
[1732] C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31\knsr63F9.tmpfs => process closed successfully.
C:\Program Files (x86)\MPC Cleaner\MPCProtectService.exe => Could not close process
[2516] C:\Users\Matt\AppData\Roaming\CujjocForre\Rucgh.exe => process closed successfully.
C:\Program Files (x86)\MPC Cleaner\MPCTray.exe => No running process found
C:\Program Files (x86)\MPC Cleaner\MPCTray64.exe => No running process found
[7100] C:\Users\Matt\AppData\Local\Dynamation\Dynamation.exe => process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_037010249 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\win_en_77 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mpck_en_005030249 => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\sun13 => value removed successfully
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Chromium => value removed successfully
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dynamation => value removed successfully
"C:\ProgramData\Zonekix\Blackdondax.dll" => Value data removed successfully.
"C:\ProgramData\Zonekix\Zathtam.dll" => Value data removed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-1748121237-3943246308-539808196-1000\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch" => key removed successfully
HKCR\CLSID\OldSearch => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\OldSearch => key not found.
HKCR\CLSID\OldSearch => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch => key not found.
HKCR\Wow6432Node\CLSID\ielnksrch => key not found.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B021500A-8A1F-46E6-B5D6-22C6BDE38747} => key not found.
HKCR\CLSID\{B021500A-8A1F-46E6-B5D6-22C6BDE38747} => key not found.
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} => key not found.
HKCR\CLSID\{ielnksrch} => key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} => key not found.
HKCR\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1036AD63-AEAC-460B-9060-C96005D4DC86} => key not found.
HKCR\Wow6432Node\CLSID\{1036AD63-AEAC-460B-9060-C96005D4DC86} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39049009-b87a-49f2-9434-9ed790347db2}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{39049009-b87a-49f2-9434-9ed790347db2}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} => key not found.
HKCR\Wow6432Node\CLSID\{A42D2EB4-DD31-4BB5-8AA5-8D4E04806DBE} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully
"HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}" => key removed successfully
Page: Default -> search.mpc.am => Error: No automatic fix found for this entry.
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultNewTabURL => removed successfully
MPCProtectService => Unable to stop service.
MPCProtectService => service could not remove
Tojryn => Unable to stop service.
Tojryn => service removed successfully
Cotruwbo => service removed successfully
FlashBeat => service removed successfully
gihucimizbt => service removed successfully
Zonekix => service removed successfully
avgtp => Unable to stop service.
avgtp => service removed successfully
MPCKpt => Unable to stop service.
MPCKpt => service could not remove
idsvc => service removed successfully
wpcsvc => service removed successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC => moved successfully
C:\ProgramData\{04064df8-312c-0} => moved successfully
C:\ProgramData\{029f50aa-612c-0} => moved successfully
C:\ProgramData\{0081baf8-112c-1} => moved successfully
C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31 => moved successfully
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => moved successfully
C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => moved successfully

"C:\Program Files (x86)\MPC Cleaner" folder move:

Could not move "C:\Program Files (x86)\MPC Cleaner" => Scheduled to move on reboot.

C:\ProgramData\34152ec7-7f45-1 => moved successfully
C:\ProgramData\34152ec7-4325-0 => moved successfully
C:\ProgramData\Service1291 => moved successfully
C:\Program Files (x86)\GUTC034.tmp => moved successfully
C:\Users\Matt\AppData\Roaming\Lat-Core.exe => moved successfully
C:\Users\Matt\AppData\Roaming\Lat-Core.tst => moved successfully
C:\Users\Matt\AppData\Roaming\Triogois.exe => moved successfully
C:\Users\Matt\AppData\Roaming\Triogois.tst => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{052B47E0-3557-4B5E-8860-7E7D273327A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{052B47E0-3557-4B5E-8860-7E7D273327A1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C972CE2-51C7-4A3C-AEC5-1219CFB0BF4E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C972CE2-51C7-4A3C-AEC5-1219CFB0BF4E}" => key removed successfully
C:\WINDOWS\System32\Tasks\psv_Fixtrax => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\psv_Fixtrax" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2F94941D-0344-439C-948C-2FED69524E49}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F94941D-0344-439C-948C-2FED69524E49}" => key removed successfully
C:\WINDOWS\System32\Tasks\{FCEE44CB-9293-429C-B27B-5745C203D2BF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FCEE44CB-9293-429C-B27B-5745C203D2BF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{31D3C94B-145E-476A-9190-F21436175AA9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31D3C94B-145E-476A-9190-F21436175AA9}" => key removed successfully
C:\WINDOWS\System32\Tasks\DSRWJGBRDDKLIIIU => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DSRWJGBRDDKLIIIU" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D58F38A-1596-4B6D-BB68-C4F13005246B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D58F38A-1596-4B6D-BB68-C4F13005246B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{54BBE10B-D7E7-4A96-B837-F343AA3EF7F8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54BBE10B-D7E7-4A96-B837-F343AA3EF7F8}" => key removed successfully
C:\WINDOWS\System32\Tasks\ROC_JAN2013_TB_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ROC_JAN2013_TB_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6047B883-88F8-4191-8499-1F5C288295A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6047B883-88F8-4191-8499-1F5C288295A0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{68D73A36-270A-4331-8098-C7B1BE879082}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68D73A36-270A-4331-8098-C7B1BE879082}" => key removed successfully
C:\WINDOWS\System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG-Secure-Search-Update_JUNE2013_TB_rmv" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6DE9DD28-0358-4138-916D-5AE9D870C038}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6DE9DD28-0358-4138-916D-5AE9D870C038}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{724E2CAB-7EB8-4F8C-B4BA-D4452350C89B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{724E2CAB-7EB8-4F8C-B4BA-D4452350C89B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8314F210-392E-4D50-A4AE-F018382CDA60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8314F210-392E-4D50-A4AE-F018382CDA60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABF7F4AC-AF45-435A-AD6B-5990B11F649F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABF7F4AC-AF45-435A-AD6B-5990B11F649F}" => key removed successfully
C:\WINDOWS\System32\Tasks\Folosupl => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Folosupl" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AD51FA3D-0A18-4CCF-AF29-455D02EE65F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD51FA3D-0A18-4CCF-AF29-455D02EE65F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B4534267-0750-4239-A319-163C8587A5EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4534267-0750-4239-A319-163C8587A5EF}" => key removed successfully
C:\WINDOWS\System32\Tasks\Ugadopiw => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ugadopiw" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BCD5DE66-7279-4F2A-A581-D7A8AED16E31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCD5DE66-7279-4F2A-A581-D7A8AED16E31}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C5E21505-D003-46F3-81B3-D239396BAE38}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5E21505-D003-46F3-81B3-D239396BAE38}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE880D33-382B-44DD-8AA4-BAC7138A8C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE880D33-382B-44DD-8AA4-BAC7138A8C5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D47041F5-5C71-4E24-8D4B-197EEFEE65C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D47041F5-5C71-4E24-8D4B-197EEFEE65C0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7D791BD-4D2C-4276-86C5-06E1A04077F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7D791BD-4D2C-4276-86C5-06E1A04077F4}" => key removed successfully
C:\WINDOWS\System32\Tasks\IBUpd => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\IBUpd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FC7D8493-7CCF-4202-947B-D44197BF6598}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FC7D8493-7CCF-4202-947B-D44197BF6598}" => key removed successfully
C:\WINDOWS\System32\Tasks\{4741D3DE-3E67-4DC6-8740-00149F786A23} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4741D3DE-3E67-4DC6-8740-00149F786A23}" => key removed successfully
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => not found.
C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => not found.
C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => Shortcut argument removed successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet-Explorer Browser.lnk => Shortcut argument removed successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => Shortcut argument removed successfully.
C:\Users\Matt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk => Shortcut argument removed successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk => Shortcut argument removed successfully.
"C:\Program Files (x86)\4C4C4544-1456450086-4610-8034-B7C04F314D31\knsr63F9.tmpfs" => not found.
C:\Users\Matt\AppData\Roaming\CujjocForre\Rucgh.exe => moved successfully
C:\Users\Matt\AppData\Local\Dynamation\Dynamation.exe => moved successfully
C:\Users\Matt\AppData\Roaming\CujjocForre\Uwukdut.din => moved successfully

========= ipconfig /flushdns =========


========= End of CMD: =========


========= ipconfig /release =========


========= End of CMD: =========


========= ipconfig /renew =========


========= End of CMD: =========


========= sfc /scanfile=C:\Windows\system32\dnsapi.dll =========






W i n d o w s R e s o u r c e P r o t e c t i o n f o u n d c o r r u p t f i l e s a n d s u c c e s s f u l l y r e p a i r e d


t h e m . D e t a i l s a r e i n c l u d e d i n t h e C B S . L o g w i n d i r \ L o g s \ C B S \ C B S . l o g . F o r


e x a m p l e C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g . N o t e t h a t l o g g i n g i s c u r r e n t l y n o t


s u p p o r t e d i n o f f l i n e s e r v i c i n g s c e n a r i o s .



========= End of CMD: =========


========= sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========






W i n d o w s R e s o u r c e P r o t e c t i o n f o u n d c o r r u p t f i l e s a n d s u c c e s s f u l l y r e p a i r e d


t h e m . D e t a i l s a r e i n c l u d e d i n t h e C B S . L o g w i n d i r \ L o g s \ C B S \ C B S . l o g . F o r


e x a m p l e C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g . N o t e t h a t l o g g i n g i s c u r r e n t l y n o t


s u p p o r t e d i n o f f l i n e s e r v i c i n g s c e n a r i o s .



========= End of CMD: =========


========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1748121237-3943246308-539808196-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully


========= End of RemoveProxy: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {1B2E5AF7-E491-43FD-AEA9-6218016F6A24}.
Unable to cancel {4520D32E-A512-4A4A-A24B-EB601EF8B8E0}.
Unable to cancel {95AA8445-F05F-460C-B4A1-DAE30FFE5E2C}.
{C9953628-CCF4-45E9-92A6-7DC2D4F833A6} canceled.
{5E17CB2A-CA61-4621-8133-020ADF7BF682} canceled.
{E87532D5-03BC-443E-A6D6-75C5FF58DA28} canceled.
3 out of 6 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 1.8 GB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-04-19 08:29:50)

"C:\Program Files (x86)\MPC Cleaner" => Could not move

==== End of Fixlog 08:29:54 ====
BlueMoon is offline  
Old 04-19-2016, 11:15 PM   #13
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello again BlueMoon,

Thanks for the log. Looks good. But it's not over yet we're going to do. Do you have access to the Internet?

Please do the following.


Please download AdwCleaner from here and save it to your desktop.

Click the green 'Download now @bleepingcomputer' button.
Run AdwCleaner and select Scan
Once the Scan is done, select Cleaning
Once done it will ask to reboot, please allow the reboot.
On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
Please copy/paste the contents of the log in your next reply.
__________________
tekir06 is offline  
Old 04-20-2016, 05:40 AM   #14
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



Here are the results of adwcleaner:
# AdwCleaner v5.112 - Logfile created 20/04/2016 at 06:36:58
# Updated 17/04/2016 by Xplode
# Database : 2016-04-19.5 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Matt - MATT-PC
# Running from : C:\Users\Matt\Desktop\AdwCleaner.exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****

[-] Service Deleted : bsdriver
[-] Service Deleted : MPCProtectService
[-] Service Deleted : MPCKpt
[-] Service Deleted : CloudPrinter

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\SpaceSoundPro
[-] Folder Deleted : C:\Program Files\groover260220160239
[-] Folder Deleted : C:\Program Files (x86)\DailyPcClean Support
[#] Folder Deleted : C:\Program Files (x86)\MPC Cleaner
[-] Folder Deleted : C:\Program Files (x86)\Note-up
[-] Folder Deleted : C:\Program Files (x86)\TorrentHandler
[-] Folder Deleted : C:\Program Files (x86)\S5
[-] Folder Deleted : C:\Program Files (x86)\Common Files\9011da05-e9b9-4ea3-908a-41ecab4aad65
[-] Folder Deleted : C:\ProgramData\CloudPrinter
[-] Folder Deleted : C:\ProgramData\41872b28
[-] Folder Deleted : C:\ProgramData\504355d1-2fe1-0
[-] Folder Deleted : C:\ProgramData\504355d1-4d27-1
[-] Folder Deleted : C:\ProgramData\9011da05-e9b9-4ea3-908a-41ecab4aad65
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[#] Folder Deleted : C:\ProgramData\Application Data\CloudPrinter
[#] Folder Deleted : C:\ProgramData\Application Data\41872b28
[#] Folder Deleted : C:\ProgramData\Application Data\504355d1-2fe1-0
[#] Folder Deleted : C:\ProgramData\Application Data\504355d1-4d27-1
[#] Folder Deleted : C:\ProgramData\Application Data\9011da05-e9b9-4ea3-908a-41ecab4aad65
[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0814tb
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC
[-] Folder Deleted : C:\Users\Matt\AppData\Local\TheBrowser
[-] Folder Deleted : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nodbiilmkkgbfmljnjnefnhbdflbfjec
[-] Folder Deleted : C:\Users\Matt\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Matt\AppData\LocalLow\ShopAtHome
[-] Folder Deleted : C:\Users\Matt\AppData\Roaming\Note-up
[-] Folder Deleted : C:\WINDOWS\Quicky Translator

***** [ Files ] *****

[-] File Deleted : C:\Users\Public\Desktop\MPC Cleaner.lnk
[#] File Deleted : C:\WINDOWS\SysNative\drivers\MPCKpt.sys
[-] File Deleted : C:\WINDOWS\SysWOW64\findit.xml

***** [ DLLs ] *****

[-] File Disinfected : C:\WINDOWS\System32\dnsapi.dll
[-] File Disinfected : C:\WINDOWS\SysWOW64\dnsapi.dll

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]
[-] Key Deleted : HKLM\SOFTWARE\Classes\.AAC\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.aifc\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.ape\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.au\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.cda\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.flv\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.m1v\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.m4e\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.midi\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.mkv\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.mp2\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.mp3\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.mpa\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.mpeg\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.mpv2\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.ram\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.rmi\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.snd\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.vob\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.wm\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.WMD\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\.wmx\OpenWithList\iMesh.exe
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ShopAtHomeHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AudioCD\shell\PlayWithiMesh
[-] Key Deleted : HKLM\SOFTWARE\Classes\DesktopBackground\Shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\Background\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Classes\Directory\shell\Add event reminder
[-] Key Deleted : HKLM\SOFTWARE\Clients\StartMenuInternet\Torch
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Stpro.exe
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E
[-] Key Deleted : HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\TheBrowser.exe
[-] Value Deleted : HKCU\Environment [SNF]
[-] Value Deleted : HKCU\Environment [SNP]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{41872b28}
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMesh.LauncherEventHandler
[-] Key Deleted : HKLM\SOFTWARE\Classes\iMesh.LauncherEventHandler.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\IMWeb.IMWebControl.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.CookiesManager.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.hxxpHandle302
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.hxxpHandle302.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker
[-] Key Deleted : HKLM\SOFTWARE\Classes\ShopAtHomeHelper.PostUrlWorker.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper
[-] Key Deleted : HKLM\SOFTWARE\Classes\WMHelperiMesh.WMHelper.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKCU\Software\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E65CDDB-BB80-4C5D-8B07-5E280CCABC15}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9912DD71-1FDF-455B-99D3-D690A1C607D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08613A51-6E3E-43CC-9ECF-DD58B5837341}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{153EDC41-A2CC-4BEB-9EC8-008242389E50}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{188028B8-D91D-4BE2-BABA-68E32BDE4420}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{28E74F15-18C2-465E-B545-6CC738121C68}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2BF6042B-B9B1-46D9-A3F8-9C987FADD4C6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A222E2-93B1-45F9-9B07-0D1160A31A6C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6325A84C-E746-4007-A9C5-E4C1A50ED61F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9BCA87A0-5B8F-4500-A5AF-EA1279714FDF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB17DE65-B548-48C2-AC73-1FD1996C7261}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C77D3EEF-FDCA-4D37-B0D2-5FF650E07825}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA70EB31-CBAD-4862-AFDA-DCFCC32722ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC9100F8-5918-4F1B-9CC1-4D34A64E0FE0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1A1ABE3-F454-4DD9-B520-01F2EEC5F0DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{40A61B9E-B111-46EE-A1F2-C1100192BA48}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FF10FED-2F0A-4F7F-BE87-B04F1DCD4319}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9582D7B-F24A-441D-9D26-450D58F3CD17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EE0D8859-2ED4-4B0D-9812-16865B9AFD65}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3410FAE2-3D40-4702-8D4A-2F13A258082A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{75FB7C11-2C71-482F-8731-B15273A79CAE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{14EF423E-3EE8-44AE-9337-07AC3F27B744}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{76481128-CCDC-4073-8F65-B06F23B138FC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{769B99BC-1E1F-4BF8-80EA-030766FF47A6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKCU\Software\BrowserAir
[-] Key Deleted : HKCU\Software\DAILYPCCLEAN
[-] Key Deleted : HKCU\Software\Microsoft\Tinstalls
[-] Key Deleted : HKCU\Software\PRODUCTSETUP
[-] Key Deleted : HKCU\Software\MICROSOFT\OTUT
[-] Key Deleted : HKCU\Software\mtZonekix
[-] Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\groover260220160239
[-] Key Deleted : HKCU\Software\AppDataLow\Software\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\{3BDFD1D7-7A9B-4D29-80B3-D00E66E62885}
[-] Key Deleted : HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : HKLM\SOFTWARE\MPC
[-] Key Deleted : HKLM\SOFTWARE\mtZonekix
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[-] Key Deleted : [x64] HKLM\SOFTWARE\FlashBeat
[-] Key Deleted : [x64] HKLM\SOFTWARE\TheBrowser
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{E1527582-8509-4011-B922-29E3FB548882}_is1
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\DataMngr
[-] Key Deleted : HKU\.DEFAULT\Software\DefaultTab
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\DefaultTab
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1748121237-3943246308-539808196-1000\Software\groover260220160239
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{0A5B203F-A736-401E-9F6A-2F694F81235C}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{ABC1428B-9CDA-414A-BFF8-3A1C76BC1618}]
[-] Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6F9BE211-01FE-43BB-AADB-3653F9E6B249}]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0d536d49-a0bb-4c1e-8d48-b3937d764934} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{0f175a53-46f4-4ccb-a05d-5ce2329c8c0e} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{10c92548-b393-4b09-b3d1-f7ab2d512448} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{2c5889e9-a37c-40e5-b676-e90d617bfcf8} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{428e7eda-581b-11e5-9bc2-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{6bb4f047-2706-11e5-9bbe-806e6f6e6963} [NameServer]
[-] Data Restored : HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{7ef9cf75-ff17-4f47-ad3b-e3f0ffe7cc3d} [NameServer]
[-] Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[#] Value Deleted : HKU\S-1-5-21-1748121237-3943246308-539808196-1000\Software\Microsoft\Windows\CurrentVersion\Run [Itibiti.exe]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Note-up]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SpaceSoundPro]
[-] Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [IDSCPRODUCT]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [13735 bytes] - [20/04/2016 06:36:58]
C:\AdwCleaner\AdwCleaner[R0].txt - [26090 bytes] - [17/04/2016 13:09:41]
C:\AdwCleaner\AdwCleaner[R1].txt - [25787 bytes] - [17/04/2016 13:29:13]
C:\AdwCleaner\AdwCleaner[R2].txt - [1091 bytes] - [17/04/2016 18:57:22]
C:\AdwCleaner\AdwCleaner[S0].txt - [801 bytes] - [17/04/2016 13:26:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [37642 bytes] - [17/04/2016 13:39:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1155 bytes] - [17/04/2016 1925]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [14249 bytes] ##########


I see that it says it deleted mpc cleaner however is is still there. So is SafeFnder.
BlueMoon is offline  
Old 04-20-2016, 05:49 AM   #15
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello

Did you restart the computer after the AdwCleaner? Do you have access to the Internet?

Please do the following.

Please download Malwarebytes Anti-Malware and save it to your desktop.

Double-click mbam-setup-2.2.1.1043.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:

  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.
At the end of the installation, a database update will be performed.
Click on Scan Now.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
In most cases, a restart will be required and a prompt will be shown.
Wait for the prompt to restart the computer to appear, then click on Yes.

Posting the Malwarebytes log:

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the scan log which shows the Date and time of the scan just performed.
Click Export.
Click Text file (*.txt)
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named File Saved should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.
__________________
tekir06 is offline  
Old 04-20-2016, 09:48 AM   #16
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



Attached are the results of the malwarebytes scan.
Attached Files
File Type: txt Bytesresults.txt (1.0 KB, 32 views)
BlueMoon is offline  
Old 04-21-2016, 04:56 AM   #17
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello BlueMoon,

Thanks for the log. MBAM log looks good. Please re-run FRST tool and attach fresh logs.
__________________
tekir06 is offline  
Old 04-21-2016, 06:56 AM   #18
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



Attached is the last scan from this morning
Attached Files
File Type: txt FRST.txt (22.6 KB, 21 views)
BlueMoon is offline  
Old 04-21-2016, 11:15 PM   #19
Security Team
Analyst
 
tekir06's Avatar
 
Join Date: Oct 2010
Location: Turkiye
Posts: 1,859
OS: Windows 7 (32 Bit)



Hello BlueMoon,

You didn't attach Addition.txt. Please attach Addition.txt
__________________
tekir06 is offline  
Old 04-22-2016, 04:45 AM   #20
Registered Member
 
Join Date: Nov 2005
Posts: 48
OS: Win XP



So sorry. I thought it was only for the first time. Sorry I take hours o reply...your responses come in between 1 and 5 am when I am sleeping...
Here are the final posts attached.

Thank you again for your help!
Attached Files
File Type: txt Addition.txt (25.1 KB, 20 views)
File Type: txt FRST.txt (22.3 KB, 26 views)
BlueMoon is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Computer Freezing Issue - Sorry to bother everyone :-(
Hey everyone. I'm dealing with a really bad computer freezing issue. No BSOD issue or slow processing issue, just a really annoying freezing issue. First off here are my specs: SSD: 128GB OCZ Vertex 3 HDDs:1 TB Seagate 7200 SATA 3 (Windows Drive) 2 TB Seagate Green 500 GB Seagate 7200 ...
foxman09 BSOD, App Crashes And Hangs 31 09-20-2012 04:04 AM
Looking to get better quality on my scans
I have HP C4180 All-in-one (print, scan, copy) Right now I'm trying to scan a yearbook that I never got myself, back when I was in middle school. I want to scan the whole thing and return it to the owner, who has not had it in months. Only thing is, I don't want the quality to be bad as I probably...
PC person Printer Support 4 06-15-2011 06:02 PM
XP Internet Connectivity Issue... Please help!
Okay... so, I've had this cheap laptop for a year and a half. It's actually been great so far, and I've never had any issues with it. Unfortunately, I am now posting from my desktop, in the hopes that one of you fantastic tech support gurus can help me. :pray: I'm having an issue connecting...
MCBeef Windows XP Support 1 03-14-2011 04:56 PM
Xbox Live Connection Issue (still works but odd issue)
I've had this issue for quite some time now, and I think it may be due to recovering my gamertag on a different console, switching harddrive and doing a recovery, or just switching my Xbox in general. So here is my issue: everytime I turn on my Xbox it will automatically sign me into Xbox live...
KingMiedus Online/Network Gaming Support 5 01-30-2011 01:51 PM
[SOLVED] HEADSET ISSUE: I hear my voice in my headphones.
I have XP 32-bit. The headset i am having problems with is called the Razer Carcharias. (yes, i have installed the appropriate drivers, please dont go there, i know you mean well but trust me.) HERES MY PROBLEM: Somehow, the sound going into my mic is being transmitted through my headset. As a...
Pez Dex Other Hardware Support 9 01-26-2011 02:28 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:26 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts