Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

One last one, most likely some adware.


  • This topic is locked This topic is locked
17 replies to this topic

#1 marsspeaks

marsspeaks

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 12 January 2016 - 12:31 AM

Hi, just want to clear this computer of PUPs or the like. Keep in mind this is not a computer not used by me most of the time but they are letting me post this and do scans.

 

I know they complained about flash player sometimes and are known to click links they shouldn't probably click.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by jrz (administrator) on JR (11-01-2016 23:21:54)
Running from C:\Users\jrz\Desktop
Loaded Profiles: jrz (Available Profiles: jrz)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
() C:\Program Files\WindowsApps\Microsoft.CommsPhone_2.12.14001.0_x64__8wekyb3d8bbwe\CallsApp.exe
() C:\Program Files\WindowsApps\Microsoft.Getstarted_2.6.12.0_x64__8wekyb3d8bbwe\WhatsNew.Store.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.36020.0_x64__8wekyb3d8bbwe\Calculator.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Microsoft Inc.) C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_3.7.1041.0_x64__8wekyb3d8bbwe\Solitaire.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\...\MountPoints2: {7606a3e9-7fca-11e5-82bd-74e6e209dd54} - "E:\SETUP.EXE" 
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{41bcc153-ab7f-42a2-bba6-8f408bcb9796}: [DhcpNameServer] 172.5.1.171
Tcpip\..\Interfaces\{c97cc6aa-533c-440d-9797-58aa5a3b6298}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pch.com/
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKLM -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jrz\AppData\Roaming\Mozilla\Firefox\Profiles\goedbi4j.default
FF Homepage: hxxp://frontpage.pch.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4014343086-3611739078-916112099-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jrz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-4014343086-3611739078-916112099-1002: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\jrz\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Users\jrz\AppData\Roaming\Mozilla\Firefox\Profiles\goedbi4j.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-31]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-01] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-12-01] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-11-01] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-12-01] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57032 2015-07-16] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 23:21 - 2016-01-11 23:23 - 00020401 _____ C:\Users\jrz\Desktop\FRST.txt
2016-01-11 23:21 - 2016-01-11 23:21 - 02370560 _____ (Farbar) C:\Users\jrz\Desktop\FRST64.exe
2016-01-11 23:21 - 2016-01-11 23:21 - 00000000 ____D C:\FRST
2016-01-07 16:29 - 2016-01-08 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 06:58 - 2016-01-06 08:12 - 00000000 ____D C:\Users\jrz\Desktop\fatty
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\Users\jrz\AppData\Roaming\ScummVM
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\Program Files (x86)\ScummVM
2016-01-06 06:56 - 2016-01-06 06:56 - 07238761 _____ (The ScummVM Team ) C:\Users\jrz\Downloads\scummvm-1.7.0-win32.exe
2016-01-02 14:39 - 2016-01-02 14:39 - 00000000 ___HD C:\OneDriveTemp
2015-12-22 10:31 - 2015-12-02 17:19 - 00000030 _____ C:\AVScanner.ini
2015-12-22 08:04 - 2015-12-22 08:04 - 03885338 _____ C:\Users\jrz\Documents\Dec.xlms.xlsm
2015-12-20 16:05 - 2015-12-20 16:05 - 00001157 _____ C:\Users\jrz\Downloads\adServerESI (2).js
2015-12-20 16:05 - 2015-12-20 16:05 - 00001157 _____ C:\Users\jrz\Downloads\adServerESI (1).js
2015-12-20 04:49 - 2015-12-20 04:49 - 00002497 _____ C:\Users\jrz\Downloads\adServerESI.js
2015-12-17 20:52 - 2015-12-06 21:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-17 20:51 - 2015-12-06 22:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-17 20:51 - 2015-12-06 22:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-17 20:51 - 2015-12-06 22:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-17 20:51 - 2015-12-06 22:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-17 20:51 - 2015-12-06 21:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-17 20:51 - 2015-12-06 21:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-17 20:51 - 2015-12-06 21:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-17 20:51 - 2015-12-06 21:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-17 20:50 - 2015-12-06 22:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-17 20:50 - 2015-12-06 22:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-17 20:50 - 2015-12-06 22:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-17 20:50 - 2015-12-06 22:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-17 20:50 - 2015-12-06 22:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-17 20:50 - 2015-12-06 22:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-17 20:50 - 2015-12-06 22:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-17 20:50 - 2015-12-06 22:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-17 20:50 - 2015-12-06 22:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-17 20:50 - 2015-12-06 22:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-17 20:50 - 2015-12-06 22:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-17 20:50 - 2015-12-06 22:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-17 20:50 - 2015-12-06 22:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-17 20:50 - 2015-12-06 21:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-17 20:50 - 2015-12-06 21:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-17 20:50 - 2015-12-06 21:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-17 20:50 - 2015-12-06 21:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-17 20:50 - 2015-12-06 21:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-17 20:50 - 2015-12-06 21:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-17 20:50 - 2015-12-06 21:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-17 20:50 - 2015-12-06 21:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-17 20:50 - 2015-12-06 21:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-17 20:49 - 2015-12-06 22:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-17 20:49 - 2015-12-06 22:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-17 20:49 - 2015-12-06 22:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-17 20:49 - 2015-12-06 22:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-17 20:49 - 2015-12-06 22:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-17 20:49 - 2015-12-06 22:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-17 20:49 - 2015-12-06 22:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-17 20:49 - 2015-12-06 22:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-17 20:49 - 2015-12-06 22:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-17 20:49 - 2015-12-06 22:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-17 20:49 - 2015-12-06 22:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-17 20:49 - 2015-12-06 22:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-17 20:49 - 2015-12-06 22:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-17 20:49 - 2015-12-06 22:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-17 20:49 - 2015-12-06 22:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-17 20:49 - 2015-12-06 22:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-17 20:49 - 2015-12-06 22:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-17 20:49 - 2015-12-06 21:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-17 20:49 - 2015-12-06 21:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-17 20:49 - 2015-12-06 21:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-17 20:49 - 2015-12-06 21:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-17 20:49 - 2015-12-06 21:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-17 20:49 - 2015-12-06 21:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-17 20:49 - 2015-12-06 21:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-17 20:49 - 2015-12-06 21:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-17 20:49 - 2015-12-06 21:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-17 20:49 - 2015-12-06 21:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-17 20:49 - 2015-12-06 21:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-17 20:49 - 2015-12-06 21:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-17 20:49 - 2015-12-06 21:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-17 20:49 - 2015-12-06 21:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-17 20:49 - 2015-12-06 21:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-17 20:49 - 2015-12-06 21:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 20:48 - 2015-12-06 22:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-17 20:48 - 2015-12-06 22:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-17 20:48 - 2015-12-06 22:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-17 20:48 - 2015-12-06 22:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-17 20:48 - 2015-12-06 22:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-17 20:48 - 2015-12-06 22:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-17 20:48 - 2015-12-06 22:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-17 20:48 - 2015-12-06 21:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-17 20:48 - 2015-12-06 21:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-17 20:48 - 2015-12-06 21:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-17 20:48 - 2015-12-06 21:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-17 20:48 - 2015-12-06 21:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-17 20:48 - 2015-12-06 21:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-17 20:48 - 2015-12-06 21:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-17 20:47 - 2015-12-06 22:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-17 20:47 - 2015-12-06 22:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-17 20:47 - 2015-12-06 22:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-17 20:47 - 2015-12-06 22:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-17 20:47 - 2015-12-06 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-11 23:22 - 2015-06-30 05:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-11 23:21 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
2016-01-11 23:13 - 2015-03-17 18:29 - 00000000 ____D C:\ProgramData\MFAData
2016-01-11 21:44 - 2015-09-12 12:29 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-11 20:14 - 2015-09-22 07:48 - 00000000 ____D C:\Users\jrz\AppData\LocalLow\Temp
2016-01-11 18:07 - 2015-03-05 03:30 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C28AF5F7-F097-418F-B992-2C55E45C372D}
2016-01-11 17:07 - 2015-06-29 22:07 - 00000452 _____ C:\WINDOWS\Tasks\EasyBank.job
2016-01-11 16:44 - 2015-09-12 12:29 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-11 13:38 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-11 13:38 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-09 23:45 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2016-01-09 17:51 - 2015-10-30 00:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-08 20:29 - 2015-06-30 04:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-07 16:34 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-02 19:40 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 19:40 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 14:39 - 2015-07-29 20:43 - 00000000 ___RD C:\Users\jrz\OneDrive
2016-01-02 14:20 - 2015-10-13 12:04 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-01-02 14:19 - 2015-12-03 03:28 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-02 14:19 - 2015-07-29 20:37 - 00000000 __SHD C:\Users\jrz\IntelGraphicsProfiles
2016-01-02 14:18 - 2015-12-03 04:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-02 14:18 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMS.job
2016-01-02 14:17 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-27 13:12 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-27 13:12 - 2015-07-29 20:28 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-20 16:28 - 2015-12-03 03:31 - 00000000 ____D C:\Users\jrz
2015-12-19 13:47 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-18 01:17 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-18 01:17 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-18 01:17 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-15 18:47 - 2015-09-12 12:30 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-14 15:39 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-14 15:26 - 2015-12-03 03:23 - 00342448 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-14 15:23 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-14 15:23 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-14 10:34 - 2014-09-19 18:24 - 00000000 ____D C:\Program Files (x86)\Dell
2015-12-14 10:34 - 2014-09-19 18:21 - 00000000 ____D C:\ProgramData\DELL
2015-12-14 03:33 - 2015-09-16 23:24 - 00000000 ___RD C:\Users\jrz\3D Objects
2015-12-14 03:30 - 2015-07-29 20:43 - 00002393 _____ C:\Users\jrz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-13 09:52 - 2015-03-10 19:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-13 09:26 - 2015-03-10 19:15 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2015-12-03 03:26 - 2015-12-03 03:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-28 17:03 - 2015-07-28 17:03 - 0001653 _____ () C:\ProgramData\tempimage.bmp
2014-09-19 18:09 - 2014-09-19 18:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-19 18:05 - 2014-09-19 18:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-19 18:06 - 2014-09-19 18:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-19 18:08 - 2014-09-19 18:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-19 18:05 - 2014-09-19 18:05 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-06 08:44
 
==================== End of FRST.txt ============================

Attached Files


Edited by marsspeaks, 12 January 2016 - 12:35 AM.


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 17 January 2016 - 12:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/602001 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 18 January 2016 - 03:58 AM

Yes, I would still like to ensure my computer is adware free as I do think some was installed and would like to remove it.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-01-2015
Ran by jrz (administrator) on JR (18-01-2016 02:51:52)
Running from C:\Users\jrz\Desktop
Loaded Profiles: jrz (Available Profiles: jrz)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\...\MountPoints2: {7606a3e9-7fca-11e5-82bd-74e6e209dd54} - "E:\SETUP.EXE" 
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{41bcc153-ab7f-42a2-bba6-8f408bcb9796}: [DhcpNameServer] 172.5.1.171
Tcpip\..\Interfaces\{c97cc6aa-533c-440d-9797-58aa5a3b6298}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pch.com/
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKLM -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jrz\AppData\Roaming\Mozilla\Firefox\Profiles\goedbi4j.default
FF Homepage: hxxp://frontpage.pch.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4014343086-3611739078-916112099-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jrz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-4014343086-3611739078-916112099-1002: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\jrz\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Users\jrz\AppData\Roaming\Mozilla\Firefox\Profiles\goedbi4j.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-31]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-01] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-12-01] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-11-01] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-12-01] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57032 2015-07-16] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-18 02:51 - 2016-01-18 02:53 - 00020096 _____ C:\Users\jrz\Desktop\FRST.txt
2016-01-18 02:51 - 2016-01-18 02:51 - 02370560 _____ (Farbar) C:\Users\jrz\Desktop\FRST64.exe
2016-01-18 02:48 - 2016-01-18 02:48 - 00000000 ___HD C:\OneDriveTemp
2016-01-11 23:21 - 2016-01-18 02:51 - 00000000 ____D C:\FRST
2016-01-07 16:29 - 2016-01-18 02:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 06:58 - 2016-01-06 08:12 - 00000000 ____D C:\Users\jrz\Desktop\fatty
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\Users\jrz\AppData\Roaming\ScummVM
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\Program Files (x86)\ScummVM
2016-01-06 06:56 - 2016-01-06 06:56 - 07238761 _____ (The ScummVM Team ) C:\Users\jrz\Downloads\scummvm-1.7.0-win32.exe
2015-12-22 10:31 - 2015-12-02 17:19 - 00000030 _____ C:\AVScanner.ini
2015-12-22 08:04 - 2015-12-22 08:04 - 03885338 _____ C:\Users\jrz\Documents\Dec.xlms.xlsm
2015-12-20 16:05 - 2015-12-20 16:05 - 00001157 _____ C:\Users\jrz\Downloads\adServerESI (2).js
2015-12-20 16:05 - 2015-12-20 16:05 - 00001157 _____ C:\Users\jrz\Downloads\adServerESI (1).js
2015-12-20 04:49 - 2015-12-20 04:49 - 00002497 _____ C:\Users\jrz\Downloads\adServerESI.js
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-18 02:53 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-18 02:51 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-18 02:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-18 02:49 - 2015-10-30 00:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-18 02:49 - 2015-03-17 18:29 - 00000000 ____D C:\ProgramData\MFAData
2016-01-18 02:49 - 2015-03-05 03:30 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C28AF5F7-F097-418F-B992-2C55E45C372D}
2016-01-18 02:48 - 2015-07-29 20:43 - 00000000 ___RD C:\Users\jrz\OneDrive
2016-01-18 02:47 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-18 02:44 - 2015-12-03 03:28 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-18 02:44 - 2015-09-12 12:29 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-18 02:44 - 2015-09-12 12:29 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-18 02:44 - 2015-07-29 20:37 - 00000000 __SHD C:\Users\jrz\IntelGraphicsProfiles
2016-01-18 02:43 - 2015-12-03 04:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-18 02:43 - 2015-06-30 04:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-18 02:43 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMS.job
2016-01-18 02:42 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-18 02:42 - 2015-10-13 12:04 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-01-11 23:45 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2016-01-11 23:25 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
2016-01-11 23:22 - 2015-06-30 05:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-11 20:14 - 2015-09-22 07:48 - 00000000 ____D C:\Users\jrz\AppData\LocalLow\Temp
2016-01-11 17:07 - 2015-06-29 22:07 - 00000452 _____ C:\WINDOWS\Tasks\EasyBank.job
2016-01-02 19:40 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 19:40 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-27 13:12 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-27 13:12 - 2015-07-29 20:28 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-20 16:28 - 2015-12-03 03:31 - 00000000 ____D C:\Users\jrz
 
==================== Files in the root of some directories =======
 
2015-12-03 03:26 - 2015-12-03 03:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-28 17:03 - 2015-07-28 17:03 - 0001653 _____ () C:\ProgramData\tempimage.bmp
2014-09-19 18:09 - 2014-09-19 18:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-19 18:05 - 2014-09-19 18:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-19 18:06 - 2014-09-19 18:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-19 18:08 - 2014-09-19 18:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-19 18:05 - 2014-09-19 18:05 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-06 08:44
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by jrz (2016-01-18 02:54:27)
Running from C:\Users\jrz\Desktop
Windows 10 Home (X64) (2015-12-03 10:14:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4014343086-3611739078-916112099-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4014343086-3611739078-916112099-503 - Limited - Disabled)
Guest (S-1-5-21-4014343086-3611739078-916112099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4014343086-3611739078-916112099-1004 - Limited - Enabled)
jrz (S-1-5-21-4014343086-3611739078-916112099-1002 - Administrator - Enabled) => C:\Users\jrz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus 2015 (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4492 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
Canon MP250 series User Registration (HKLM-x32\...\Canon MP250 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DISH Anywhere Video Player (HKLM-x32\...\{D180F2F3-9CD4-4867-A221-D81C725D8045}) (Version: 2.24.2 - DISH Anywhere)
DISH Anywhere Video Player Installer (x32 Version: 0.0.0.236 - Sling Media) Hidden
DishAnywhereDesktop (HKLM-x32\...\{330c332d-b8e7-4d1b-930b-a9852c7c4e9c}) (Version: 0.0.0.236 - Sling Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\office6\qingshellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jrz\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {038AEF1A-99B2-4743-807B-5DC57F80194C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {051BE4EB-6AC8-43B6-8957-AD391DAB3204} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {0AB79E81-AAD8-4A30-A482-5F442277F92C} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {13C1545C-5625-4B8D-8F6B-061DFE3F4BDF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1763060F-4CDB-4B6D-99DA-615829FCBC46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2AFED2CA-8802-451E-85D0-EB899A0D3147} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2C16ED8F-E466-4ACB-8DDE-4EDD7322141B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {39AD929A-A234-4E93-9FB0-DBE38F6F60FD} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {3A98AD26-5596-4BBA-83C0-612C9C9F4B48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3BE76595-6EF1-411C-A3B7-0735B483EE54} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {3F22C2C1-99C4-4765-B94D-BF106AE292B9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {4131BA4A-C8DA-4826-827D-E74674225583} - System32\Tasks\{2A91CC21-6F6B-424D-AF78-7622C734385B} => pcalua.exe -a "C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\utility\uninst.exe"
Task: {433A1A22-A341-41DD-BAAA-2AD021F04152} - System32\Tasks\EasyBank => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
Task: {466D990F-980F-4964-9AB1-607725574F3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D9C409A-298D-477B-854D-80A8FA154E4F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {6023229E-D31C-43D9-BC8D-67D99193FADC} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-13] (Microsoft Corporation)
Task: {64832F6B-6C3D-4C01-BEF4-01E59BD06F35} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {679AEFBC-42CF-4094-8B3E-9BDC644128E7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {68BF8CB8-540E-481F-BBF5-306158BD6EFC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-16] (Synaptics Incorporated)
Task: {6D43215F-CE39-4376-B852-A964713EE9C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {757A42E1-7C04-43B3-B4D1-EC87E3C68EB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7BCA9B7F-6CAB-4FA5-B2EC-148F07B3A795} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {83CF1EC0-B5D9-4FAD-A122-14D1D6D8F467} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {8DFDC95D-01D1-4944-83B0-CFB0A8631ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {94934AFF-2C5E-4325-994E-02E314F6B06A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99BBFF0A-BED7-4E51-A3F7-148ADA0E8D56} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch
Task: {A749E1A3-02E0-4059-AC64-B9FE9675B805} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {BF6D8AC9-BDBB-4175-9179-968D8D707986} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {C1414A2B-8A9F-4190-B456-944D2EEB341D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C41C67D3-DAF9-4F8F-A9F4-746EED994E93} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
Task: {D07072EB-FC33-42BA-933E-8AFDADB4913A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D0EA54F2-E4EA-4529-9FFB-B4BF383DFA2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {D1A4E73F-DC9B-4995-B8DD-18F8EB48E67A} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {D92F6AAC-331F-4F74-A5E9-EC7FB439FEBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {DDD0B698-5BB1-4868-AA90-ACB689C42931} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F8253B10-CAB8-4C2A-9E29-26E489A85217} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {FED8ADDE-E819-4FAD-BB41-61EAAC507A54} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\EasyBank.job => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-13 12:04 - 2009-02-10 10:01 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-22 12:40 - 2013-08-22 12:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-12-10 02:30 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-10 02:30 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2012-10-01 20:34 - 2012-10-01 20:34 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-17 20:47 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 20:47 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-17 20:51 - 2015-12-06 21:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-17 20:50 - 2015-12-06 21:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-17 20:51 - 2015-12-06 21:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-17 20:51 - 2015-12-06 21:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-16 22:08 - 2015-12-16 22:08 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-09-19 18:06 - 2013-03-04 21:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2012-10-01 20:33 - 2012-10-01 20:33 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-15 18:47 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-15 18:47 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2014-09-19 18:09 - 2013-12-10 09:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-12-16 22:08 - 2015-12-16 22:08 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-16 22:08 - 2015-12-16 22:08 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-12-22 10:31 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F530A058-7268-4377-9DF5-D7D41668DE99}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67FC01EC-9B8C-4247-A058-90C25D648659}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E8C79E3-27D5-4EBB-B897-AD3ABF75EDF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6309C0CD-A68A-434B-9B26-E02B8233A168}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6F8E951C-3B3F-490C-92BD-80049D41C1C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{15450708-1369-4201-9511-5EF62971CA86}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{DA234013-53D1-4B56-8068-6F64C1458E5C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{BED30167-79CF-4DEC-9DEC-74FC14BBDD9A}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{D42BCEC4-170E-49D0-9527-1FA2EECD2381}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{241C352D-BEC9-4278-A4D2-30EFD664F694}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{E3079AB4-0639-4D9A-B5D4-EE196CA7FF10}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{9BCB0022-1ADF-4EF7-B19E-5C2639478AD3}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{8880423D-036C-4905-93A7-32EC0EF4B9BD}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{CEE89400-EE07-4ECE-861C-C7226CF0B789}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AFB04F95-1BDD-4CFA-9E98-B2A3298EDC40}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{5D971E1E-1A0D-4659-9243-51B1922C1BC8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{298C1921-EC59-4D34-B32F-B1CDD77AC75D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{372238DB-9515-4724-BA0D-B5596D9929EF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B4E75BD2-5977-47FD-9425-AF3B811A7F4B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{95B156CC-ADD2-433B-B36F-C3CCA9914EF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{836DCF22-9536-4623-9CDF-5E5E1B690BBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30992446-C0D6-413E-A873-FC443E2937BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC9A81B9-2F5A-4C44-BEEB-1225B5616E2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{485AE551-D6A3-46FD-A567-38CC9F930764}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E0E13C6-C47B-4933-995D-D75632383482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11ABF67A-D9D4-4FF1-845D-A00C20342866}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{61FE0585-796C-4C7C-B551-545B0D4FE1B6}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-12-2015 09:27:22 Scheduled Checkpoint
30-12-2015 20:21:40 Windows Update
07-01-2016 16:33:22 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/12/2016 01:15:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JR)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/12/2016 01:15:28 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JR)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/12/2016 12:15:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6172

Error: (01/12/2016 12:15:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 6172

Error: (01/12/2016 12:15:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2016 09:46:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3828

Error: (01/11/2016 09:46:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3828

Error: (01/11/2016 09:46:19 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/11/2016 05:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3875

Error: (01/11/2016 05:45:28 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3875


System errors:
=============
Error: (01/18/2016 02:47:30 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/18/2016 02:42:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_5d123 service to connect.

Error: (01/18/2016 02:42:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_5d123 service to connect.

Error: (01/18/2016 02:42:35 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_5d123 service, but this action failed with the following error:
%%1056

Error: (01/18/2016 02:42:34 AM) (Source: DCOM) (EventID: 10010) (User: JR)
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (01/18/2016 02:42:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5d123 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:42:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5d123 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:42:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5d123 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:42:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_5d123 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/18/2016 02:42:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2016-01-08 17:29:38.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-03 09:19:39.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 17:20:53.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-18 01:21:46.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-14 21:02:41.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-14 15:28:02.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 11:21:22.236
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 10:45:22.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-04 22:42:10.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-04 05:41:44.181
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 56%
Total physical RAM: 4000.18 MB
Available physical RAM: 1746.22 MB
Total Virtual: 5984.18 MB
Available Virtual: 3704.16 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.22 GB) (Free:874.32 GB) NTFS
Drive e: (Microsoft Office) (CDROM) (Total:0.69 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B4AF8927)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 22 January 2016 - 10:50 PM.


#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 22 January 2016 - 12:40 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 22 January 2016 - 10:52 PM

Greetings marsspeaks and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2013 and all other products for which you do not have a valid Product Key. If you are willing to do that please rerun a FRST scan with Addition.txt and post both logs. If you prefer to leave the programs on your computer let me know that and I will be closing the Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 23 January 2016 - 11:16 AM

Oh, I didn't realize they had that on this computer. I uninstalled as suggested!
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-01-2016
Ran by jrz (administrator) on JR (23-01-2016 10:06:35)
Running from C:\Users\jrz\Desktop
Loaded Profiles: jrz (Available Profiles: jrz)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\jrz\Desktop\fatty\FRST.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcfgex.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-01] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-18] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-03] (CANON INC.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3780008 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3129560 2014-02-24] (Disc Soft Ltd)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
Tcpip\..\Interfaces\{41bcc153-ab7f-42a2-bba6-8f408bcb9796}: [DhcpNameServer] 172.5.1.171
Tcpip\..\Interfaces\{c97cc6aa-533c-440d-9797-58aa5a3b6298}: [DhcpNameServer] 71.10.216.1 71.10.216.2 192.168.1.1
 
Internet Explorer:
==================
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pch.com/
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKLM -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jrz\AppData\Roaming\Mozilla\Firefox\Profiles\goedbi4j.default
FF Homepage: hxxp://frontpage.pch.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-22] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-22] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-02-04] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4014343086-3611739078-916112099-1002: @citrixonline.com/appdetectorplugin -> C:\Users\jrz\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-08-11] (Citrix Online)
FF Plugin HKU\S-1-5-21-4014343086-3611739078-916112099-1002: DISH Anywhere.com/DISH Anywhere Video Player -> C:\Users\jrz\AppData\Roaming\DISH Anywhere\DISH Anywhere Video Player\npNMPCBrowserPlugin.dll [2015-02-09] (Nagravision)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: Flash and Video Download - C:\Users\jrz\AppData\Roaming\Mozilla\Firefox\Profiles\goedbi4j.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2015-12-31]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DISH Anywhere Video Player Extension) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jddfihmdfalfpnnebhgpmopljbopmkea [2015-08-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-28]
CHR HKLM\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jddfihmdfalfpnnebhgpmopljbopmkea] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3642280 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [335656 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-29] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-01] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-12-01] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21152 2015-03-27] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162784 2015-03-11] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [297904 2015-08-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [259040 2015-06-16] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [378336 2015-05-07] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [250800 2015-08-04] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40928 2015-03-20] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [304560 2015-08-04] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2015-11-01] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [896744 2015-12-01] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57032 2015-07-16] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-23 10:06 - 2016-01-23 10:07 - 00018370 _____ C:\Users\jrz\Desktop\FRST.txt
2016-01-23 10:05 - 2016-01-23 10:05 - 02370560 _____ (Farbar) C:\Users\jrz\Desktop\FRST64.exe
2016-01-23 09:35 - 2016-01-23 09:35 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2016-01-18 02:48 - 2016-01-18 02:48 - 00000000 ___HD C:\OneDriveTemp
2016-01-11 23:21 - 2016-01-23 10:06 - 00000000 ____D C:\FRST
2016-01-07 16:29 - 2016-01-18 02:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-06 06:58 - 2016-01-23 10:06 - 00000000 ____D C:\Users\jrz\Desktop\fatty
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\Users\jrz\AppData\Roaming\ScummVM
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
2016-01-06 06:57 - 2016-01-06 06:57 - 00000000 ____D C:\Program Files (x86)\ScummVM
2016-01-06 06:56 - 2016-01-06 06:56 - 07238761 _____ (The ScummVM Team ) C:\Users\jrz\Downloads\scummvm-1.7.0-win32.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-23 09:56 - 2015-09-12 12:30 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-23 09:56 - 2015-09-12 12:29 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-23 09:55 - 2015-11-01 11:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-01-23 09:55 - 2015-10-30 03:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-01-23 09:55 - 2015-05-05 10:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-23 09:54 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-01-23 09:50 - 2015-09-22 07:48 - 00000000 ____D C:\Users\jrz\AppData\LocalLow\Temp
2016-01-23 09:50 - 2013-08-22 07:25 - 00000108 _____ C:\WINDOWS\win.ini
2016-01-23 09:48 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-23 09:45 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-23 09:45 - 2015-07-29 20:28 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-23 09:35 - 2015-11-01 11:18 - 00000000 ____D C:\Users\jrz\AppData\Roaming\DAEMON Tools Pro
2016-01-23 09:23 - 2015-11-01 10:41 - 09989712 _____ (MEGA Limited) C:\Users\jrz\Downloads\MEGAsyncSetup.exe
2016-01-23 09:22 - 2015-06-30 05:18 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-23 09:20 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-23 09:20 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-23 09:17 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-23 09:15 - 2015-03-10 19:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-23 09:10 - 2015-03-17 18:29 - 00000000 ____D C:\ProgramData\MFAData
2016-01-23 09:06 - 2015-03-05 03:30 - 00004136 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C28AF5F7-F097-418F-B992-2C55E45C372D}
2016-01-22 03:57 - 2015-03-10 19:15 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-18 02:54 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
2016-01-18 02:49 - 2015-10-30 00:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2016-01-18 02:48 - 2015-07-29 20:43 - 00000000 ___RD C:\Users\jrz\OneDrive
2016-01-18 02:47 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-18 02:44 - 2015-12-03 03:28 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-18 02:44 - 2015-09-12 12:29 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-18 02:44 - 2015-07-29 20:37 - 00000000 __SHD C:\Users\jrz\IntelGraphicsProfiles
2016-01-18 02:43 - 2015-12-03 04:04 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-18 02:43 - 2015-06-30 04:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-18 02:43 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMS.job
2016-01-18 02:42 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-18 02:42 - 2015-10-13 12:04 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-01-11 23:45 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMSDaily.job
2016-01-11 17:07 - 2015-06-29 22:07 - 00000452 _____ C:\WINDOWS\Tasks\EasyBank.job
2016-01-02 19:40 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 19:40 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2015-12-03 03:26 - 2015-12-03 03:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-07-28 17:03 - 2015-07-28 17:03 - 0001653 _____ () C:\ProgramData\tempimage.bmp
2014-09-19 18:09 - 2014-09-19 18:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-19 18:05 - 2014-09-19 18:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-19 18:06 - 2014-09-19 18:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-19 18:08 - 2014-09-19 18:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-19 18:05 - 2014-09-19 18:05 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\jrz\AppData\Local\Temp\ose00000.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-06 08:44
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by jrz (2016-01-23 10:08:22)
Running from C:\Users\jrz\Desktop
Windows 10 Home (X64) (2015-12-03 10:14:22)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4014343086-3611739078-916112099-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4014343086-3611739078-916112099-503 - Limited - Disabled)
Guest (S-1-5-21-4014343086-3611739078-916112099-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4014343086-3611739078-916112099-1004 - Limited - Enabled)
jrz (S-1-5-21-4014343086-3611739078-916112099-1002 - Administrator - Enabled) => C:\Users\jrz

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus 2015 (Enabled - Out of date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus 2015 (Enabled - Out of date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.6176 - AVG Technologies)
AVG 2015 (Version: 15.0.4522 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.6176 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: - )
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - )
Canon MP250 series User Registration (HKLM-x32\...\Canon MP250 series User Registration) (Version: - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - )
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0388 - Disc Soft Ltd)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DISH Anywhere Video Player (HKLM-x32\...\{D180F2F3-9CD4-4867-A221-D81C725D8045}) (Version: 2.24.2 - DISH Anywhere)
DISH Anywhere Video Player Installer (x32 Version: 0.0.0.236 - Sling Media) Hidden
DishAnywhereDesktop (HKLM-x32\...\{330c332d-b8e7-4d1b-930b-a9852c7c4e9c}) (Version: 0.0.0.236 - Sling Media)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.111 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
ScummVM 1.7.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\office6\qingshellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jrz\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {038AEF1A-99B2-4743-807B-5DC57F80194C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {051BE4EB-6AC8-43B6-8957-AD391DAB3204} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {0AB79E81-AAD8-4A30-A482-5F442277F92C} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {13C1545C-5625-4B8D-8F6B-061DFE3F4BDF} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {1763060F-4CDB-4B6D-99DA-615829FCBC46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2AFED2CA-8802-451E-85D0-EB899A0D3147} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2C16ED8F-E466-4ACB-8DDE-4EDD7322141B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {39AD929A-A234-4E93-9FB0-DBE38F6F60FD} - System32\Tasks\SushiLeads => C:\Program Files (x86)\sushileads\ScheduledTask.exe
Task: {3A98AD26-5596-4BBA-83C0-612C9C9F4B48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3BE76595-6EF1-411C-A3B7-0735B483EE54} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {4131BA4A-C8DA-4826-827D-E74674225583} - System32\Tasks\{2A91CC21-6F6B-424D-AF78-7622C734385B} => pcalua.exe -a "C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\utility\uninst.exe"
Task: {433A1A22-A341-41DD-BAAA-2AD021F04152} - System32\Tasks\EasyBank => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
Task: {466D990F-980F-4964-9AB1-607725574F3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5D9C409A-298D-477B-854D-80A8FA154E4F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {64832F6B-6C3D-4C01-BEF4-01E59BD06F35} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {679AEFBC-42CF-4094-8B3E-9BDC644128E7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {68BF8CB8-540E-481F-BBF5-306158BD6EFC} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-16] (Synaptics Incorporated)
Task: {6D43215F-CE39-4376-B852-A964713EE9C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {757A42E1-7C04-43B3-B4D1-EC87E3C68EB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {7BCA9B7F-6CAB-4FA5-B2EC-148F07B3A795} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {8DFDC95D-01D1-4944-83B0-CFB0A8631ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {94934AFF-2C5E-4325-994E-02E314F6B06A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {99BBFF0A-BED7-4E51-A3F7-148ADA0E8D56} - System32\Tasks\Dell\Dell Product Registration Update => /updatecheck /LSRC=autolaunch
Task: {A749E1A3-02E0-4059-AC64-B9FE9675B805} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {BF6D8AC9-BDBB-4175-9179-968D8D707986} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {C1414A2B-8A9F-4190-B456-944D2EEB341D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {C41C67D3-DAF9-4F8F-A9F4-746EED994E93} - System32\Tasks\Dell\Dell Product Registration => /boot /LSRC=autolaunch
Task: {D0EA54F2-E4EA-4529-9FFB-B4BF383DFA2F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
Task: {D1A4E73F-DC9B-4995-B8DD-18F8EB48E67A} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {D92F6AAC-331F-4F74-A5E9-EC7FB439FEBD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-22] (Adobe Systems Incorporated)
Task: {DDD0B698-5BB1-4868-AA90-ACB689C42931} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E2E8CE3B-F30D-45D3-844A-472893748754} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-22] (Microsoft Corporation)
Task: {F8253B10-CAB8-4C2A-9E29-26E489A85217} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {FED8ADDE-E819-4FAD-BB41-61EAAC507A54} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\EasyBank.job => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-13 12:04 - 2009-02-10 10:01 - 00116104 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2013-08-22 12:40 - 2013-08-22 12:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-12-10 02:30 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-10 02:30 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 20:51 - 2015-12-06 21:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-17 20:50 - 2015-12-06 21:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-17 20:51 - 2015-12-06 21:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-17 20:51 - 2015-12-06 21:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 20:49 - 2015-12-06 21:34 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-23 09:18 - 2016-01-23 09:19 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-23 09:11 - 2016-01-23 09:12 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-14 21:33 - 2015-12-14 21:34 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-17 20:47 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 20:47 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2014-09-19 18:06 - 2013-03-04 21:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 12:41 - 2013-03-05 12:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-09-19 18:09 - 2013-12-10 09:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-12-15 18:47 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-15 18:47 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2016-01-23 09:18 - 2016-01-23 09:19 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-23 09:18 - 2016-01-23 09:19 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 07:25 - 2015-12-22 10:31 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 71.10.216.1 - 71.10.216.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F530A058-7268-4377-9DF5-D7D41668DE99}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67FC01EC-9B8C-4247-A058-90C25D648659}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3E8C79E3-27D5-4EBB-B897-AD3ABF75EDF6}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6309C0CD-A68A-434B-9B26-E02B8233A168}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{6F8E951C-3B3F-490C-92BD-80049D41C1C8}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{15450708-1369-4201-9511-5EF62971CA86}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{E3079AB4-0639-4D9A-B5D4-EE196CA7FF10}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{9BCB0022-1ADF-4EF7-B19E-5C2639478AD3}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{8880423D-036C-4905-93A7-32EC0EF4B9BD}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{CEE89400-EE07-4ECE-861C-C7226CF0B789}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{AFB04F95-1BDD-4CFA-9E98-B2A3298EDC40}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{5D971E1E-1A0D-4659-9243-51B1922C1BC8}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{298C1921-EC59-4D34-B32F-B1CDD77AC75D}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{372238DB-9515-4724-BA0D-B5596D9929EF}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{B4E75BD2-5977-47FD-9425-AF3B811A7F4B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{95B156CC-ADD2-433B-B36F-C3CCA9914EF1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{836DCF22-9536-4623-9CDF-5E5E1B690BBC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{30992446-C0D6-413E-A873-FC443E2937BD}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BC9A81B9-2F5A-4C44-BEEB-1225B5616E2A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{485AE551-D6A3-46FD-A567-38CC9F930764}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6E0E13C6-C47B-4933-995D-D75632383482}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{11ABF67A-D9D4-4FF1-845D-A00C20342866}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ACD5241D-35CC-45B5-9AB9-5D950E16E95A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-12-2015 09:27:22 Scheduled Checkpoint
30-12-2015 20:21:40 Windows Update
07-01-2016 16:33:22 Windows Update
22-01-2016 03:56:12 Windows Update
23-01-2016 09:46:29 Removed Microsoft Office Professional Plus 2013
23-01-2016 09:47:27 PROPLUS

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/23/2016 09:47:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/23/2016 09:46:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/23/2016 09:33:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: StartUI.dll, version: 10.0.10586.35, time stamp: 0x56650467
Exception code: 0xc000041d
Fault offset: 0x000000000029ecc8
Faulting process id: 0x102c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (01/23/2016 09:33:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: StartUI.dll, version: 10.0.10586.35, time stamp: 0x56650467
Exception code: 0xc0000005
Fault offset: 0x000000000029ecc8
Faulting process id: 0x102c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (01/23/2016 09:04:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1688

Error: (01/23/2016 09:04:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1688

Error: (01/23/2016 09:04:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (01/22/2016 03:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3469

Error: (01/22/2016 03:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3469

Error: (01/22/2016 03:26:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (01/23/2016 09:04:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/22/2016 03:26:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/22/2016 04:00:47 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/22/2016 03:50:00 AM) (Source: DCOM) (EventID: 10001) (User: JR)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca31App.AppX65azfy60a5wn91mcvdd3dr2y0wj02n39.mcaUnavailableUnavailable

Error: (01/22/2016 03:50:00 AM) (Source: DCOM) (EventID: 10001) (User: JR)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca31App.AppX65azfy60a5wn91mcvdd3dr2y0wj02n39.mcaUnavailableUnavailable

Error: (01/22/2016 03:50:00 AM) (Source: DCOM) (EventID: 10001) (User: JR)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:App.AppXe9cvj1thv1hmcw0cs98xm3r97tyzy2xs.mca31App.AppX65azfy60a5wn91mcvdd3dr2y0wj02n39.mcaUnavailableUnavailable

Error: (01/18/2016 03:21:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/18/2016 02:59:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/18/2016 02:47:30 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (01/18/2016 02:42:36 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_5d123 service to connect.


CodeIntegrity:
===================================
Date: 2016-01-23 09:53:45.249
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-08 17:29:38.531
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-03 09:19:39.487
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-31 17:20:53.266
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-18 01:21:46.921
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-14 21:02:41.458
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-14 15:28:02.640
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 11:21:22.236
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 10:45:22.156
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-04 22:42:10.057
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 56%
Total physical RAM: 4000.18 MB
Available physical RAM: 1756.01 MB
Total Virtual: 5984.18 MB
Available Virtual: 3568.61 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:921.22 GB) (Free:875.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B4AF8927)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 January 2016 - 03:36 PM.


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 23 January 2016 - 07:10 PM

Thank you for your understanding and patience.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pch.com/
SearchScopes: HKLM -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKLM -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
FF Homepage: hxxp://frontpage.pch.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
2016-01-18 02:43 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMS.job
2014-09-19 18:09 - 2014-09-19 18:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-19 18:05 - 2014-09-19 18:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-19 18:06 - 2014-09-19 18:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-19 18:08 - 2014-09-19 18:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-19 18:05 - 2014-09-19 18:05 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\office6\qingshellext64.dll => No File
Task: {0AB79E81-AAD8-4A30-A482-5F442277F92C} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
C:\Windows\AutoKMS.exe
Task: {1763060F-4CDB-4B6D-99DA-615829FCBC46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2AFED2CA-8802-451E-85D0-EB899A0D3147} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2C16ED8F-E466-4ACB-8DDE-4EDD7322141B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {3A98AD26-5596-4BBA-83C0-612C9C9F4B48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {433A1A22-A341-41DD-BAAA-2AD021F04152} - System32\Tasks\EasyBank => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
Task: {466D990F-980F-4964-9AB1-607725574F3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {679AEFBC-42CF-4094-8B3E-9BDC644128E7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {679AEFBC-42CF-4094-8B3E-9BDC644128E7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
C:\Program Files (x86)\OLBPre
Task: {6D43215F-CE39-4376-B852-A964713EE9C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {757A42E1-7C04-43B3-B4D1-EC87E3C68EB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8DFDC95D-01D1-4944-83B0-CFB0A8631ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {94934AFF-2C5E-4325-994E-02E314F6B06A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C1414A2B-8A9F-4190-B456-944D2EEB341D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DDD0B698-5BB1-4868-AA90-ACB689C42931} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FED8ADDE-E819-4FAD-BB41-61EAAC507A54} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\EasyBank.job => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}
CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\office6\qingshellext64.dll => No File
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Report
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click Clean to remove the items still checked
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop upon reboot in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 24 January 2016 - 10:06 AM

Here are my scans!

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-01-2016
Ran by jrz (2016-01-24 08:17:15) Run:1
Running from C:\Users\jrz\Desktop
Loaded Profiles: jrz (Available Profiles: jrz)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://pch.com/
SearchScopes: HKLM -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKLM -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> DefaultScope {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {2111008F-ACE2-4956-BC3D-EAB3F50FFD14} URL = hxxp://www.cassiopessa.com/results.php?f=4&q={searchTerms}&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=
SearchScopes: HKU\S-1-5-21-4014343086-3611739078-916112099-1002 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL = 
FF Homepage: hxxp://frontpage.pch.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jrz\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
2016-01-18 02:43 - 2015-06-29 22:45 - 00000202 _____ C:\WINDOWS\Tasks\AutoKMS.job
2014-09-19 18:09 - 2014-09-19 18:09 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-19 18:05 - 2014-09-19 18:06 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-19 18:06 - 2014-09-19 18:08 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-19 18:08 - 2014-09-19 18:09 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-19 18:05 - 2014-09-19 18:05 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\office6\qingshellext64.dll => No File
Task: {0AB79E81-AAD8-4A30-A482-5F442277F92C} - System32\Tasks\AutoKMSDaily => C:\Windows\AutoKMS.exe
C:\Windows\AutoKMS.exe
Task: {1763060F-4CDB-4B6D-99DA-615829FCBC46} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2AFED2CA-8802-451E-85D0-EB899A0D3147} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {2C16ED8F-E466-4ACB-8DDE-4EDD7322141B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe
Task: {3A98AD26-5596-4BBA-83C0-612C9C9F4B48} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {433A1A22-A341-41DD-BAAA-2AD021F04152} - System32\Tasks\EasyBank => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
Task: {466D990F-980F-4964-9AB1-607725574F3A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {679AEFBC-42CF-4094-8B3E-9BDC644128E7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {679AEFBC-42CF-4094-8B3E-9BDC644128E7} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
C:\Program Files (x86)\OLBPre
Task: {6D43215F-CE39-4376-B852-A964713EE9C5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {757A42E1-7C04-43B3-B4D1-EC87E3C68EB8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8DFDC95D-01D1-4944-83B0-CFB0A8631ACE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {94934AFF-2C5E-4325-994E-02E314F6B06A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C1414A2B-8A9F-4190-B456-944D2EEB341D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {DDD0B698-5BB1-4868-AA90-ACB689C42931} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FED8ADDE-E819-4FAD-BB41-61EAAC507A54} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\AutoKMS.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\AutoKMSDaily.job => C:\Windows\AutoKMS.exe
Task: C:\WINDOWS\Tasks\EasyBank.job => c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}\microsoft office professional plus 2013 - 64 bit(english)[rareabyss].exe <==== ATTENTION
c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656}
CustomCLSID: HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> C:\Users\jrz\AppData\Local\Kingsoft\WPS Office\9.1.0.5106\office6\qingshellext64.dll => No File
*****************
 
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2111008F-ACE2-4956-BC3D-EAB3F50FFD14}" => key removed successfully
HKCR\CLSID\{2111008F-ACE2-4956-BC3D-EAB3F50FFD14} => key not found. 
HKU\S-1-5-21-4014343086-3611739078-916112099-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-4014343086-3611739078-916112099-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2111008F-ACE2-4956-BC3D-EAB3F50FFD14}" => key removed successfully
HKCR\CLSID\{2111008F-ACE2-4956-BC3D-EAB3F50FFD14} => key not found. 
"HKU\S-1-5-21-4014343086-3611739078-916112099-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9143e921-7c9a-4d27-ac43-eaccc78cc55a}" => key removed successfully
HKCR\CLSID\{9143e921-7c9a-4d27-ac43-eaccc78cc55a} => key not found. 
Firefox "homepage" removed successfully
C:\Users\jrz\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\WINDOWS\Tasks\AutoKMS.job => moved successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
"HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AB79E81-AAD8-4A30-A482-5F442277F92C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AB79E81-AAD8-4A30-A482-5F442277F92C}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoKMSDaily => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMSDaily" => key removed successfully
"C:\Windows\AutoKMS.exe" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1763060F-4CDB-4B6D-99DA-615829FCBC46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1763060F-4CDB-4B6D-99DA-615829FCBC46}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2AFED2CA-8802-451E-85D0-EB899A0D3147}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2AFED2CA-8802-451E-85D0-EB899A0D3147}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{2C16ED8F-E466-4ACB-8DDE-4EDD7322141B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C16ED8F-E466-4ACB-8DDE-4EDD7322141B}" => key removed successfully
C:\WINDOWS\System32\Tasks\AutoKMS => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A98AD26-5596-4BBA-83C0-612C9C9F4B48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A98AD26-5596-4BBA-83C0-612C9C9F4B48}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{433A1A22-A341-41DD-BAAA-2AD021F04152}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{433A1A22-A341-41DD-BAAA-2AD021F04152}" => key removed successfully
C:\WINDOWS\System32\Tasks\EasyBank => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EasyBank" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{466D990F-980F-4964-9AB1-607725574F3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{466D990F-980F-4964-9AB1-607725574F3A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{679AEFBC-42CF-4094-8B3E-9BDC644128E7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{679AEFBC-42CF-4094-8B3E-9BDC644128E7}" => key removed successfully
C:\WINDOWS\System32\Tasks\LaunchPreSignup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{679AEFBC-42CF-4094-8B3E-9BDC644128E7} => key not found. 
C:\WINDOWS\System32\Tasks\LaunchPreSignup => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchPreSignup => key not found. 
"C:\Program Files (x86)\OLBPre" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6D43215F-CE39-4376-B852-A964713EE9C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6D43215F-CE39-4376-B852-A964713EE9C5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{757A42E1-7C04-43B3-B4D1-EC87E3C68EB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{757A42E1-7C04-43B3-B4D1-EC87E3C68EB8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8DFDC95D-01D1-4944-83B0-CFB0A8631ACE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DFDC95D-01D1-4944-83B0-CFB0A8631ACE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{94934AFF-2C5E-4325-994E-02E314F6B06A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{94934AFF-2C5E-4325-994E-02E314F6B06A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C1414A2B-8A9F-4190-B456-944D2EEB341D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1414A2B-8A9F-4190-B456-944D2EEB341D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDD0B698-5BB1-4868-AA90-ACB689C42931}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDD0B698-5BB1-4868-AA90-ACB689C42931}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FED8ADDE-E819-4FAD-BB41-61EAAC507A54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FED8ADDE-E819-4FAD-BB41-61EAAC507A54}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
C:\WINDOWS\Tasks\AutoKMS.job => not found.
C:\WINDOWS\Tasks\AutoKMSDaily.job => moved successfully
C:\WINDOWS\Tasks\EasyBank.job => moved successfully
c:\programdata\{86c39d95-bf31-57f4-86c3-39d95bf37656} => moved successfully
HKU\S-1-5-21-4014343086-3611739078-916112099-1002_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F} => key not found. 
 
==== End of Fixlog 08:17:24 ====
 
 
 
 
 
 
 
# AdwCleaner v5.030 - Logfile created 24/01/2016 at 08:39:15
# Updated 17/01/2016 by Xplode
# Database : 2016-01-19.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : jrz - JR
# Running from : C:\Users\jrz\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\LightningDownloader
[-] Folder Deleted : C:\Program Files (x86)\sushileads
[-] Folder Deleted : C:\Program Files (x86)\bestadblocker
[-] Folder Deleted : C:\Program Files (x86)\CouttTHHePricee
[-] Folder Deleted : C:\Program Files (x86)\CutThePrice
[-] Folder Deleted : C:\Program Files (x86)\CutThePricee
[-] Folder Deleted : C:\ProgramData\cmkckfpghklicogpokdjikikckcgfifo
[-] Folder Deleted : C:\ProgramData\hidpkkjkbaeefggbelejfllcldgfhjne
[-] Folder Deleted : C:\ProgramData\iknlcehfmgohldlgafogbkamhkgiddcn
[-] Folder Deleted : C:\ProgramData\oidcpkckdjbjfnjpjefdapjdgchbbbei
[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightningDownloader
[-] Folder Deleted : C:\Users\jrz\AppData\Roaming\LightningDownloader
[-] Folder Deleted : C:\Users\jrz\AppData\Roaming\Tny_cassiopesa
[#] Folder Deleted : C:\WINDOWS\SysNative\Tasks\sushileads
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_microsoft-office.en.softonic.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_microsoft-office.en.softonic.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.shopathome.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.myway.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_onlinemapfinder.dl.tb.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
[-] File Deleted : C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\jrz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Cassiopesa.lnk
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : SushiLeads
 
***** [ Registry ] *****
 
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [wb.exe]
[-] Key Deleted : HKCU\Software\Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKCU\Software\Microsoft\KanarCore
[-] Key Deleted : HKCU\Software\NpApp
[-] Key Deleted : HKLM\SOFTWARE\NpApp
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Cassiopesa.com
[-] [C:\Users\jrz\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : microsoft-office.en.softonic.com
[-] [C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : cassiopesa
[-] [C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Web Data] [Search Provider] Deleted : cassiopessa.com
[-] [C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.cassiopessa.com/?f=1&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=&uref=chmm
[-] [C:\Users\jrz\AppData\Local\Chromium\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://www.cassiopessa.com/?f=1&a=csp_ainstl_15_31&cd=2XzuyEtN2Y1L1Qzu0BtDtCtDyEtCyCyD0F0AtByEzzyD0EtCtN0D0Tzu0StCtAtDyEtN1L2XzutAtFtCtCtFtAtFtCtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2StDtCtAtCzztC0AyDtGtAyC0E0CtGzyyBtD0CtGyE0D0ByDtG0CzyyDtBtByC0FyB0F0C0AtC2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0DtByD0FtDyDyE0EtGzzzztA0EtGyEtD0AyDtGzyyB0EyBtG0E0FzztCyD0AtCtDzzzz0FyD2QtN0A0LzuyE&cr=764445053&ir=&uref=chmm
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [8287 bytes] ##########
 
 
 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 10 Home x64 
Ran by jrz (Administrator) on Sun 01/24/2016 at  8:47:22.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\ProgramData\7950677627354784042 (Folder) 
Successfully deleted: C:\Users\jrz\AppData\Roaming\compuclever (Folder) 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
Successfully deleted: C:\WINDOWS\SysWOW64\REN8CDA.tmp (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/24/2016 at  8:52:42.29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
Computer is running fine, browsers seem a it faster and not as laggy as I had experienced before. I would like to point out when I first used Adwcleaner I thought I clicked "Clean" and instead it closed out and removed the program from the desktop. Perhaps I clicked uninstall on accident. I downloaded it again and got the same results as I previously had when I scanned and it properly cleaned them up this time. I'm just pointing this out to be safe although it was probably an error on my part. 

 

Attached Files



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 24 January 2016 - 02:17 PM

Thanks for the additional information. Looks like we cleaned out quite a bit of stuff. This is next please.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 24 January 2016 - 06:11 PM

ESET log

 

This is all that was in the ESET log

 

C:\Users\jrz\Desktop\DAEMONToolsPro550-0388.exe Win32/DownWare.L potentially unwanted application deleted
 
 

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender     
AVG AntiVirus 2015   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 66  
 Java version 32-bit out of Date! 
 Adobe Flash Player 20.0.0.286  
 Mozilla Firefox (43.0.4) 
 Google Chrome (47.0.2526.106) 
 Google Chrome (47.0.2526.111) 
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
 
Seems to be running just right. Is there anything else I need to run? RogueKiller? Or is that not needed?

 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 24 January 2016 - 06:52 PM

An additional scan is not necessary in my opinion but if you would like to run one more we can. It would be something other than RogueKiller. What would you like to do?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 24 January 2016 - 08:11 PM

I know in a previous thread for a different computer they had me run Zoek as well but maybe that isn't needed. I just wanna be sure this computer is free from any sort of infection. What would you like me to run? 



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 24 January 2016 - 08:54 PM

Let's run this additional online scanner.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program, this may take some time
  • Click on 2. Scan
  • Click Yes to detecting Potentially Unwanted Programs
  • Click Malware Scan
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Copy and paste or attach the report to your reply
  • Close the program then click Close
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 marsspeaks

marsspeaks
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:05:16 AM

Posted 25 January 2016 - 10:03 AM

Emsisoft Emergency Kit - Version 11.0
Last update: 1/25/2016 8:45:29 AM
User account: JR\jrz
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 1/25/2016 8:47:53 AM
 
Scanned 87716
Found 0
 
Scan end: 1/25/2016 8:57:25 AM
Scan time: 0:09:32
 
 
 
Nothingwas detected i suppose everything is fine then. i'm not running into any issues. What would you like forme to do unless we're done?


#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,486 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 25 January 2016 - 10:40 AM

I think we are all set.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users