Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer acting very slow


  • This topic is locked This topic is locked
8 replies to this topic

#1 adamcor

adamcor

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 20 March 2016 - 08:13 PM

Hey everyone.  My laptop has been starting to act very slow.  When I open laptop it can take up to ten minutes for the screen to come on.  Then when I try to open applications it will take another 10 minutes or so.  Eventually after using it long enough its speed improves greatly but I really want to get rid of these long start up times.
Anyways, here are my Frst and Addition logs.
Thanks!
 
FRST - http://pastebin.com/uC8xQSFc
Addition - http://pastebin.com/5sPefFPy

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Adam (administrator) on ADAMC (19-03-2016 11:36:05)
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available Profiles: Adam)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Cisco) C:\Users\Adam\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Google Inc.) C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\nacl64.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyGopher.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
() C:\Users\Adam\Desktop\adbFire\adbFire.exe
() C:\Users\Adam\Desktop\adbFire\adb.exe
() C:\Users\Adam\Desktop\adbFire\adb.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(g10 Code GmbH) C:\Program Files (x86)\GNU\GnuPG\gpg-agent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
Failed to access process -> chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Adam\eclipse\java-mars\eclipse\eclipse.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_72\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_72\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_72\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_72\bin\javaw.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_72\bin\javaw.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
() C:\Users\Adam\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Users\Adam\Desktop\Tor Browser\Browser\firefox.exe
() C:\Users\Adam\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
(PC-Doctor, Inc.) C:\Program Files\Dell\SupportAssist\imstrayicon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945672 2015-07-16] (Synaptics Incorporated)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3775816 2014-02-27] (Dell Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2015-01-28] (ESET)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [884440 2015-05-02] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-12-22] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [60688 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [PCShowServer] => C:\Users\Adam\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1631088 2014-09-16] (Cisco)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Adam\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [Google Update] => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-07] (Google Inc.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [MusicManager] => C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7643136 2015-11-17] (Google Inc.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [HP Deskjet 3050 J610 series (NET)] => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [103696 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [iCloudPhotos] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe [349968 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [6302856 2015-11-06] (Plex, Inc.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50385536 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [61200 2015-10-21] (Apple Inc.)
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\RunOnce: [Uninstall C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\RunOnce: [Uninstall C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1"
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\RunOnce: [Uninstall C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\RunOnce: [Uninstall C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5-x64 08 C:\Windows\system32\wlidnsp.dll [66048 2015-10-30] (Microsoft Corporation)
Winsock: Catalog5-x64 09 C:\Windows\system32\wlidnsp.dll [66048 2015-10-30] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{a94e9eb8-3a3f-4b77-b874-fc865e37ac61}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{bf12608b-a7c5-4f92-a0d9-853ef29ef9f4}: [DhcpNameServer] 172.4.1.171

Internet Explorer:
==================
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://dell13.msn.com/?pc=DCJB
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001 -> DefaultScope {7ED8DB49-14AC-4A47-A296-30FA16905ADC} URL =
SearchScopes: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001 -> {7ED8DB49-14AC-4A47-A296-30FA16905ADC} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_72\bin\ssv.dll [2016-01-21] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_72\bin\jp2ssv.dll [2016-01-21] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-01-21] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Adam\AppData\Roaming\Mozilla\Firefox\Profiles\ojthf6as.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-12] ()
FF Plugin: @java.com/DTPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\dtplugin\npDeployJava1.dll [2016-01-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.72.2 -> C:\Program Files\Java\jre1.8.0_72\bin\plugin2\npjp2.dll [2016-01-21] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3719852253-1006456788-3136384108-1001: @nds.com/PlayerPlugin -> C:\Users\Adam\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-3719852253-1006456788-3136384108-1001: @nds.com/PlayerPlugin64 -> C:\Users\Adam\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll [2014-09-16] (Cisco)
FF Plugin HKU\S-1-5-21-3719852253-1006456788-3136384108-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Adam\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll [2013-12-18] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3719852253-1006456788-3136384108-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3719852253-1006456788-3136384108-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3719852253-1006456788-3136384108-1001: NDS.com/PlayerPlugin -> C:\Users\Adam\AppData\Local\DIRECTV Player\npPlayerPlugin.dll [2014-09-16] (Cisco)
FF Plugin ProgramFiles/Appdata: C:\Users\Adam\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2014-12-09] (Octoshape ApS)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-10]
CHR Extension: (Google Docs) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-10]
CHR Extension: (Google Drive) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-12-15]
CHR Extension: (YouTube) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Honey) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj [2016-03-19]
CHR Extension: (Adblock Plus) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]
CHR Extension: (Google Search) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Google Play Music) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-03-16]
CHR Extension: (Google Sheets) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-10]
CHR Extension: (HTTPS Everywhere) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcbommkclmclpchllfjekcdonpmejbdp [2016-02-25]
CHR Extension: (Google Docs Offline) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2016-02-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [433880 2015-05-02] (BlueStack Systems, Inc.)
S3 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [413400 2015-05-02] (BlueStack Systems, Inc.)
S3 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [806616 2015-05-02] (BlueStack Systems, Inc.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64616 2014-11-03] (CyberGhost S.R.L)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2787512 2015-12-23] (Microsoft Corporation)
R3 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [217088 2015-07-21] (Connectify) [File not signed]
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-05] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-05] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [139328 2014-02-19] (Aviata, Inc.)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [216576 2014-11-25] () [File not signed]
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2015-01-28] (ESET)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-21] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S2 My Dell Client Framework; C:\Program Files (x86)\Dell\My Dell Client Framework\Dell.ClientFramework.exe [168960 2014-01-10] (Dell Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-27] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-16] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
R2 vmware-view-usbd; C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe [1148120 2014-06-06] (VMware, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 wsnm; C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm\wsnm.exe [528600 2014-06-09] (VMware, Inc.)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
S2 WavesSysSvc; "C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-01-06] (Qualcomm Atheros Communications, Inc.)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [145112 2015-05-02] (BlueStack Systems)
R1 cnnctfy3; C:\Windows\system32\DRIVERS\cnnctfy3.sys [42152 2015-08-06] (Connectify)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [159480 2015-01-30] (ESET)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [67584 2013-11-11] (Intel Corporation)
R3 kiox_ff_driver; C:\Windows\System32\drivers\kiox_ff_driver.sys [41456 2015-06-15] (Kionix, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\system32\DRIVERS\netaapl64.sys [23040 2014-07-15] (Apple Inc.) [File not signed]
S3 rt70x64; C:\Windows\system32\DRIVERS\netr7064.sys [388448 2010-04-27] (Ralink Technology Corp.)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [57032 2015-07-16] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 11:36 - 2016-03-19 11:37 - 00028733 _____ C:\Users\Adam\Desktop\FRST.txt
2016-03-18 11:11 - 2016-03-18 11:46 - 00182896 _____ C:\TDSSKiller.2.8.16.0_18.03.2016_11.11.06_log.txt
2016-03-18 11:11 - 2016-03-18 11:11 - 00208216 _____ (Kaspersky Lab, GERT) C:\WINDOWS\system32\Drivers\92516833.sys
2016-03-18 11:10 - 2016-03-18 11:10 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Adam\Downloads\tdsskiller.exe
2016-03-18 10:15 - 2016-03-19 11:36 - 00000000 ____D C:\FRST
2016-03-18 10:09 - 2016-03-18 10:14 - 02374144 _____ (Farbar) C:\Users\Adam\Desktop\FRST64.exe
2016-03-12 18:53 - 2016-03-12 18:53 - 11035328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-03-11 11:19 - 2016-03-11 11:19 - 00002104 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2016-03-11 11:19 - 2016-03-11 11:19 - 00000000 ____D C:\Users\Adam\jagexcache
2016-03-11 11:19 - 2016-03-11 11:19 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2016-03-11 11:16 - 2016-03-11 11:17 - 24223744 _____ C:\Users\Adam\Downloads\RuneScape.msi
2016-03-10 16:31 - 2016-03-10 16:31 - 00216437 _____ C:\Users\Adam\Downloads\Class_10_Inheritance(1) (1).pptx
2016-03-10 16:31 - 2016-03-10 16:31 - 00199216 _____ C:\Users\Adam\Downloads\Class_11_DogsCatsChickens (1).pptx
2016-03-10 16:30 - 2016-03-10 16:30 - 00219198 _____ C:\Users\Adam\Downloads\Class_09_LessonsLearned_ProgrammingAssignment_03.pptx
2016-03-08 18:47 - 2016-03-08 18:48 - 00246160 _____ C:\Users\Adam\Downloads\Class_12_AbstractionPolymorphism.pptx
2016-03-08 11:00 - 2016-03-08 11:00 - 00228898 _____ C:\Users\Adam\Downloads\Class_08_Encapsulation (2).pptx
2016-03-07 16:22 - 2016-03-07 16:22 - 00928358 _____ C:\Users\Adam\Downloads\TrackerI9File.pdf
2016-03-04 18:44 - 2016-03-04 18:44 - 00967262 _____ C:\Users\Adam\Downloads\IMG_0442.mov
2016-03-04 18:43 - 2016-03-04 18:43 - 02794042 _____ C:\Users\Adam\Downloads\IMG_0443 (1).mov
2016-03-04 18:42 - 2016-03-04 18:43 - 02794042 _____ C:\Users\Adam\Downloads\IMG_0443.mov
2016-03-03 18:14 - 2016-03-03 18:14 - 00199216 _____ C:\Users\Adam\Downloads\Class_11_DogsCatsChickens.pptx
2016-03-01 18:20 - 2016-03-01 18:20 - 00216437 _____ C:\Users\Adam\Downloads\Class_10_Inheritance(1).pptx
2016-02-28 12:24 - 2016-02-28 12:24 - 00228898 _____ C:\Users\Adam\Downloads\Class_08_Encapsulation (1).pptx
2016-02-28 11:25 - 2016-02-28 11:25 - 00000000 ____D C:\Users\Adam\Desktop\AirVPN2
2016-02-28 11:24 - 2016-02-28 11:24 - 00007083 _____ C:\Users\Adam\Downloads\AirVPN (3).zip
2016-02-26 23:41 - 2016-02-26 23:41 - 00000705 _____ C:\Users\Adam\AppData\Local\recently-used.xbel
2016-02-21 12:08 - 2016-02-21 12:08 - 00007055 _____ C:\Users\Adam\Downloads\AirVPN (2).zip
2016-02-21 12:08 - 2016-02-21 12:08 - 00000000 ____D C:\Users\Adam\Desktop\AirVPN
2016-02-20 20:16 - 2016-02-20 20:16 - 00007007 _____ C:\Users\Adam\Downloads\AirVPN (1).zip
2016-02-19 19:02 - 2016-02-19 19:02 - 00007056 _____ C:\Users\Adam\Downloads\AirVPN.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-19 11:30 - 2015-07-23 10:06 - 00000000 ____D C:\Users\Adam\AppData\Roaming\Skype
2016-03-19 11:21 - 2014-09-10 02:20 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-19 11:12 - 2015-05-17 19:37 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3719852253-1006456788-3136384108-1001UA.job
2016-03-19 10:52 - 2014-12-21 20:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-19 10:45 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-19 10:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-19 10:06 - 2015-05-27 19:26 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-19 10:04 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-19 07:12 - 2015-02-07 17:25 - 00000864 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3719852253-1006456788-3136384108-1001Core.job
2016-03-19 01:21 - 2014-09-10 02:20 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-18 23:45 - 2014-09-10 02:19 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{39A10F4E-8ACA-4A87-AA49-E74E2790C864}
2016-03-18 12:14 - 2014-09-10 02:20 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-18 12:14 - 2014-09-10 02:20 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-18 10:44 - 2014-09-14 12:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-16 22:19 - 2014-09-14 12:54 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-14 22:44 - 2014-09-10 02:09 - 00000000 __RDO C:\Users\Adam\OneDrive
2016-03-14 22:42 - 2015-08-01 11:51 - 00002403 _____ C:\Users\Adam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-14 22:40 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-14 22:40 - 2015-07-31 23:40 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-12 19:23 - 2015-02-07 13:59 - 00002117 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-03-12 19:23 - 2015-02-07 13:59 - 00002115 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-03-12 19:23 - 2015-02-07 13:59 - 00002105 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-03-12 19:23 - 2015-02-07 13:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-11 11:19 - 2015-12-28 11:51 - 00000000 ____D C:\Users\Adam
2016-03-10 17:14 - 2014-09-10 02:06 - 00000000 ____D C:\Users\Adam\AppData\Local\Packages
2016-03-10 04:21 - 2015-11-06 13:44 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-09 13:22 - 2016-01-25 00:45 - 00000000 ____D C:\Users\Adam\AppData\Local\Eclipse
2016-03-09 13:22 - 2016-01-25 00:39 - 00000000 ____D C:\Users\Adam\.p2
2016-03-09 12:46 - 2016-01-25 00:45 - 00000000 ____D C:\Users\Adam\workspace
2016-03-09 09:40 - 2014-11-12 19:22 - 00000000 ____D C:\Users\Adam\Desktop\Tor Browser
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 21:07 - 2014-11-18 12:39 - 00000000 ____D C:\Program Files (x86)\Connectify
2016-02-28 12:03 - 2016-01-25 00:39 - 00000000 ____D C:\Users\Adam\.eclipse
2016-02-26 23:36 - 2014-12-01 18:11 - 00000000 ____D C:\Users\Adam\AppData\Roaming\gnupg
2016-02-26 22:29 - 2014-12-01 18:24 - 00003205 _____ C:\Users\Adam\Documents\key.txt
2016-02-26 22:29 - 2014-12-01 18:14 - 00000000 ____D C:\Users\Adam\AppData\Local\gtk-2.0
2016-02-20 03:34 - 2014-10-14 01:31 - 00000000 ____D C:\Users\Adam\AppData\Local\4B7441F0-2CEA-46AD-9F7F-F24D68D575CD.aplzod

==================== Files in the root of some directories =======

2015-06-28 19:03 - 2015-06-28 19:04 - 0010240 _____ () C:\Users\Adam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-26 23:41 - 2016-02-26 23:41 - 0000705 _____ () C:\Users\Adam\AppData\Local\recently-used.xbel
2015-01-28 00:56 - 2015-01-28 00:56 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-28 11:46 - 2015-12-28 11:46 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-09 17:26

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Adam (2016-03-19 11:38:23)
Running from C:\Users\Adam\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-28 16:28:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Adam (S-1-5-21-3719852253-1006456788-3136384108-1001 - Administrator - Enabled) => C:\Users\Adam
Administrator (S-1-5-21-3719852253-1006456788-3136384108-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3719852253-1006456788-3136384108-503 - Limited - Disabled)
Guest (S-1-5-21-3719852253-1006456788-3136384108-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3719852253-1006456788-3136384108-1003 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Out of date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.4 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{CF297F45-BB2C-4454-AEDA-EFAB01AFDCE3}) (Version: 0.9.24.4196 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.1.0.35473 - Connectify)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\{764E68FE-C2F9-410E-90A8-CE7F8B9A36E2}) (Version: 2.03.0204 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 19.0.15.2 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{66F942CD-BCA2-4D4C-84B8-8B6B09F9CE5D}) (Version: 1.2.1004.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
DIRECTV Player (HKLM-x32\...\{437f5443-c052-432c-b1e7-abd9bc5cabdb}) (Version: 11.0 - DIRECTV)
DishWorld (HKLM-x32\...\{4B261F51-A7E7-471D-A72F-7296777197A4}) (Version: 2.7.162 - Echostar)
ESET NOD32 Antivirus (HKLM\...\{D6885DDE-4632-4640-A3BB-13C9F02CE81C}) (Version: 8.0.312.0 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Gpg4win (2.2.3) (HKLM-x32\...\GPG4Win) (Version: 2.2.3 - The Gpg4win Project)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iCloud (HKLM\...\{B33C558F-772F-4308-A059-390FBF9BAAAE}) (Version: 5.0.2.61 - Apple Inc.)
iFunbox (v2.9.2421.748), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.9.2421.748 - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
iTunes (HKLM\...\{E690A491-702F-4DEC-9977-C015D1DBB57C}) (Version: 12.3.1.23 - Apple Inc.)
Java 8 Update 72 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418072F0}) (Version: 8.0.720.15 - Oracle Corporation)
Java SE Development Kit 8 Update 72 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180720}) (Version: 8.0.720.15 - Oracle Corporation)
Kodi (HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Kodi) (Version: - XBMC-Foundation)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4787.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MKVToolNix 7.2.0 (32bit) (HKLM-x32\...\MKVToolNix) (Version: 7.2.0 - Moritz Bunkus)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
Music Manager (HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\MusicManager) (Version: - Google, Inc.)
My Dell Client Framework (HKLM-x32\...\InstallShield_{05F1B866-2372-4E82-9AA8-C64FB11CEF8B}) (Version: 1.0.0.3 - Dell)
My Dell Client Framework (x32 Version: 1.0.0.3 - Dell) Hidden
Octoshape Streaming Services (HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\Octoshape Streaming Services) (Version: - Octoshape ApS)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4787.1002 - Microsoft Corporation) Hidden
Plex Media Server (HKLM-x32\...\{24f6f734-f790-479b-bd0f-38409a456508}) (Version: 0.9.1219 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.1219 - Plex, Inc.) Hidden
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.21 - Dell Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
RuneScape Launcher 1.2.7 (HKLM-x32\...\{FA52A2D0-298E-4D40-8BB7-39928627EA6A}) (Version: 1.2.7 - Jagex Ltd)
Shark007 Advanced Codecs (HKLM-x32\...\{8C0CAA7A-3272-4991-A808-2C7559DE3409}) (Version: 4.7.8 - Shark007)
Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 2.1.6 - Shark007)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.11.0052 - ST Microelectronics)
System Requirements Lab Detection (HKLM-x32\...\{7CC4A51A-7331-4714-B8F0-23E385D25308}) (Version: 6.1.6.0 - Husdawg, LLC)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
Vistumbler (HKLM-x32\...\Vistumbler) (Version: v10 - Vistumbler.net)
VMware Horizon View Client (HKLM\...\{EBE23A79-2626-4B4B-86A8-97230F06A5B3}) (Version: 3.0.0.19696 - VMware, Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
x64 Components v4.7.8 (HKLM\...\Advanced x64Components_is1) (Version: 4.7.8 - Shark007)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Adam\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{E86236DE-9BD2-42b7-86F6-A829D8EC768C}\InprocServer32 -> C:\Users\Adam\AppData\Local\DIRECTV Player\win64\npPlayerPlugin64.dll (Cisco)
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0590A634-13F1-4B89-9FD2-C74D4823CABA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0753DC61-603E-456B-9893-CCBF3B0E56EE} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
Task: {07C60F9B-0A3B-4BFE-8357-1ED63B1B515F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B802554-85F9-42B1-BB4E-22017C8BB0F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {181DD156-D51A-4A63-912F-CAE7C69A4EAD} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-12] (Adobe Systems Incorporated)
Task: {1B727184-8352-401A-8D23-B754DA9A7306} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-3719852253-1006456788-3136384108-1001
Task: {1B859149-C48E-4CD7-8AB1-F7C9D0CCB579} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {20A80344-AFF4-4CFA-A901-CFA8F1B3BE0E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-16] (Microsoft Corporation)
Task: {226891AD-8BAA-4B1F-BB6C-5E78637BC456} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {2C93D267-3217-421F-98A1-7DB04A6D9F15} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3719852253-1006456788-3136384108-1001Core => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {3EB7596F-93FC-4299-B7AF-52F96BBCECB6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {53EDD598-CAF2-4E4A-B9C3-B9CC9BDB104B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {57EB679C-6D0F-43DB-9FE0-EDBAD29738BB} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5CA7895C-0777-4B62-96EC-280FFBC07ED7} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {60FCC42E-5D44-4A77-AA27-C1ADF3EA3CFE} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-01-21] (Microsoft Corporation)
Task: {6B0D2515-FEBA-46B8-9D93-86DB00DE74A2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {71854257-B5B8-449F-882C-BEAC1AE1DDA7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
Task: {74EFCB31-426D-4E44-A11D-9FD4A278066E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-07-16] (Synaptics Incorporated)
Task: {7A708735-B7E2-4A1C-BF9F-E2DA16AF6F25} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {831CCA1C-CC81-45AC-AC14-9BFE472513CD} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {90658F3E-1DB9-4BEA-B68D-2C9B59B0DA6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {9647AEA7-D8A1-42FB-B616-D2DA74690E5C} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {A3B9F21B-EE5C-4A62-9F30-5CA12FE45E6B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-29] (Microsoft Corporation)
Task: {B2B43951-9042-4CAB-91F6-013C6C14BCE5} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-02-19] (Aviata Inc)
Task: {BDCB791A-23A0-406D-8C74-36BA95EBF39A} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {C5927107-9938-447A-B35A-26F457F9D33A} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C6F83E43-596E-4555-927E-69087A6C03E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C89F3BE6-562F-4E48-A4A7-FDFA4244ABA1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CBAA455A-5FF3-486C-96EB-870A95675DED} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3719852253-1006456788-3136384108-1001UA => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {CDB401AD-2842-47EE-82FD-6AB9BF80C36A} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-12-23] (Microsoft Corporation)
Task: {D1938CA7-16F9-46F4-9219-401149871A42} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D4065857-DCE0-4C30-86DF-9F6FAAEDA6FD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {D549A976-AFC7-4023-9689-5AF87E237738} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DE2C16AA-0DB0-450B-9DA2-9970250FBB98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E0E40ABE-3F40-4C71-A89C-004F91398C55} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {F86D7993-DCFD-4F6B-BEF3-01DD9D6E94A3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3719852253-1006456788-3136384108-1001Core.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3719852253-1006456788-3136384108-1001UA.job => C:\Users\Adam\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-13 05:45 - 2015-10-13 05:45 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2014-11-25 15:25 - 2014-11-25 15:25 - 00216576 _____ () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
2014-09-10 02:49 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-12-28 14:30 - 2015-12-28 14:30 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-28 14:30 - 2015-12-28 14:30 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-12-28 14:30 - 2015-12-28 14:30 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-29 15:12 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-28 22:17 - 2016-01-28 22:18 - 19119104 _____ () C:\Users\Adam\Desktop\adbFire\adbFire.exe
2016-01-28 22:17 - 2015-11-07 05:22 - 01011200 _____ () C:\Users\Adam\Desktop\adbFire\adb.exe
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2016-01-25 00:43 - 2015-09-04 01:56 - 00312832 _____ () C:\Users\Adam\eclipse\java-mars\eclipse\eclipse.exe
2016-01-25 00:40 - 2015-06-02 21:12 - 00058368 _____ () C:\Users\Adam\.p2\pool\plugins\org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.300.v20150602-1417\eclipse_1611.dll
2016-01-25 00:45 - 2016-01-25 00:45 - 00044032 _____ () C:\Users\Adam\eclipse\java-mars\eclipse\configuration\org.eclipse.osgi\83\0\.cp\jWinHttp-1.0.0.dll
2016-01-25 00:50 - 2016-01-25 00:50 - 00055296 _____ () C:\Users\Adam\eclipse\java-mars\eclipse\configuration\org.eclipse.osgi\80\0\.cp\os\win32\x86_64\localfile_1_0_0.dll
2016-01-22 14:24 - 2016-01-22 14:25 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-28 14:30 - 2015-12-28 14:30 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-28 14:30 - 2015-12-28 14:30 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 15:36 - 2016-01-04 21:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:36 - 2016-01-04 21:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 12:00 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 12:00 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-09-16 14:51 - 2014-09-16 14:51 - 01387880 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
1999-12-31 20:00 - 2016-03-09 09:44 - 02420224 _____ () C:\Users\Adam\Desktop\Tor Browser\Browser\TorBrowser\Tor\tor.exe
2014-11-25 15:11 - 2014-11-25 15:11 - 00221184 _____ () C:\Program Files (x86)\GNU\GnuPG\libksba-8.dll
2014-11-25 14:57 - 2014-11-25 14:57 - 00050176 _____ () C:\Program Files (x86)\GNU\GnuPG\libw32pth-0.dll
2014-11-25 15:10 - 2014-11-25 15:10 - 00070144 _____ () C:\Program Files (x86)\GNU\GnuPG\libassuan-0.dll
2014-11-25 15:13 - 2014-11-25 15:13 - 00742912 _____ () C:\Program Files (x86)\GNU\GnuPG\libgcrypt-20.dll
2014-11-25 15:05 - 2014-11-25 15:05 - 00038400 _____ () C:\Program Files (x86)\GNU\GnuPG\libgpg-error-0.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2015-10-13 05:45 - 2015-10-13 05:45 - 00237328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2015-10-13 05:46 - 2015-10-13 05:46 - 01040144 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00117248 _____ () C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00234496 _____ () C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-11-17 13:45 - 2015-11-17 13:45 - 00253440 _____ () C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-11-17 13:44 - 2015-11-17 13:44 - 00344064 _____ () C:\Users\Adam\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00838792 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00049800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00086664 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 01883272 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc249.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 02092680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\opencv_core249.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00502920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00072840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00196232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2015-12-05 11:21 - 2015-12-05 11:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00027784 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00018568 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00034952 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00836232 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2015-11-06 14:58 - 2015-11-06 14:58 - 00192136 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00081544 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00111240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2015-11-06 14:58 - 2015-11-06 14:58 - 00689800 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2015-10-29 15:12 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2016-02-09 18:07 - 2016-02-09 07:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-09 18:07 - 2016-02-09 07:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2014-11-18 12:39 - 2015-07-21 12:13 - 00715000 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2014-11-21 11:17 - 2014-11-21 11:17 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2015-10-29 15:12 - 2015-09-01 08:25 - 08901184 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\1033\GrooveIntlResource.dll
2015-03-16 14:47 - 2015-05-05 04:30 - 01286312 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\PPRESOURCES.DLL
2016-01-22 14:24 - 2016-01-22 14:25 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 14:24 - 2016-01-22 14:25 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-11-21 11:22 - 2014-11-21 11:22 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-09-16 14:51 - 2014-09-16 14:51 - 11475296 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\PCShowServer.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 00339296 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\ndsLogStore.dll
2014-09-16 14:51 - 2014-09-16 14:51 - 02948448 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\DrmSingleton.dll
2014-09-16 14:51 - 2014-09-16 14:51 - 02106728 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 00689000 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 00205672 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\libgstbase-0.10.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 00060272 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\libgstinterfaces-0.10.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 00043880 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\libgstvideo-0.10.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 00044896 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\libgstapp-0.10.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 01403224 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\libxml2-2.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 00091976 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\z.dll
2014-09-16 14:52 - 2014-09-16 14:52 - 08296288 _____ () C:\Users\Adam\AppData\Local\DIRECTV Player\gsttspplugin.dll
1999-12-31 20:00 - 1999-12-31 20:00 - 00092599 _____ () C:\Users\Adam\Desktop\Tor Browser\Browser\libssp-0.dll
1999-12-31 20:00 - 2016-01-28 14:50 - 00719217 _____ () C:\Users\Adam\Desktop\Tor Browser\Browser\TorBrowser\Tor\libevent-2-0-5.dll
1999-12-31 20:00 - 1999-12-31 20:00 - 00523262 _____ () C:\Users\Adam\Desktop\Tor Browser\Browser\TorBrowser\Tor\libgcc_s_sjlj-1.dll
1999-12-31 20:00 - 1999-12-31 20:00 - 00092599 _____ () C:\Users\Adam\Desktop\Tor Browser\Browser\TorBrowser\Tor\libssp-0.dll
1999-12-31 20:00 - 1999-12-31 20:00 - 00107520 _____ () C:\Users\Adam\Desktop\Tor Browser\Browser\TorBrowser\Tor\zlib1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\StartupApproved\Run: => "Octoshape Streaming Services"
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\...\StartupApproved\Run: => "Google Update"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{48A93027-59DF-43A7-81E0-A838360C4C75}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{4E6BA65D-B9E3-43C4-8CCA-BA895440E455}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{5DABBBB1-8A44-46BD-A7B3-75FD911FF1DE}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{06A1B455-69D4-43D0-BFFA-AEF26515708A}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{51C0EE72-841E-4DFF-87C2-0ED9BAAD16BD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{23B8D0CA-72C5-46B9-B7CF-2986D3405E11}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{BC635142-9393-41A5-95D5-DA2D33137C69}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{86019359-F2F1-4C0F-90C3-ED8244AC637F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{019221C0-4EEE-49B7-9928-E16E7DD97CE8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{149582AF-476F-4374-B6E8-CEDDC91681FA}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E01B1019-C071-45ED-A4CC-801AEDC2C302}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{76A64894-6E14-4EE6-9642-F0C6B609E5FF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E3A163B9-FF1C-48E8-AB5A-18E7E87FCBBD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{18ACBAF3-AD7F-404A-8422-A4AF60A40661}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D9CA3B26-0CA8-4A88-A9C0-415784F6DB35}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B0C9F804-FC6B-4557-90D5-5CAEBA721FC3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{34B9E815-AECC-458F-A09E-28291874FF4C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{422600E3-86B2-4723-8E5D-759F6F023BA3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{8268FFB2-61A8-43D7-B57C-9BEF16FEF559}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{32A00631-5633-4350-8A36-643685F7BD32}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{BBC3B60D-3941-47BB-8243-E7B6882F85D9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{E75C064A-B032-49CD-883F-0B8B9249B171}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2663D122-95DF-4673-BBEA-8EEF4EEC57CA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F3DFBA48-6162-4AD9-B47B-B27DD47483C8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{678AA46D-DCE9-41B9-8536-FEBD9A6E27E3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{178A2F99-022A-4211-9953-12EBDC65BF7B}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{295D8272-F5B4-4A2D-9A71-0C10EA737C77}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{1276EE03-DA41-4590-A996-E63B26B5A903}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{28EA6CB3-170D-4944-AAA2-639C23726B76}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{3F5EBFD4-DB67-4986-B2BA-1D5C6C7AD8CF}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{9EFCA110-9E14-420E-9FF2-EF7CD7DDC0FC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-remotemks.exe
FirewallRules: [{82675C38-B238-4784-8213-CB608B571AEC}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{4B8A4820-FEBA-4F87-B97A-57026FB3BD0C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{77CBB123-33DD-41D5-A1F2-154BF8CD386C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{ED5434BE-8E58-409C-8D4A-835653D121C9}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{2EA7B803-D312-4C1C-8B23-165C29007862}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{5B52FD81-08DC-48F7-991D-B2FB42DC147C}] => (Allow) C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
FirewallRules: [{09D777B6-31D5-41F8-9AA9-34DF7631369F}] => (Allow) C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7579F81F-254D-461C-BB52-3F64E5C89D70}] => (Allow) C:\Users\Adam\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{D7F43188-05C7-47AC-9E45-AF188AFF9E1C}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{B17996B1-1026-4D4C-84AA-2BCE697FD75D}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{42275D03-4AAF-40BF-B51D-16C2EBA11FDE}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{98AF94F2-B1E0-48AF-9D68-E7375C587CA6}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{6B26862F-C422-4D8B-AD78-942FD1A05E07}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{A048EEA4-509D-4AEB-8A90-6FEC2FF38239}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{48CBD45C-4BD1-4709-AB9C-C37DE77C3F3D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{6329DFF1-63F1-4C67-9ADE-A92BA37C59AF}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [TCP Query User{8993AB8E-554D-40B4-B19B-D9A704ACBCC1}C:\users\adam\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\adam\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{0AB2655C-E58F-4921-96A9-CEC119F113CB}C:\users\adam\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\adam\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{813B9AC8-26F7-4934-9CE7-D1C9AB3D0521}] => (Block) C:\users\adam\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{0D4FD290-1919-4FBA-B8DF-9DF00C3C8BCC}] => (Block) C:\users\adam\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{7E6DD5C0-D34A-4442-8DEC-D5C645C7BC2E}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
FirewallRules: [{59C720EF-52AE-4677-A3CC-F50E89F526DE}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{26B56985-79D9-4757-A17D-BD79C08C969A}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{8CF3231C-5A77-4640-AF1C-09C99F6262DF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C79FF838-53BD-422B-A269-37CA38FDC38F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{76A4E382-5B8B-402A-B048-4498AA5A3D1E}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{2803065C-D14C-48FE-8F4D-D7FD607CCEB3}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{D3738C93-D851-461C-9DCD-C2775003B362}C:\users\adam\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\adam\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [UDP Query User{F4AA86E1-605C-4727-9464-63F26A9C6F05}C:\users\adam\appdata\roaming\utorrent\updates\3.4.3_40298.exe] => (Allow) C:\users\adam\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [{1A64CF91-0F9D-4AB7-B608-AA92050FA3DD}] => (Block) C:\users\adam\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [{971799D4-F65D-42D9-A438-FD5131F8D7E4}] => (Block) C:\users\adam\appdata\roaming\utorrent\updates\3.4.3_40298.exe
FirewallRules: [TCP Query User{D0AEC3B0-5598-411F-A956-1193776D443D}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A1694249-86A8-4B61-A46E-EDFFD977DAE3}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{808A4A06-BD15-4BCC-96F5-21DBE2253FBE}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{292BB21A-3EB6-4BA0-A9D7-5E5123B070C2}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{EDB4DEF4-4E59-4945-97DD-BB52579C080A}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{C3FFF657-A833-4931-B61C-3BDFB02F7DA1}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [TCP Query User{52101832-F2CF-436D-AD4B-B63816CBB55A}C:\users\adam\eclipse\java-mars\eclipse\eclipse.exe] => (Allow) C:\users\adam\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [UDP Query User{D8DF8564-D1DD-4A6B-8F85-51C3FEAAF4EA}C:\users\adam\eclipse\java-mars\eclipse\eclipse.exe] => (Allow) C:\users\adam\eclipse\java-mars\eclipse\eclipse.exe
FirewallRules: [{2F5D1067-B391-4A23-B541-803E0540FC29}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

28-01-2016 13:08:21 Windows Update
07-02-2016 01:42:29 Scheduled Checkpoint
10-02-2016 12:01:01 Windows Update
13-02-2016 12:13:25 Windows Update
04-03-2016 18:37:41 Windows Update
11-03-2016 11:17:29 Installed RuneScape Launcher 1.2.7
16-03-2016 22:09:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/19/2016 10:37:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 13 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR AdamC.local.

Error: (03/19/2016 10:37:40 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 0000:0000:0000:0000:0000:0000:0000:0001:5353 15 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa. PTR AdamC-2.local.

Error: (03/19/2016 10:35:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.D.2.2.2.E.3.2.B.A.5.1.E.7.4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR AdamC-2.local.

Error: (03/19/2016 10:35:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.65:5353 13 7.D.2.2.2.E.3.2.B.A.5.1.E.7.4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR AdamC.local.

Error: (03/19/2016 10:35:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 65.0.0.10.in-addr.arpa. PTR AdamC-2.local.

Error: (03/19/2016 10:35:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.65:5353 13 65.0.0.10.in-addr.arpa. PTR AdamC.local.

Error: (03/19/2016 10:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname AdamC.local already in use; will try AdamC-2.local instead

Error: (03/19/2016 10:35:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 AdamC.local. Addr 10.0.0.65

Error: (03/19/2016 10:35:04 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 10.0.0.65:5353 16 AdamC.local. AAAA 2601:018A:4000:1FE6:347E:15AB:23E2:22D7

Error: (03/18/2016 09:04:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding 15 7.D.2.2.2.E.3.2.B.A.5.1.E.7.4.3.0.0.0.0.0.0.0.0.0.0.0.0.0.8.E.F.ip6.arpa. PTR AdamC-2.local.


System errors:
=============
Error: (03/19/2016 10:45:18 AM) (Source: DCOM) (EventID: 10016) (User: ADAMC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}AdamCAdamS-1-5-21-3719852253-1006456788-3136384108-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (03/19/2016 10:36:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {0134A8B2-3407-4B45-AD25-E9F7C92A80BC}

Error: (03/19/2016 10:21:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {0134A8B2-3407-4B45-AD25-E9F7C92A80BC}

Error: (03/19/2016 09:56:46 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {0134A8B2-3407-4B45-AD25-E9F7C92A80BC}

Error: (03/18/2016 09:07:26 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/18/2016 10:03:39 AM) (Source: DCOM) (EventID: 10010) (User: ADAMC)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider

Error: (03/18/2016 09:53:41 AM) (Source: DCOM) (EventID: 10010) (User: ADAMC)
Description: CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca

Error: (03/18/2016 09:51:26 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the FDResPub service.

Error: (03/16/2016 10:28:00 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the DellDataVault service.

Error: (03/16/2016 10:18:51 PM) (Source: DCOM) (EventID: 10010) (User: ADAMC)
Description: App.AppXy9rh3t8m2jfpvhhxp6y2ksgeq77vymbq.mca


CodeIntegrity:
===================================
Date: 2016-03-05 20:16:48.715
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-11 02:22:50.211
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-10 10:40:13.450
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-09 17:12:22.911
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-28 13:25:07.811
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-15 11:20:31.985
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-10 16:07:51.454
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 12:36:13.667
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-06 04:29:08.523
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-01-05 21:46:18.050
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 86%
Total physical RAM: 3979.2 MB
Available physical RAM: 537.99 MB
Total Virtual: 13740.62 MB
Available Virtual: 2118.95 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.82 GB) (Free:251.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D7C02B0F)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by Oh My!, 21 March 2016 - 05:52 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 21 March 2016 - 06:17 PM

Greetings adamcor and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at BleepingComputer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Looks like you are tapping out your available memory:

Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 86%


Can you tell me how your computer performs in Safe Mode with Networking?

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001 -> DefaultScope {7ED8DB49-14AC-4A47-A296-30FA16905ADC} URL =
SearchScopes: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001 -> {7ED8DB49-14AC-4A47-A296-30FA16905ADC} URL =
S2 WavesSysSvc; "C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe" [X]
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0590A634-13F1-4B89-9FD2-C74D4823CABA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {07C60F9B-0A3B-4BFE-8357-1ED63B1B515F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B802554-85F9-42B1-BB4E-22017C8BB0F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3EB7596F-93FC-4299-B7AF-52F96BBCECB6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {53EDD598-CAF2-4E4A-B9C3-B9CC9BDB104B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C5927107-9938-447A-B35A-26F457F9D33A} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C6F83E43-596E-4555-927E-69087A6C03E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C89F3BE6-562F-4E48-A4A7-FDFA4244ABA1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1938CA7-16F9-46F4-9219-401149871A42} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D4065857-DCE0-4C30-86DF-9F6FAAEDA6FD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DE2C16AA-0DB0-450B-9DA2-9970250FBB98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E0E40ABE-3F40-4C71-A89C-004F91398C55} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Launch FRST
  • Copy/paste the following in the Search Field
chrome.exe
  • Click Search File(s) button
  • When completed click OK and a Search.txt document will open on your desktop
  • Copy and paste the contents of that document your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Safe Mode?
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 adamcor

adamcor
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 March 2016 - 12:15 AM

  • Thanks for your prompt reply!  I've just finished all of your steps.  Here is the contents from the first search of chrome.exe.  I was not sure if you needed that.
Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Adam (2016-03-22 00:15:47)
Running from C:\Users\Adam\Desktop
Boot Mode: Normal
 
================== Search Files: "chrome.exe" =============
 
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
[2014-09-10 02:20][2016-03-07 22:48] 0874136 ____A (Google Inc.) C8A299BB91912D446F19EA4BD4D135C7 [File is digitally signed]
 
====== End of Search ======
  • Safe Mode? First, I ran my laptop in safe mode.  It basically would act the same as normal but startup was a bit faster.
  • Fixlog:
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Adam (2016-03-21 23:46:45) Run:1
Running from C:\Users\Adam\Desktop
Loaded Profiles: Adam (Available Profiles: Adam)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001 -> DefaultScope {7ED8DB49-14AC-4A47-A296-30FA16905ADC} URL =
SearchScopes: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001 -> {7ED8DB49-14AC-4A47-A296-30FA16905ADC} URL =
S2 WavesSysSvc; "C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe" [X]
R3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Adam\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
Task: {0590A634-13F1-4B89-9FD2-C74D4823CABA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {07C60F9B-0A3B-4BFE-8357-1ED63B1B515F} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0B802554-85F9-42B1-BB4E-22017C8BB0F6} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3EB7596F-93FC-4299-B7AF-52F96BBCECB6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {53EDD598-CAF2-4E4A-B9C3-B9CC9BDB104B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C5927107-9938-447A-B35A-26F457F9D33A} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {C6F83E43-596E-4555-927E-69087A6C03E4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {C89F3BE6-562F-4E48-A4A7-FDFA4244ABA1} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D1938CA7-16F9-46F4-9219-401149871A42} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D4065857-DCE0-4C30-86DF-9F6FAAEDA6FD} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DE2C16AA-0DB0-450B-9DA2-9970250FBB98} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E0E40ABE-3F40-4C71-A89C-004F91398C55} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3719852253-1006456788-3136384108-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7ED8DB49-14AC-4A47-A296-30FA16905ADC}" => key removed successfully
HKCR\CLSID\{7ED8DB49-14AC-4A47-A296-30FA16905ADC} => key not found. 
WavesSysSvc => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => Unable to stop service.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
"HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}" => key removed successfully
"HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
"HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
"HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
"HKU\S-1-5-21-3719852253-1006456788-3136384108-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0590A634-13F1-4B89-9FD2-C74D4823CABA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0590A634-13F1-4B89-9FD2-C74D4823CABA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{07C60F9B-0A3B-4BFE-8357-1ED63B1B515F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{07C60F9B-0A3B-4BFE-8357-1ED63B1B515F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B802554-85F9-42B1-BB4E-22017C8BB0F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B802554-85F9-42B1-BB4E-22017C8BB0F6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3EB7596F-93FC-4299-B7AF-52F96BBCECB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3EB7596F-93FC-4299-B7AF-52F96BBCECB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53EDD598-CAF2-4E4A-B9C3-B9CC9BDB104B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53EDD598-CAF2-4E4A-B9C3-B9CC9BDB104B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C5927107-9938-447A-B35A-26F457F9D33A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C5927107-9938-447A-B35A-26F457F9D33A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6F83E43-596E-4555-927E-69087A6C03E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6F83E43-596E-4555-927E-69087A6C03E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C89F3BE6-562F-4E48-A4A7-FDFA4244ABA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C89F3BE6-562F-4E48-A4A7-FDFA4244ABA1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1938CA7-16F9-46F4-9219-401149871A42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1938CA7-16F9-46F4-9219-401149871A42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D4065857-DCE0-4C30-86DF-9F6FAAEDA6FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4065857-DCE0-4C30-86DF-9F6FAAEDA6FD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE2C16AA-0DB0-450B-9DA2-9970250FBB98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE2C16AA-0DB0-450B-9DA2-9970250FBB98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0E40ABE-3F40-4C71-A89C-004F91398C55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0E40ABE-3F40-4C71-A89C-004F91398C55}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 23:50:08 ====
 
  • AdwCleaner log:
# AdwCleaner v5.105 - Logfile created 22/03/2016 at 00:38:05
# Updated 21/03/2016 by Xplode
# Database : 2016-03-21.3 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Adam - ADAMC
# Running from : C:\Users\Adam\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage
[-] File Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bmnlcjabgnpnenekpadlanbbkooimhnj_0.localstorage-journal
[-] File Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bmnlcjabgnpnenekpadlanbbkooimhnj
[-] File Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.petango.com_0.localstorage
[-] File Deleted : C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.petango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\C3F6D7A0BA2FDE84EB329997B1FF786D
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bmnlcjabgnpnenekpadlanbbkooimhnj
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [2684 bytes] - [22/03/2016 00:38:05]
C:\AdwCleaner\AdwCleaner[S1].txt - [2742 bytes] - [22/03/2016 00:33:23]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2830 bytes] ##########
 
  • Junkware log:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64 
Ran by Adam (Administrator) on Tue 03/22/2016 at  0:49:56.83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 6 
 
Successfully deleted: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmnlcjabgnpnenekpadlanbbkooimhnj (Folder) 
Successfully deleted: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio (Folder) 
Successfully deleted: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage-journal (File) 
Successfully deleted: C:\Users\Adam\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_gkojfkhlekighikafcpjkiklfbnlmeio_0.localstorage (File) 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 03/22/2016 at  0:54:33.99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
  • System Summary Information

I have attached the Summary file.

 

  • Update on computer behavior

My laptops speed has already seemed to increase.  Just going through those two automatic restarts from the programs you had me run made me realize the increased speed.  Also, when I opened up Chrome after restart, all of my tabs loaded up nice and quick.  Which is definitely not a normal thing.  I've sometimes had to wait up to 20 minutes to get everything all set after a restart.  I would dread it.

Utorrent has now also been deleted from my computer.  Shamefully enough I'll admit that I used to download movies with it and stream them onto my tv via Plex.  I have since moved on to Kodi now and pay for most of my content haha.

 

If there is anything else you would like me to do please don't hesitate to let me know and thanks again!

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 22 March 2016 - 09:14 AM

Greetings,

Glad to hear we have made some progress.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft reoprt
  • Security check report
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 adamcor

adamcor
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 March 2016 - 07:35 PM

  • Emsisoft reoprt

Emsisoft Emergency Kit - Version 11.0
Last update: 3/22/2016 8:14:13 PM
User account: ADAMC\Adam
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 3/22/2016 8:15:15 PM
C:\Users\Adam\Desktop\adbFire\tr.apk -> classes.dex detected: Android.Riskware.Rooter.I (B)
 
Scanned 96146
Found 1
 
Scan end: 3/22/2016 8:25:04 PM
Scan time: 0:09:49
 
  • Security check report

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 8.0   
Windows Defender           
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java version 32-bit out of Date! 
 Adobe Flash Player 21.0.0.182  
 Mozilla Firefox (43.0.1) 
 Google Chrome (48.0.2564.109) 
 Google Chrome (49.0.2623.87) 
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus ekrn.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
  • Update on computer performance

Still as stable as before.  I'm really starting to notice the improved wake up times when I open my laptop.  Nearly instant now!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 22 March 2016 - 07:41 PM

Very good. Do you have any other questions or concerns before I post some final information?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 adamcor

adamcor
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 22 March 2016 - 09:55 PM

Not really, nothing else seems to be slowing down my computer.  If you could suggest a good anti virus and malware tool I should stick to and maybe your preferred Chrome addons for protection?  Thanks!



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 22 March 2016 - 10:11 PM

There are a variety of free Antivirus programs to choose from. Of course you could pay for a program as well. Below is some other general security information to consider in order to keep your computer safe.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,627 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:03 AM

Posted 23 March 2016 - 09:25 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users