Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Found JS/Tadtruss, then Interyield.jmp9.com sites, and now slow


  • This topic is locked This topic is locked
17 replies to this topic

#1 JeopardyTempest

JeopardyTempest

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 14 April 2016 - 02:45 AM

(Windows 8.1 x64)
I was browsing for help on a programming issue (Auto Hot Key), when one of the Google links I clicked on came up "this is a reported attack page".
I didn't allow it to enter, but started hearing my disk working anyways.  Looked through processes on Task Manager, which I regularly watch, and saw a few that stood out as previously unseen... nissrv, aertsv64, and heciserver.  Tried to kill any I could.
Also looked through %TMP% and %APPDATA% for any suspicious files... perhaps deleted a few I was unsure of, but nothing stood out as new\peculiar, just mainly browser\excel\etc temp files and whatnot.
But a few moments later Windows Defender came up notifying me of a Trojan:JS/Tadtruss.A infection.

I ran MBAM, updated, and scanned, and ran a Windows Defender scan, both came back clean (though perhaps a little quicker than usual??).  Also noticed one of the Malwarebyte Anti-Malware processes didn't have any program-specific icon, though I'm pretty sure that's something I've seen before.
Looked through Event Viewer for the first time in a while, and found quite a lot of errors... though most with no indication they were newly occurring.
But came across:
"Problem signature:
P1: mbamservice.exe
P2: 3.2.21.0
P3: 6.3.9600.2.0.0
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Attached files:
C:\Users\Shane\AppData\Local\Temp\RDRE2E3.tmp\empty.txt

These files may be available here:


Analysis symbol:
Rechecking for solution: 0
Report Id: 0e7edf83-01e5-11e6-82bf-645a04bfaad2
Report Status: 0
Hashed bucket: 4f22a54f70dad9becc05c53abb0ab160"
which made me a bit suspicious.


Anyways, felt perhaps I had averted the threat by reacting quickly, though was keeping an eye on things closely, and still researching some of the peculiarities when I opened a few more links from Yahoo Sports and MBAM reported malicious websites.
"Detection, 4/14/2016 1:19 AM, SYSTEM, SHANELAPTOP, Protection, Malicious Website Protection, IP, 162.209.114.244, interyield.td553.com, 58415, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/14/2016 1:19 AM, SYSTEM, SHANELAPTOP, Protection, Malicious Website Protection, IP, 162.209.114.244, interyield.td553.com, 58415, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/14/2016 1:19 AM, SYSTEM, SHANELAPTOP, Protection, Malicious Website Protection, IP, 162.209.114.244, interyield.td553.com, 58418, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe,
Detection, 4/14/2016 1:19 AM, SYSTEM, SHANELAPTOP, Protection, Malicious Website Protection, IP, 162.209.114.244, interyield.td553.com, 58564, Outbound, C:\Program Files (x86)\Mozilla Firefox\firefox.exe"

Certainly something awry.  At least it looked like variants that were older and less serious, but seemingly indicative of a bigger problem.  Decided I should run JRT.  Happily it found a few things...


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 8.1 x64
Ran by Shane (Administrator) on Thu 04/14/2016 at  1:39:58.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)

Deleted the following from C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\6y65x6hi.default\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 3

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6D773755-AD5D-4727-B5ED-BCF55853FCAB} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/14/2016 at  1:47:11.53
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


But after it completed, I restarted (I'd also ran Windows Update [which hadn't been done in about a month], and figured with apps closed, it was a good time to do it)
However upon restart, it started dragging miserably through the entire startup process, earlier than where it would usually catch if processing Windows Updates.  Probably took 5-10 minutes to startup.  And a few things are a bit sluggish even after starting.
Computer has been a bit slow forever, but never saw any particular indications that it was a virus... seemed to have touchpad issues, but it was physically jamming at times, so considered it of no significance... and Explorer windows would sometimes freeze up, but with PostGIS and Tiger geocoder db installed, figured it was perhaps something along those lines, or just an app or two slowing things down.

Couple other things I've just noticed...
 > When I ran cmd as administrator... it oddly will flash to the desktop for a brief instant before opening.  Perhaps it's nothing, just weird looking.  Put a camera capture of it on YouTube if you wish to see what I mean: Perhaps it's just a 3rd party app, like Ditto's clipboard manager causing it, but weird since I use CMD fairly regularly for this or that, and haven't noticed it before.
 > In the Taskbar under show hidden icons, it shows a blank space for the icon that is for Windows Defender
 
Sorry to go into so much detail, hope that didn't make it more difficult.  It's all just a bunch of little quirks, but maybe something will help you understand.  
At this point, I'm done trying my own things, and at your direction.  I've gotten great help from you guys once or twice through the years, and I really appreciate it.
I did try to get some help with some issues with my dad's computer (which I virtually share my ethernet connection to wirelessly), but didn't have access to it for a long while, and never finished sorting it out.  I'm real sorry to have used what is certainly precious time for you guys, but certainly plan on being aggresive with this.
Thanks!

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-04-2016
Ran by Shane (administrator) on SHANELAPTOP (14-04-2016 02:09:08)
Running from C:\Users\Shane\Downloads
Loaded Profiles: Shane (Available Profiles: Shane & Administrator)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.5\bin\postgres.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Initialize.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
() C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Ditto\Ditto.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Chris Pietschmann (hxxp://pietschsoft.com)) C:\Program Files (x86)\Virtual Router\VirtualRouterClient.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boincmgr.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(World Community Grid) C:\Program Files (x86)\BOINC\boinc.exe
(Space Sciences Laboratory) C:\Program Files (x86)\BOINC\boinctray.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXDetector.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3777696 2014-01-16] (Dell Inc.)
HKLM-x32\...\Run: [boincmgr] => C:\Program Files (x86)\BOINC\boincmgr.exe [3909264 2014-03-25] (World Community Grid)
HKLM-x32\...\Run: [boinctray] => C:\Program Files (x86)\BOINC\boinctray.exe [71312 2014-03-25] (Space Sciences Laboratory)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [133760 2014-01-08] (Qualcomm®Atheros®)
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\Run: [Spotify Web Helper] => C:\Users\Shane\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2355312 2016-02-12] (Spotify Ltd)
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12899840 2015-02-24] (Verizon)
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [36776 2016-01-18] (Glarysoft Ltd)
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\Run: [Ditto] => C:\Program Files\Ditto\Ditto.exe [2087936 2015-10-17] ()
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\MountPoints2: {a4c256f2-2cd1-11e4-8250-806e6f6e6963} - "D:\dvdrun.exe"
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\MountPoints2: {ba34fada-3da4-11e5-827e-645a04bfaad2} - "E:\VerizonSWUpgradeAssistantLauncher.exe"
HKU\S-1-5-21-2960551416-494333216-179184116-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\boinc.scr [972432 2014-03-25] (World Community Grid)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2013-08-22] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2016-01-13]
ShortcutTarget: Virtual Router Manager.lnk -> C:\Windows\Installer\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}\_118D1A4EFFA6998C3492EB.exe ()
Startup: C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShareX.lnk [2015-10-06]
ShortcutTarget: ShareX.lnk -> C:\Program Files\ShareX\ShareX.exe (ShareX Team)
BootExecute: autocheck autochk *  

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{31BA1AB9-3B52-4E93-A6B3-869347F157F6}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{7DC8F7D1-5D47-40A1-96C2-127A8E8C9DC6}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKU\S-1-5-21-2960551416-494333216-179184116-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2960551416-494333216-179184116-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2960551416-494333216-179184116-1001 -> DefaultScope {6D773755-AD5D-4727-B5ED-BCF55853FCAB} URL =
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab

FireFox:
========
FF ProfilePath: C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\6y65x6hi.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-08] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-22] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-08] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll [2015-12-29] (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mesonet.org/WeatherScope,version=1.0 -> C:\Program Files (x86)\Weathersoft\NPWeatherScope32.dll [2014-11-11] (Oklahoma Climatological Survey)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Extension: Hide all Images - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\6y65x6hi.default\extensions\{8935f540-b136-11e0-a00b-0800200c9a66}.xpi [2015-11-16]
FF Extension: DownThemAll! - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\6y65x6hi.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-04]
FF Extension: Check4Change - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\6y65x6hi.default\extensions\check4change-owner@mozdev.org.xpi [2016-03-17]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\6y65x6hi.default\Extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-04-05]
FF Extension: UnMHT - C:\Users\Shane\AppData\Roaming\Mozilla\Firefox\Profiles\6y65x6hi.default\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2015-12-04]

Chrome:
=======
CHR Profile: C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-25]
CHR Extension: (Google Docs) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-25]
CHR Extension: (Google Drive) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
CHR Extension: (YouTube) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
CHR Extension: (Google Cast) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-04-13]
CHR Extension: (Google Search) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
CHR Extension: (Google Sheets) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-25]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-04-13]
CHR Extension: (Google Docs Offline) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Shane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [318592 2014-01-08] (Windows ® Win 7 DDK provider) [File not signed]
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Aviata, Inc.)
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 postgresql-x64-9.5; C:\Program Files\PostgreSQL\9.5\bin\pg_ctl.exe [93696 2016-02-09] (PostgreSQL Global Development Group) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1915920 2014-04-04] (SoftThinks SAS)
S2 SpliCamService; C:\Program Files (x86)\SplitCam\SplitCamService.exe [311424 2014-09-15] (SplitCam Co.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
R2 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (hxxp://pietschsoft.com)) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3881472 2013-12-12] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-01-08] (Qualcomm Atheros)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-24] (OSR Open Systems Resources, Inc.)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-18] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-18] (Windows ® Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2015-10-06] (Glarysoft Ltd)
R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [35832 2014-06-03] (Intel Corporation)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-03] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 scvad_simple; C:\Windows\system32\drivers\SplitCamAudio.sys [23552 2014-06-30] (Windows ® Win 7 DDK provider)
S3 splitcam_hd_driver; C:\Windows\system32\DRIVERS\splitcam_hd_driver.sys [37496 2014-06-30] (Windows ® Win 7 DDK provider)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42664 2015-01-09] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 02:09 - 2016-04-14 02:11 - 00020891 _____ C:\Users\Shane\Downloads\FRST.txt
2016-04-14 02:08 - 2016-04-14 02:09 - 00000000 ____D C:\FRST
2016-04-14 02:07 - 2016-04-14 02:08 - 02375168 _____ (Farbar) C:\Users\Shane\Downloads\FRST64.exe
2016-04-14 02:02 - 2016-04-14 02:02 - 00000000 ___RD C:\Users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2016-04-14 01:59 - 2016-04-05 17:53 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-14 01:59 - 2016-04-05 17:53 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-14 01:47 - 2016-04-14 01:47 - 00001285 _____ C:\Users\Shane\Desktop\JRT.txt
2016-04-14 01:38 - 2016-04-14 01:38 - 01610352 _____ (Malwarebytes) C:\Users\Shane\Downloads\JRT(1).exe
2016-04-13 22:03 - 2016-04-13 22:03 - 19765832 _____ C:\Users\Shane\Downloads\RogueKiller.exe
2016-04-13 04:33 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 04:33 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-04-13 04:33 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-04-13 04:33 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-04-13 04:33 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-04-13 04:33 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 04:33 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-04-13 04:33 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-04-13 04:33 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-04-13 04:33 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-04-13 04:33 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-04-13 04:33 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-04-13 04:33 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-04-13 04:33 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2016-04-13 04:33 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-04-13 04:33 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-04-13 04:33 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-04-13 04:33 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-04-13 04:33 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 04:33 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-04-13 04:33 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 04:33 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-04-13 04:33 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2016-04-13 04:33 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-04-13 04:33 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2016-04-13 04:33 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-04-13 04:33 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-04-13 04:33 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-04-13 04:33 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 04:33 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 04:33 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-04-13 04:33 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 04:33 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 04:33 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-04-13 04:33 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-04-13 04:33 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-04-13 04:33 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-04-13 04:33 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 04:33 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 04:33 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-04-13 04:33 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-04-13 04:32 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 04:32 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 04:32 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 04:32 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-04-13 04:32 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-04-13 04:32 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-04-13 04:32 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2016-04-13 04:32 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2016-04-13 04:32 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 04:32 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-04-13 04:32 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-04-13 04:31 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-13 04:31 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-13 04:31 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-13 04:31 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-13 04:31 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-13 04:31 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-13 04:31 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-13 04:31 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-13 04:31 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-04-13 04:31 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-04-13 04:31 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-04-13 04:30 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 04:30 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 04:30 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 04:30 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 04:30 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 04:30 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-04-13 04:30 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-04-13 04:30 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 04:30 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 04:30 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 04:30 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 04:30 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 04:30 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-04-13 04:30 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-04-13 04:30 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-13 04:30 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-13 04:30 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 04:30 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-04-13 04:30 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-04-13 04:30 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-04-13 04:30 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 04:30 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-04-13 04:30 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-04-13 04:30 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-04-13 04:30 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-04-13 04:30 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-04-13 04:30 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-04-13 04:30 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-04-13 04:30 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 04:30 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-04-13 04:30 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-04-13 04:30 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-04-13 04:30 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-04-13 04:30 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-04-13 04:30 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 04:30 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-04-13 04:30 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-04-13 04:30 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-04-13 04:30 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 04:30 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-04-13 04:30 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-04-13 04:30 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-04-13 04:30 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-04-13 04:30 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-04-13 04:30 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-04-13 04:30 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-04-13 04:30 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-04-13 04:30 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-04-13 04:29 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-04-13 04:29 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-04-13 04:29 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-04-13 04:28 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-04-13 04:28 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-04-13 04:28 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-04-13 04:28 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-04-13 04:28 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-04-13 04:28 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-04-13 04:28 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-04-13 04:28 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-04-13 04:27 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-04-13 04:27 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 04:27 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 04:27 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 04:27 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 04:27 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-04-13 04:27 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-04-13 04:26 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-04-13 04:26 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 04:26 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-04-13 03:54 - 2016-04-14 01:04 - 00000622 _____ C:\Users\Shane\Desktop\CheckHomeDepot.ahk
2016-04-12 19:32 - 2016-04-13 04:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-09 16:41 - 2016-04-09 16:41 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2016-04-08 03:36 - 2016-04-11 06:17 - 11622892 _____ C:\Users\Shane\Desktop\CloseMaxMinCalcNEW.xlsx
2016-04-06 04:53 - 2016-04-06 05:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KrView
2016-04-06 04:52 - 2016-04-06 04:52 - 01388544 ____N (Microsoft Corporation) C:\WINDOWS\msvbvm60.dll
2016-04-06 04:52 - 2016-04-06 04:52 - 00327680 ____N (Microsoft Corporation) C:\WINDOWS\Setup1.exe
2016-04-06 04:52 - 2016-04-06 04:52 - 00198656 ____N (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2016-04-06 04:52 - 2016-04-06 04:52 - 00151622 ____N (Microsoft Corporation) C:\WINDOWS\modcas.dll
2016-04-06 04:52 - 2016-04-06 04:52 - 00101888 ____N (Microsoft Corporation) C:\WINDOWS\odestkit.dll
2016-04-06 04:52 - 2016-04-06 04:52 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\ODEUNST.EXE
2016-04-06 04:52 - 2016-04-06 04:52 - 00003945 ____N C:\WINDOWS\SysWOW64\ospfilelist.txt
2016-04-06 02:32 - 2016-04-07 11:12 - 00000000 ____D C:\Users\Shane\Synfig
2016-04-06 02:26 - 2016-04-06 02:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synfig
2016-04-06 02:23 - 2016-04-06 02:26 - 00000000 ____D C:\Program Files\Synfig
2016-04-02 06:05 - 2016-04-02 06:10 - 254858677 _____ C:\Users\Shane\Downloads\OC Interests.zip
2016-04-02 05:20 - 2016-04-02 05:43 - 1126859630 _____ C:\Users\Shane\Downloads\parcels_cnty_14.zip
2016-04-02 05:18 - 2016-04-02 05:19 - 24560422 _____ C:\Users\Shane\Downloads\usgs_structures_may11.zip
2016-03-31 15:43 - 2016-03-31 15:43 - 00046272 _____ C:\Users\Shane\Downloads\ExpenseReport.pdf
2016-03-31 04:29 - 2016-04-02 03:53 - 10374785 _____ C:\Users\Shane\Desktop\CloseMaxMinCalc.xlsx
2016-03-29 01:15 - 2016-03-29 01:15 - 05364103 _____ C:\Users\Shane\Downloads\Jurisdictions_20160327_072321.zip
2016-03-29 00:50 - 2016-03-29 00:51 - 28231568 _____ C:\Users\Shane\Downloads\release-1500-x64-gdal-1-11-3-mapserver-6-4-2.zip
2016-03-29 00:35 - 2016-03-29 00:35 - 00000000 ____D C:\Users\Shane\Downloads\Jurisdictions_20160327_072321
2016-03-29 00:33 - 2016-03-29 01:17 - 00000000 ____D C:\Program Files (x86)\DBF Converter
2016-03-29 00:32 - 2016-03-29 00:32 - 02147984 _____ (HiBase Group) C:\Users\Shane\Downloads\dbfcnv.exe
2016-03-29 00:26 - 2016-03-29 00:26 - 00744820 _____ C:\Users\Shane\Downloads\FastDBF-master.zip
2016-03-29 00:26 - 2016-03-29 00:26 - 00000000 ____D C:\Users\Shane\Downloads\FastDBF-master
2016-03-26 13:43 - 2016-03-26 13:43 - 00003346 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
2016-03-26 13:43 - 2016-03-26 13:43 - 00003224 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-03-26 13:43 - 2016-03-26 13:43 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2016-03-26 13:43 - 2016-03-26 13:43 - 00000000 ____D C:\Program Files\Dell Support Center
2016-03-24 00:48 - 2016-04-12 19:33 - 00000000 ____D C:\Users\Shane\AppData\Local\CrashDumps
2016-03-18 03:57 - 2016-03-18 03:57 - 00271725 _____ C:\Users\Shane\Desktop\The Walk Blog.7z
2016-03-17 22:14 - 2016-03-17 22:14 - 00001564 _____ C:\Users\Shane\AppData\Local\recently-used.xbel
2016-03-17 22:06 - 2016-03-17 22:06 - 05286213 _____ C:\Users\Shane\Desktop\The Most Misused Verse in the Bible _ RELEVANT Magazine.mht
2016-03-17 22:01 - 2016-03-17 22:01 - 01518263 _____ C:\Users\Shane\Desktop\A Call to Teenagers to Be Free _ Desiring God.mht
2016-03-17 02:20 - 2016-03-17 02:20 - 00048851 _____ C:\Users\Shane\Documents\March Madness Odds.xlsx
2016-03-16 16:37 - 2016-03-16 16:37 - 00000000 ____D C:\Users\Shane\AppData\Local\Audacity
2016-03-16 07:56 - 2016-03-16 07:56 - 00088368 _____ C:\Users\Shane\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-16 06:57 - 2016-03-16 06:57 - 00000000 ____D C:\Users\Shane\AppData\Local\VirtualStore
2016-03-16 06:39 - 2016-03-16 06:39 - 00000000 ____D C:\Users\Shane\AppData\Local\Chris_Pietschmann_(http__

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-14 02:04 - 2014-03-18 05:53 - 00863592 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-14 02:04 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-14 02:03 - 2015-02-17 18:15 - 00000000 ____D C:\ProgramData\BOINC
2016-04-14 02:01 - 2015-10-25 11:37 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Ditto
2016-04-14 02:01 - 2015-07-12 16:54 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-14 02:01 - 2014-08-26 00:06 - 00000000 ____D C:\Program Files (x86)\Dell Backup and Recovery
2016-04-14 02:00 - 2015-12-25 14:38 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 01:59 - 2016-01-13 17:40 - 00000591 _____ C:\WINDOWS\system32\Drivers\etc\hosts.ics
2016-04-14 01:58 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-14 01:58 - 2013-08-22 10:44 - 00391256 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-14 01:49 - 2015-06-20 23:13 - 00000000 ___SD C:\WINDOWS\SysWOW64\GWX
2016-04-14 01:49 - 2015-06-20 23:13 - 00000000 ___SD C:\WINDOWS\system32\GWX
2016-04-14 01:49 - 2015-02-19 18:15 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-14 01:49 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-04-14 01:48 - 2015-12-25 14:38 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 01:47 - 2015-02-03 21:44 - 00000000 ____D C:\Users\Shane
2016-04-14 01:15 - 2015-04-26 19:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-14 01:10 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-14 01:10 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-14 00:50 - 2015-02-03 22:00 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2960551416-494333216-179184116-1001
2016-04-13 22:01 - 2016-02-14 19:24 - 00046684 _____ C:\Users\Shane\Desktop\DisasterTrackerData.txt
2016-04-13 21:56 - 2015-07-12 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-13 21:56 - 2015-07-12 16:53 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-13 05:02 - 2013-08-22 11:20 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-13 04:53 - 2015-02-17 18:51 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-13 04:51 - 2015-09-18 15:01 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-04-13 04:43 - 2015-02-17 18:50 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-13 04:31 - 2016-01-13 17:49 - 00177488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-04-13 04:29 - 2016-03-09 08:47 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-04-13 04:28 - 2016-03-09 08:47 - 01737080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-04-13 04:28 - 2016-03-09 08:47 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-04-13 04:02 - 2015-03-14 19:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-12 21:32 - 2015-02-07 18:35 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Skype
2016-04-12 19:34 - 2015-02-04 23:55 - 00000000 ____D C:\Users\Shane\AppData\Roaming\.purple
2016-04-12 19:32 - 2016-02-19 21:13 - 00019810 _____ C:\Users\Shane\Desktop\DisasterTrackerThoughts.txt
2016-04-11 18:08 - 2015-12-25 14:39 - 00002177 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-10 15:01 - 2015-12-24 01:02 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-04-10 15:01 - 2015-02-07 18:35 - 00000000 ____D C:\ProgramData\Skype
2016-04-09 01:49 - 2013-08-22 09:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-08 04:16 - 2015-04-26 19:29 - 00003718 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-04-06 05:46 - 2015-06-03 23:17 - 00000000 ____D C:\Users\Shane\Downloads\dadpictures
2016-04-04 04:19 - 2016-02-24 22:56 - 00056757 _____ C:\Users\Shane\Desktop\Messages Put Out.txt
2016-04-02 04:07 - 2015-12-25 06:28 - 00000000 ____D C:\Users\Shane\Desktop\After Europe Pics
2016-04-02 03:37 - 2015-02-07 14:14 - 00000000 ____D C:\Users\Shane\Desktop\Programming
2016-03-31 17:16 - 2016-02-24 04:46 - 00012007 _____ C:\Users\Shane\Desktop\DTInfoBuilder.html
2016-03-30 13:50 - 2015-12-25 14:37 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-26 13:43 - 2014-08-26 00:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-26 13:42 - 2014-08-26 00:05 - 00000000 ____D C:\ProgramData\PCDr
2016-03-25 11:44 - 2015-04-03 17:37 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-03-21 19:54 - 2015-01-01 16:14 - 00000000 ____D C:\Users\Shane\.gimp-2.8
2016-03-18 17:10 - 2016-03-14 16:20 - 00040326 _____ C:\Users\Shane\Documents\BBResultScrapeBETTER.xlsm
2016-03-18 16:24 - 2015-06-29 19:27 - 00000000 ____D C:\Users\Shane\Desktop\SPorcles
2016-03-17 22:58 - 2015-03-06 23:34 - 00000000 ____D C:\Users\Shane\AppData\Local\Spotify
2016-03-17 22:57 - 2015-03-06 23:33 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Spotify
2016-03-17 22:14 - 2015-05-04 00:05 - 00000000 ____D C:\Users\Shane\AppData\Local\gtk-2.0
2016-03-17 21:53 - 2015-03-06 19:27 - 00000841 _____ C:\Users\Shane\Desktop\ChristmasAdd.txt
2016-03-17 21:48 - 2015-11-14 10:14 - 00000000 ____D C:\Users\Shane\Desktop\New Shane Folder
2016-03-16 22:19 - 2015-03-29 23:15 - 00000000 ____D C:\Users\Shane\AppData\Roaming\OBS
2016-03-16 20:39 - 2015-03-29 22:38 - 00000000 ____D C:\Users\Shane\AppData\Roaming\vlc
2016-03-16 16:52 - 2015-02-10 01:04 - 00000000 ____D C:\Users\Shane\AppData\Roaming\Audacity
2016-03-16 16:37 - 2015-02-10 00:55 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-03-16 06:55 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\addins
2016-03-15 22:53 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF

==================== Files in the root of some directories =======

2015-04-26 17:41 - 2016-02-24 12:49 - 0028494 _____ () C:\Users\Shane\AppData\Roaming\WeatherScope.log
2015-04-26 17:41 - 2016-02-24 12:51 - 0001149 _____ () C:\Users\Shane\AppData\Roaming\WeatherScopePrefs.xml
2015-07-05 17:04 - 2015-07-05 17:04 - 0000038 ___SH () C:\Users\Shane\AppData\Local\70149b02515b3bb20dd492.47983420
2016-03-17 22:14 - 2016-03-17 22:14 - 0001564 _____ () C:\Users\Shane\AppData\Local\recently-used.xbel
2014-08-25 23:35 - 2014-08-25 23:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-08-25 23:57 - 2014-08-25 23:58 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-08-25 23:53 - 2014-08-25 23:54 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-08-25 23:54 - 2014-08-25 23:56 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-08-25 23:56 - 2014-08-25 23:57 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-08-25 23:53 - 2014-08-25 23:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log

Some files in TEMP:
====================
C:\Users\Shane\AppData\Local\Temp\FoxitUpdater.exe
C:\Users\Shane\AppData\Local\Temp\npp.6.9.1.Installer.exe
C:\Users\Shane\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\Shane\AppData\Local\Temp\procexp64.exe
C:\Users\Shane\AppData\Local\Temp\sqlite3.dll
C:\Users\Shane\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-13 12:30

==================== End of FRST.txt ============================



 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Shane (2016-04-14 02:13:56)
Running from C:\Users\Shane\Downloads
Windows 8.1 (X64) (2015-02-04 01:47:45)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2960551416-494333216-179184116-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-2960551416-494333216-179184116-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2960551416-494333216-179184116-1003 - Limited - Enabled)
Shane (S-1-5-21-2960551416-494333216-179184116-1001 - Administrator - Enabled) => C:\Users\Shane

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Anki (HKLM-x32\...\Anki) (Version:  - )
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team)
AutoHotkey 1.1.23.01 (HKLM\...\AutoHotkey) (Version: 1.1.23.01 - Lexikos)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MX880 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX880_series) (Version:  - )
cdrtfe 1.5.3 (HKLM-x32\...\cdrtools Frontend_is1) (Version:  - Oliver Valencia)
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Data Toolbar for Chrome and Firefox (HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\{971fe27d-aba8-4a86-8cb9-c1360db0a12a}) (Version: 3.1.5882.0 - DataTool Services)
Data Toolbar for Chrome and Firefox (x32 Version: 3.1.5882.0 - DataTool Services) Hidden
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.1.34.40 - Synaptics Incorporated)
Dell Update (HKLM-x32\...\{9E4750A7-90F6-4181-8A8A-B1ADF4216E93}) (Version: 1.0.1059.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dev-C++ (HKLM-x32\...\Dev-C++) (Version: 5.11 - Bloodshed Software)
Dexpot (HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\Dexpot) (Version: 1.6.14 - Dexpot GbR)
Ditto (HKLM\...\Ditto_is1) (Version:  - Scott Brogden)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Flash Movie Extract Pilot (HKLM-x32\...\Flash Movie Extract Pilot (freeware)_is1) (Version: 1.00 - Two Pilots)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.3.0.118 - Foxit Software Inc.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Glary Utilities 5.43 (HKLM-x32\...\Glary Utilities 5) (Version: 5.43.0.63 - Glarysoft Ltd)
GnuWin32: Wget-1.11.4-1 (HKLM-x32\...\Wget-1.11.4-1_is1) (Version: 1.11.4-1 - GnuWin32)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
inSSIDer Office (HKLM-x32\...\{4480B2BC-35D7-42A3-8B6D-C96C1A710CF2}) (Version: 4.3.0.4 - MetaGeek, LLC)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.41 - Irfan Skiljan)
JOSM 9900 (HKLM-x32\...\JOSM) (Version: 9900 - OpenStreetMap JOSM team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Message+ (HKLM-x32\...\{e81287bb-3cf1-409f-abb0-f046c5df16cc}) (Version: 1.0.16.0 - Verizon)
Message+ (x32 Version: 1.0.16.0 - Verizon) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Streets & Trips 2008 (HKLM-x32\...\{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}) (Version: 15.0.17.1600 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual Studio Express 2013 for Windows Desktop - ENU with Update 4 (HKLM-x32\...\{b8a9dbc1-1fd4-4103-a83b-a2896f193ea0}) (Version: 12.0.31101.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2.5941 - Mozilla)
Navit (HKLM-x32\...\Navit) (Version: 0.2.0 - The Navit Team)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.1 - Notepad++ Team)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenTTD 1.5.2 (HKLM-x32\...\OpenTTD) (Version: 1.5.2 - OpenTTD)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.11 - )
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
PostGIS 2.2.0, PgRouting 2.1.0, ogr_fdw 1.0, PgPointCloud 1.0.1  for PostgreSQL x64 9.3 (remove only) (HKLM\...\PostGIS 2.2 bundle for PostgreSQL x64 9.3) (Version:  - )
PostGIS 2.2.1, PgRouting 2.1.0, ogr_fdw 1.0, PgPointCloud 1.0.1  for PostgreSQL x64 9.5 (remove only) (HKLM\...\PostGIS 2.2 bundle for PostgreSQL x64 9.5) (Version:  - )
PostgreSQL 9.5  (HKLM\...\PostgreSQL 9.5) (Version: 9.5 - PostgreSQL Global Development Group)
QGIS Lyon 2.12.3 Lyon (HKLM\...\QGIS Lyon) (Version:  - QGIS Development Team)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.314 - Qualcomm Atheros Communications)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.18 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.39054 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7161 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform)
ShareX (HKLM\...\82E6AC09-0FEF-4390-AD9F-0DD3F5561EFC_is1) (Version: 10.3.0 - ShareX Team)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
SoundWire Server version 1.9 (HKLM-x32\...\{E15658BC-7742-4397-999F-98B1BD11B784}_is1) (Version: 1.9 - GeorgieLabs)
SplitCam (HKLM-x32\...\SplitCam) (Version: 6.9.4.1 - SplitCam Co)
Spotify (HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\Spotify) (Version: 1.0.21.143.g76c19bcd - Spotify AB)
Stellarium 0.13.3 (HKLM\...\Stellarium_is1) (Version: 0.13.3 - Stellarium team)
Synfig Studio (HKLM-x32\...\synfigstudio) (Version: 1.0.2 - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
URL Snooper v2.38.01 (HKLM-x32\...\URLSnooper 2_is1) (Version:  - DonationCoder.com)
Virtual Router v1.0 (HKLM-x32\...\{BE905C46-2B34-4D73-AEE1-769ED138E0FF}) (Version: 1.0 - Chris Pietschmann)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WeatherScope (HKLM-x32\...\Weathersoft) (Version:  - )
WinDirStat 1.1.2 (HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\WinDirStat) (Version:  - )
WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 1.12.6 (64-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.6 - The Wireshark developer community, hxxp://www.wireshark.org)
World Community Grid (HKLM-x32\...\{204A5C8D-5FE3-42F3-95DF-81685E863135}) (Version: 7.2.47 - World Community Grid)
XAMPP (HKLM-x32\...\xampp) (Version: 7.0.2-1 - Bitnami)
XXConsole: Super Console Generator  ver 0.96 (HKLM-x32\...\XXConsole) (Version: 0.96 - Pixelab, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08E80EC8-D730-43D7-8D5E-32D66C9F782C} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {0E2D6440-8A34-4D2B-B701-5A3E06B6ACBD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-13] (Microsoft Corporation)
Task: {15CA0BF3-003E-44CF-A714-2AF73983A69F} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {2263BE5B-F3F4-497C-B60B-25C99815C443} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {27C2A6F8-33D6-439A-809A-F9E9A02C4CA5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)
Task: {4285C9B2-B773-466B-A3DC-6F80B5AD0A6F} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-08] (Adobe Systems Incorporated)
Task: {793C875C-B0DB-41E4-BA68-E8AFA42376EE} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {7D02BAAC-0B0E-4974-98F7-8873BBE8B656} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {959E45AD-C964-4E31-B2C0-CE9380FD7CAD} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {98DB851E-7047-4A52-AF0D-40EF35FEC707} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [2014-10-31] (Aviata Inc)
Task: {992F957C-07FE-424C-9FC8-897A4860B95E} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-01-09] (Synaptics Incorporated)
Task: {A0F7EDDB-2279-4C18-82F2-847A0D87A9CF} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-01-18] (Glarysoft Ltd)
Task: {BF404D52-7D54-4670-984F-88A16D34AB3A} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {CF5385FD-7F31-4F63-B31C-33D822787D6F} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-14] (Dell Inc.)
Task: {CF9A93C2-ED86-49EE-B9B9-4BF2BC69575C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-01-18] (Glarysoft Ltd)
Task: {DF79C45E-5962-4185-84A0-FAF2FC8C70D8} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {E521A88E-C8DA-4540-B9BC-C4EAC7158E09} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\Users\Shane\Desktop\BackupStuff\GRASS GIS 7.0.0beta2.lnk -> C:\Program Files (x86)\GRASS GIS 7.0.0beta2\grass70.bat (No File)

==================== Loaded Modules (Whitelisted) ==============

2016-03-01 13:11 - 2016-02-09 00:47 - 00183296 _____ () C:\Program Files\PostgreSQL\9.5\bin\LIBPQ.dll
2016-03-01 13:13 - 2015-08-26 04:40 - 02257408 _____ () C:\Program Files\PostgreSQL\9.5\bin\libxml2.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2013-08-22 14:40 - 2013-08-22 14:40 - 00040240 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherServiceLib.dll
2013-08-22 14:40 - 2013-08-22 14:40 - 00046384 _____ () C:\Program Files (x86)\Wyse\PocketCloud\AetherHelperLib.dll
2014-08-26 00:08 - 2014-03-12 15:22 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-08-26 00:08 - 2014-03-12 15:22 - 00019232 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-01-08 04:00 - 2014-01-08 04:00 - 00011264 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-01-08 03:58 - 2014-01-08 03:58 - 00086016 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2014-01-08 04:03 - 2014-01-08 04:03 - 00012928 _____ () C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ActivateDesktop.exe
2015-10-25 11:37 - 2015-10-17 05:40 - 02087936 _____ () C:\Program Files\Ditto\Ditto.exe
2016-01-18 01:51 - 2016-01-18 01:51 - 00079784 _____ () C:\Program Files (x86)\Glary Utilities 5\zlib1.dll
2014-08-25 23:58 - 2013-12-10 11:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2012-10-19 15:18 - 2012-10-19 15:18 - 00081920 _____ () C:\Program Files (x86)\BOINC\zlib1.dll
2015-04-29 21:47 - 2014-09-11 18:09 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-04-29 21:47 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2014-08-25 23:54 - 2013-03-04 23:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 14:41 - 2013-03-05 14:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-03-28 14:07 - 2016-03-28 14:07 - 00021680 _____ () C:\Program Files (x86)\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2015-02-06 04:07 - 00000942 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1        agtgoh.com
127.0.0.1        www.agtgoh.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2960551416-494333216-179184116-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Dell\BlueLava_1112000xx_inspiron_wallpaper58095_16x9_72dpi_RGB.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\StartupApproved\StartupFolder: => "ShareX.lnk"
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\StartupApproved\Run: => "AutoStartVMA"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{931BA6D1-E20B-4F0B-8DBE-33E12CBCF281}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{D875DFAC-AFFC-43F4-8508-1D6E6B467420}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{76668600-9768-4AB9-B304-91E51FC768D1}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{E85F3CDE-871E-4982-933C-50941A00F994}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{F1F9932E-DA40-42EA-B797-91209F568E52}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{D5722851-138C-43EF-91AD-994D76C82E19}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{636935AF-95F9-475E-B975-87D51AA6DD26}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{25DFE7B1-89B2-468F-A8DA-FB0F8987323D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{78622A05-45A2-4F5D-ABC8-0A255C304010}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{16386239-C634-4C0C-B38A-D0903D75D82A}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{4EDE06E9-2CD6-4414-A3CA-B600A0430475}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{D9F9E34B-233A-4812-99B5-BB8FE114E7B7}C:\programdata\dishworld\dishworld.exe] => (Allow) C:\programdata\dishworld\dishworld.exe
FirewallRules: [UDP Query User{82A7155C-46E2-4256-8AB7-52FE876D9D70}C:\programdata\dishworld\dishworld.exe] => (Allow) C:\programdata\dishworld\dishworld.exe
FirewallRules: [{E9926493-3E06-4D9A-873F-C71B6E3EB65F}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{D5C3272A-DB67-4B70-8B83-164A6C880D33}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [TCP Query User{5DA0E5B5-925C-4EB6-9AAD-1F3F51A06D92}C:\programdata\sling international\slinginternational.exe] => (Allow) C:\programdata\sling international\slinginternational.exe
FirewallRules: [UDP Query User{CA207CBC-5195-42F1-9FD0-5E03FF022A32}C:\programdata\sling international\slinginternational.exe] => (Allow) C:\programdata\sling international\slinginternational.exe
FirewallRules: [TCP Query User{4F84C65D-1AD0-42E2-A879-B27BAC8F05A4}C:\users\shane\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shane\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{59FF0BE1-D84B-4491-B36E-AD328A85B2BC}C:\users\shane\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\shane\appdata\roaming\spotify\spotify.exe
FirewallRules: [{46C5E4ED-2120-4AE3-9E0C-827EB040E456}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{434A13D8-D2D3-4C71-895C-01620957E0DA}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
FirewallRules: [{C49B271A-E8DD-4447-A612-CC82E84A0013}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{4F6A20FF-1593-406C-B323-3F373FA4FD9A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe
FirewallRules: [{C5E48CD7-8D49-440B-92D0-2BA66F089497}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [{BA75D0CA-C7A4-428F-866E-E477FF5E3EB1}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
FirewallRules: [TCP Query User{BD1F3216-C264-4A22-ADF9-5E86D142B017}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [UDP Query User{339B907B-4DC8-49D7-B086-EC23DDC9F8BB}C:\program files (x86)\dearmob\5kplayer\5kplayer.exe] => (Allow) C:\program files (x86)\dearmob\5kplayer\5kplayer.exe
FirewallRules: [TCP Query User{6E5531F0-A8C9-4D6C-A2E4-7808BCC86308}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{3267F882-F7AC-477D-A27F-1256C51E9716}C:\xampp\mysql\bin\mysqld.exe] => (Allow) C:\xampp\mysql\bin\mysqld.exe
FirewallRules: [TCP Query User{FD97A699-AF28-4115-8271-F9B7FE4CACC3}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{2192E7C2-AA63-478A-8002-BFA7FBA19B6D}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{BC08E279-80E9-49F3-A40F-F61CF21BA41F}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [UDP Query User{65C5959A-FF80-4727-8E30-D33D888AAFC4}C:\program files\ditto\ditto.exe] => (Allow) C:\program files\ditto\ditto.exe
FirewallRules: [{749ABE37-680B-47AF-A4BA-B30587E9E063}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B82D294E-A116-43A0-9CAC-0F1FC2C88CDE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{5369F8AC-60E9-4198-A8A9-DB49E14673E8}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [UDP Query User{61DF5616-F9E0-48AF-9576-543D7E326CF4}C:\program files (x86)\java\jre1.8.0_66\bin\java.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\java.exe
FirewallRules: [TCP Query User{019D3326-0DD0-4336-B95F-FEAC9E54C8A8}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe
FirewallRules: [UDP Query User{3E591D29-67A5-44B5-8F26-253F1C23873C}C:\program files (x86)\soundwire server\soundwireserver.exe] => (Allow) C:\program files (x86)\soundwire server\soundwireserver.exe
FirewallRules: [{F280F403-4942-4A70-AFDA-8D982CF5E7D5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{59AFBA84-B533-4FBE-8CF6-F4F3A96DF7D7}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CA79DD7-26FA-47E8-8446-F65E309B1759}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{ADC73B61-C7CE-449B-9257-6DEA40B09A80}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AC0E7FF2-3D7B-4508-9080-95CF2F03C6DE}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{E8EAB39C-6A3B-4072-B5CD-2BE5836DB82D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{3DF29595-5420-4778-9F14-93FE0495C3A1}] => (Allow) %systemroot%\system32\alg.exe

==================== Restore Points =========================

29-03-2016 07:08:41 Scheduled Checkpoint
06-04-2016 04:27:25 Scheduled Checkpoint
13-04-2016 04:34:00 Windows Update
14-04-2016 01:40:01 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: Bluetooth Audio Device
Description: Bluetooth Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications
Service: BTATH_A2DP
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SplitCam Virtual Video Driver
Description: SplitCam Virtual Video Driver
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: SplitCam
Service: splitcam_hd_driver
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SplitCam Virtual Audio Device (WDM)
Description: SplitCam Virtual Audio Device (WDM)
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: SplitCam Audio
Service: scvad_simple
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/14/2016 01:58:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SplitCamService.exe, version: 1.0.0.1, time stamp: 0x526f8d9b
Faulting module name: SplitCamService.exe, version: 1.0.0.1, time stamp: 0x526f8d9b
Exception code: 0xc0000005
Fault offset: 0x000015e0
Faulting process id: 0x604
Faulting application start time: 0xSplitCamService.exe0
Faulting application path: SplitCamService.exe1
Faulting module path: SplitCamService.exe2
Report Id: SplitCamService.exe3
Faulting package full name: SplitCamService.exe4
Faulting package-relative application ID: SplitCamService.exe5

Error: (04/14/2016 01:42:12 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 45.0.2.5941 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 3254

Start Time: 01d195f23468215f

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 9a7f91fa-0203-11e6-82bf-645a04bfaad2

Faulting package full name:

Faulting package-relative application ID:

Error: (04/14/2016 01:41:39 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.112 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1c64

Start Time: 01d1960b36518502

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 8bed3d64-0203-11e6-82bf-645a04bfaad2

Faulting package full name:

Faulting package-relative application ID:

Error: (04/14/2016 01:40:48 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad++.exe version 6.9.1.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 215c

Start Time: 01d195db223edb52

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Notepad++\notepad++.exe

Report Id: 6a2a66b8-0203-11e6-82bf-645a04bfaad2

Faulting package full name:

Faulting package-relative application ID:

Error: (04/13/2016 04:04:44 AM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: Timed out waiting for server startup

Error: (04/13/2016 04:03:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SplitCamService.exe, version: 1.0.0.1, time stamp: 0x526f8d9b
Faulting module name: SplitCamService.exe, version: 1.0.0.1, time stamp: 0x526f8d9b
Exception code: 0xc0000005
Fault offset: 0x000015e0
Faulting process id: 0xa1c
Faulting application start time: 0xSplitCamService.exe0
Faulting application path: SplitCamService.exe1
Faulting module path: SplitCamService.exe2
Report Id: SplitCamService.exe3
Faulting package full name: SplitCamService.exe4
Faulting package-relative application ID: SplitCamService.exe5

Error: (04/12/2016 07:33:58 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 45.0.1.5918 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 5198

Start Time: 01d1946e979e7281

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 01915b48-0107-11e6-82be-645a04bfaad2

Faulting package full name:

Faulting package-relative application ID:

Error: (04/12/2016 07:33:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program notepad++.exe version 6.9.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 450

Start Time: 01d192241ba38085

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Notepad++\notepad++.exe

Report Id: fd05226b-0106-11e6-82be-645a04bfaad2

Faulting package full name:

Faulting package-relative application ID:

Error: (04/12/2016 07:33:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.1.5918, time stamp: 0x56e8b7df
Faulting module name: mozglue.dll, version: 45.0.1.5918, time stamp: 0x56e8a981
Exception code: 0x80000003
Fault offset: 0x0000f0ea
Faulting process id: 0x22bc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/12/2016 09:41:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 58c4

Start Time: 01d194c055c64f6f

Termination Time: 4294967295

Application Path: C:\WINDOWS\syswow64\backgroundTaskHost.exe

Report Id: 49bf4f08-00b4-11e6-82be-645a04bfaad2

Faulting package full name: Microsoft.MicrosoftSudoku_1.2.1406.2005_x86__8wekyb3d8bbwe

Faulting package-relative application ID: App


System errors:
=============
Error: (04/14/2016 01:59:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SplitCamService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/14/2016 01:47:51 AM) (Source: DCOM) (EventID: 10010) (User: ShaneLaptop)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (04/14/2016 01:41:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/13/2016 09:45:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Intel® Capability Licensing Service Interface service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/13/2016 01:09:51 PM) (Source: DCOM) (EventID: 10010) (User: ShaneLaptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/13/2016 12:31:22 PM) (Source: DCOM) (EventID: 10010) (User: ShaneLaptop)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (04/13/2016 12:30:36 PM) (Source: DCOM) (EventID: 10010) (User: ShaneLaptop)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (04/13/2016 06:59:42 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (04/13/2016 06:49:41 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:

Error: (04/13/2016 06:42:30 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description:


CodeIntegrity:
===================================
  Date: 2016-04-13 22:57:07.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 22:57:07.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 22:57:06.975
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 21:47:12.486
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 21:47:12.003
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 21:47:09.680
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 14:36:12.405
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 14:36:11.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 14:36:11.146
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-13 13:16:29.188
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4005U CPU @ 1.70GHz
Percentage of memory in use: 69%
Total physical RAM: 4000.18 MB
Available physical RAM: 1228.39 MB
Total Virtual: 5664.18 MB
Available Virtual: 2113.48 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:456.13 GB) (Free:32.68 GB) NTFS
Drive d: (ST_2008) (CDROM) (Total:1.31 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 7613C3DE)

Partition: GPT.

==================== End of Addition.txt ============================

Edited by Oh My!, 01 May 2016 - 01:27 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 16 April 2016 - 08:13 PM

Greetings JeopardyTempest and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\MountPoints2: {a4c256f2-2cd1-11e4-8250-806e6f6e6963} - "D:\dvdrun.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2960551416-494333216-179184116-1001 -> DefaultScope {6D773755-AD5D-4727-B5ED-BCF55853FCAB} URL =
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2016-04-09 16:41 - 2016-04-09 16:41 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2015-07-05 17:04 - 2015-07-05 17:04 - 0000038 ___SH () C:\Users\Shane\AppData\Local\70149b02515b3bb20dd492.47983420
2014-08-25 23:57 - 2014-08-25 23:58 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-08-25 23:53 - 2014-08-25 23:54 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-08-25 23:54 - 2014-08-25 23:56 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-08-25 23:56 - 2014-08-25 23:57 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-08-25 23:53 - 2014-08-25 23:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Shortcut: C:\Users\Shane\Desktop\BackupStuff\GRASS GIS 7.0.0beta2.lnk -> C:\Program Files (x86)\GRASS GIS 7.0.0beta2\grass70.bat (No File)
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 JeopardyTempest

JeopardyTempest
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 18 April 2016 - 03:18 AM

Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Shane (2016-04-18 02:27:26) Run:1
Running from C:\Users\Shane\Desktop
Loaded Profiles: Shane &  (Available Profiles: Shane & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-2960551416-494333216-179184116-1001\...\MountPoints2: {a4c256f2-2cd1-11e4-8250-806e6f6e6963} - "D:\dvdrun.exe"
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2960551416-494333216-179184116-1001 -> DefaultScope {6D773755-AD5D-4727-B5ED-BCF55853FCAB} URL =
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2016-04-09 16:41 - 2016-04-09 16:41 - 00000000 __HDC C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9}
2015-07-05 17:04 - 2015-07-05 17:04 - 0000038 ___SH () C:\Users\Shane\AppData\Local\70149b02515b3bb20dd492.47983420
2014-08-25 23:57 - 2014-08-25 23:58 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-08-25 23:53 - 2014-08-25 23:54 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-08-25 23:54 - 2014-08-25 23:56 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-08-25 23:56 - 2014-08-25 23:57 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-08-25 23:53 - 2014-08-25 23:53 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Shortcut: C:\Users\Shane\Desktop\BackupStuff\GRASS GIS 7.0.0beta2.lnk -> C:\Program Files (x86)\GRASS GIS 7.0.0beta2\grass70.bat (No File)
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-2960551416-494333216-179184116-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4c256f2-2cd1-11e4-8250-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{a4c256f2-2cd1-11e4-8250-806e6f6e6963} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-2960551416-494333216-179184116-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
C:\ProgramData\{05EE3202-A879-4F9D-895C-AC535855E0A9} => moved successfully
C:\Users\Shane\AppData\Local\70149b02515b3bb20dd492.47983420 => moved successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log => moved successfully
C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => moved successfully
C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log => moved successfully
Shortcut: C:\Users\Shane\Desktop\BackupStuff\GRASS GIS 7.0.0beta2.lnk -> C:\Program Files (x86)\GRASS GIS 7.0.0beta2\grass70.bat (No File) => Error: No automatic fix found for this entry.


The system needed a reboot.

==== End of Fixlog 02:28:54 ====

 

 

 

 

I ran AdwCleaner, it came up as not finding anything.  The only logs in the AdwCleaner folder are from runs months ago.  Does it not make a log if it doesn't find anything?

 

 

 

 

Attached File  Summary.zip   320.59KB   1 downloads

 

 

 

After running the FRST fix, it restarted much more quickly.  Sounds like it's running the disk and processor a fair bit... TaskManager shows both MBAM and Windows Defender as fairly active in the background... so nothing seems outside the realm of reasonable... and nothing stands out as being abnormal right now.

 

 

Are there any further scans you would like me to run?

 

 

Thank for all your help Gary, I really appreciate it.

To God be every glory,

Shane (and please do feel free to call me that)



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 18 April 2016 - 09:59 AM

Greetings Shane.

AdwCleaner does create a log but no need to see it. Rather than bring it to the forefront it is simply placed in the AdwCleaner folder.

Let's do a few more things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
emptytemp:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Emsisoft report
  • Security Check log
  • Any remaining issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 JeopardyTempest

JeopardyTempest
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 19 April 2016 - 09:12 AM

Will probably be near a day before I get a good consistent time to do these, but very appreciative of your continued help, and will get back as soon as possible!

 

To God be every glory,

Shane


Edited by JeopardyTempest, 19 April 2016 - 09:12 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 19 April 2016 - 02:29 PM

No problem Shane, thanks for the heads up.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 JeopardyTempest

JeopardyTempest
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 21 April 2016 - 04:20 AM

Fix result of Farbar Recovery Scan Tool (x64) Version:13-04-2016
Ran by Shane (2016-04-20 03:49:38) Run:2
Running from C:\Users\Shane\Desktop
Loaded Profiles: Shane &  (Available Profiles: Shane & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
emptytemp:
*****************

EmptyTemp: => 28.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 03:55:57 ====

 

 

 

 

 

 

 

Emsisoft Emergency Kit - Version 11.0
Last update: 4/20/2016 4:22:42 AM
User account: ShaneLaptop\Shane

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start:    4/20/2016 4:24:15 AM
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\weatherscope     detected: PUP.Win32.Clartor (A)

Scanned    433937
Found    1

Scan end:    4/20/2016 9:41:05 AM
Scan time:    5:16:50

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\weatherscope     PUP.Win32.Clartor (A)

Quarantined    1
 

 

 

 

 

 

 

 

 

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     21.0.0.213  
 Mozilla Firefox (for.)
 Google Chrome (49.0.2623.110)
 Google Chrome (49.0.2623.112)
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 Windows Defender MpCmdRun.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

 

Not too surprised by the size of the temp folders, had a lot of big GIS datasets I'd opened without saving.  Though it was still big.

 

The EMSISOFT report... I gotta believe that's a false positive.  That's a respected meteorological program that's been around for ages.  Unless they a) got infected and didn't realize it B) a virus started infecting existing program files... it seems odd.  Can't find a lot of info about Clartor?  I do hope to use WeatherScope again, so would be good to get direction on this.

 

And my primary browser is Firefox, so wasn't sure what (for.) meant in the Security Check.

Could well all be no big deals, just trying to give you background on each.

 

 

Computer was a bit slow the last couple hours after running the scan, but I noted MBAM was fairly active.  My mouse cursor has always had a history of disappearing for 15-20 seconds while the system sounds to be chugging away at things... but touchscreen still works.  And it'll keep doing it for a while, then when the system goes quieter, stop having the issue.
But that's been a problem for a long time.

Thanks again for all your help,

To God be every glory,

Shane



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 21 April 2016 - 05:58 PM

Greetings Shane,

Yes, you can reinstall WeatherScope. Some programs make judgment calls about programs.

Open Firefox, click Help, then About Firefox and confirm it is Version 45.0.2.

Let's poke around your computer/hardware a bit. Please do this.

===================================================

Running sfc /scannow in Elevated Command

--------------------
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • If you are prompted for an administrator password or for a confirmation, type the password, or click Allow
  • Windows 8/10: Press the Windows key + X at the same time, then click Command Prompt (Admin)
  • Type the following at the Command Prompt and press Enter

sfc /scannow

  • If Windows did not find any integrity violations please let me know
  • If errors were found copy and paste the following after the command prompt then press Enter

copy %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

  • A sfcdetails.txt document will be placed on your Desktop
  • Copy and paste or attach the file to your reply if too large
===================================================

Running Chkdsk /r From Command Prompt with Report

--------------------
  • Close any open programs
  • Click Start, type cmd, then press the Shift, Ctrl, + Enter keys at the same time
  • An Administrator Command Prompt window should open
  • Copy and paste the following after the Command Prompt and press Enter

CMD /C ECHO Y|CHKDSK /R C: /R | SHUTDOWN /R /T 10

  • Please allow the system to reboot on its own and run the program. This may take a bit of time
  • When completed your system will automatically reboot
  • Press the windows key Windows_Logo_key.gif + R on your keyboard at the same time
  • Type powershell.exe and press Enter
  • Copy and paste the following after the Command Prompt and press Enter

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

  • A document named CHKDSKResults.txt will be created on your Desktop
  • Copy and paste the contents of the document in your reply
===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SFC results
  • chkdsk results
  • GSmart results
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 24 April 2016 - 08:08 AM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 JeopardyTempest

JeopardyTempest
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 26 April 2016 - 02:34 AM

Gary, I'm real sorry about the delay, here you go:

 

sfc /scannow:

clean

 

 

 

 

 

 

chkdsk:
TimeCreated : 1/19/2016 6:35:25 PM
Message     :
              
              Checking file system on C:
              The type of the file system is NTFS.
              Volume label is OS.
              
              
              One of your disks needs to be checked for consistency. You
              may cancel the disk check, but it is strongly recommended
              that you continue.
              Windows will now check the disk.                         
              
              Stage 1: Examining basic file system structure ...
              Cleaning up instance tags for file 0x17229.
                911872 file records processed.                                                        
              File verification completed.
                7232 large file records processed.                                   
                0 bad file records processed.                                     
              
              Stage 2: Examining file name linkage ...
              Index entry accounts.xml of index $I30 in file 0x8daf points to unused file 0xc71ea.
              Deleting index entry accounts.xml in index $I30 of file 36271.
              Index entry blist.xml of index $I30 in file 0x8daf points to unused file 0xc6c0a.
              Deleting index entry blist.xml in index $I30 of file 36271.
              Index entry recovery.bak of index $I30 in file 0xb514 points to unused file 0xc7871.
              Deleting index entry recovery.bak in index $I30 of file 46356.
              Unable to locate the file name attribute of index entry recovery.js
              of index $I30 with parent 0xb514 in file 0xc78ad.
              Deleting index entry recovery.js in index $I30 of file 46356.
              The two index entries of length 0x68 and 0x70 are either identical
              or appear in the wrong order.
              b6 7e 0c 00 00 00 04 00 68 00 52 00 00 00 00 00  .~......h.R.....
              26 73 01 00 00 00 20 00 6e 5a 78 cd 63 52 d1 01  &s.... .nZx.cR..
              82 81 78 cd 63 52 d1 01 82 81 78 cd 63 52 d1 01  ..x.cR....x.cR..
              6e 5a 78 cd 63 52 d1 01 38 01 00 00 00 00 00 00  nZx.cR..8.......
              31 01 00 00 00 00 00 00 20 00 00 00 00 00 00 00  1....... .......
              08 02 41 00 34 00 41 00 46 00 42 00 44 00 7e 00  ..A.4.A.F.B.D.~.
              31 00 33 00 35 00 33 00 ?? ?? ?? ?? ?? ?? ?? ??  1.3.5.3.........
              ----------------------------------------------------------------------
              b6 7e 0c 00 00 00 04 00 70 00 52 00 01 00 00 00  .~......p.R.....
              26 73 01 00 00 00 20 00 6e 5a 78 cd 63 52 d1 01  &s.... .nZx.cR..
              82 81 78 cd 63 52 d1 01 82 81 78 cd 63 52 d1 01  ..x.cR....x.cR..
              6e 5a 78 cd 63 52 d1 01 38 01 00 00 00 00 00 00  nZx.cR..8.......
              31 01 00 00 00 00 00 00 20 00 00 00 00 00 00 00  1....... .......
              08 02 41 00 34 00 41 00 46 00 42 00 44 00 7e 00  ..A.4.A.F.B.D.~.
              31 00 33 00 35 00 33 00 b0 10 00 00 00 00 00 00  1.3.5.3.........
              Sorting index $I30 in file 95014.
              Index entry 0CD8F0A6F0054C25697C3A361C8660DDC73E38D3 of index $I30 in file 0x17326 points to unused file
              0xc2613.
              Deleting index entry 0CD8F0A6F0054C25697C3A361C8660DDC73E38D3 in index $I30 of file 95014.
              Index entry 0CD8F0~1 of index $I30 in file 0x17326 points to unused file 0xc2613.
              Deleting index entry 0CD8F0~1 in index $I30 of file 95014.
              Index entry 11A4A8F3B99038391DDB8C32F77B9D10DCE3149C of index $I30 in file 0x17326 points to unused file
              0xc25f6.
              Deleting index entry 11A4A8F3B99038391DDB8C32F77B9D10DCE3149C in index $I30 of file 95014.
              Index entry 11A4A8~1 of index $I30 in file 0x17326 points to unused file 0xc25f6.
              Deleting index entry 11A4A8~1 in index $I30 of file 95014.
              Index entry 152E88D87A917CBF743F1E547EE5E794CADF53FA of index $I30 in file 0x17326 points to unused file
              0xc25ea.
              Deleting index entry 152E88D87A917CBF743F1E547EE5E794CADF53FA in index $I30 of file 95014.
              Index entry 152E88~1 of index $I30 in file 0x17326 points to unused file 0xc25ea.
              Deleting index entry 152E88~1 in index $I30 of file 95014.
              Index entry 18E7DC~1 of index $I30 in file 0x17326 points to unused file 0xc25d3.
              Deleting index entry 18E7DC~1 in index $I30 of file 95014.
              Index entry 1F2CC37816369FDE6AFAD39E76C7888D7EEA4B6E of index $I30 in file 0x17326 points to unused file
              0xc203e.
              Deleting index entry 1F2CC37816369FDE6AFAD39E76C7888D7EEA4B6E in index $I30 of file 95014.
              Index entry 1F2CC3~1 of index $I30 in file 0x17326 points to unused file 0xc203e.
              Deleting index entry 1F2CC3~1 in index $I30 of file 95014.
              Index entry 21D0C06AF9A8E8B495AF42AFFACF14ED68192B14 of index $I30 in file 0x17326 points to unused file
              0xc2426.
              Deleting index entry 21D0C06AF9A8E8B495AF42AFFACF14ED68192B14 in index $I30 of file 95014.
              Index entry 21D0C0~1 of index $I30 in file 0x17326 points to unused file 0xc2426.
              Deleting index entry 21D0C0~1 in index $I30 of file 95014.
              Index entry 26593E3AC9FC5B0BFFAC8C8D83EA079C99391380 of index $I30 in file 0x17326 points to unused file
              0xc2074.
              Deleting index entry 26593E3AC9FC5B0BFFAC8C8D83EA079C99391380 in index $I30 of file 95014.
              Index entry 26593E~1 of index $I30 in file 0x17326 points to unused file 0xc2074.
              Deleting index entry 26593E~1 in index $I30 of file 95014.
              Index entry 2996D29BBC28F3692BF5A1BACB0921AC4553F215 of index $I30 in file 0x17326 points to unused file
              0xc2631.
              Deleting index entry 2996D29BBC28F3692BF5A1BACB0921AC4553F215 in index $I30 of file 95014.
              Index entry 2996D2~1 of index $I30 in file 0x17326 points to unused file 0xc2631.
              Deleting index entry 2996D2~1 in index $I30 of file 95014.
              Index entry 3654F9~1 of index $I30 in file 0x17326 points to unused file 0xc2590.
              Deleting index entry 3654F9~1 in index $I30 of file 95014.
              Index entry 3C00E295154DAA813E9AD4ABA42C1D6B2C9473E8 of index $I30 in file 0x17326 points to unused file
              0xc2554.
              Deleting index entry 3C00E295154DAA813E9AD4ABA42C1D6B2C9473E8 in index $I30 of file 95014.
              Index entry 3C00E2~1 of index $I30 in file 0x17326 points to unused file 0xc2554.
              Deleting index entry 3C00E2~1 in index $I30 of file 95014.
              Index entry 405D2C874C092A3373FD987F017A38C2367587E4 of index $I30 in file 0x17326 points to unused file
              0xc25d9.
              Deleting index entry 405D2C874C092A3373FD987F017A38C2367587E4 in index $I30 of file 95014.
              Index entry 405D2C~1 of index $I30 in file 0x17326 points to unused file 0xc25d9.
              Deleting index entry 405D2C~1 in index $I30 of file 95014.
              Index entry 45DCE2D1ACE1F34C469B32A3209C6FB25F246B20 of index $I30 in file 0x17326 points to unused file
              0xc261e.
              Deleting index entry 45DCE2D1ACE1F34C469B32A3209C6FB25F246B20 in index $I30 of file 95014.
              Index entry 45DCE2~1 of index $I30 in file 0x17326 points to unused file 0xc261e.
              Deleting index entry 45DCE2~1 in index $I30 of file 95014.
              Index entry 4C632F5B54DDEE19379D31E318513F3BA1E673B4 of index $I30 in file 0x17326 points to unused file
              0xc25c4.
              Deleting index entry 4C632F5B54DDEE19379D31E318513F3BA1E673B4 in index $I30 of file 95014.
              Index entry 4C632F~1 of index $I30 in file 0x17326 points to unused file 0xc25c4.
              Deleting index entry 4C632F~1 in index $I30 of file 95014.
              Index entry 52413C1F7C48B4FB6C2856046A180D5E8147566F of index $I30 in file 0x17326 points to unused file
              0xc2625.
              Deleting index entry 52413C1F7C48B4FB6C2856046A180D5E8147566F in index $I30 of file 95014.
              Index entry 52413C~1 of index $I30 in file 0x17326 points to unused file 0xc2625.
              Deleting index entry 52413C~1 in index $I30 of file 95014.
              Index entry 590054D64EA3F91EC32DAD5B0C0D4EDA1FDB9165 of index $I30 in file 0x17326 points to unused file
              0xc213b.
              Deleting index entry 590054D64EA3F91EC32DAD5B0C0D4EDA1FDB9165 in index $I30 of file 95014.
              Index entry 590054~1 of index $I30 in file 0x17326 points to unused file 0xc213b.
              Deleting index entry 590054~1 in index $I30 of file 95014.
              Index entry 6036014138A371B4E6E1D80DCA655A7D2C0D691D of index $I30 in file 0x17326 points to unused file
              0xc25e9.
              Deleting index entry 6036014138A371B4E6E1D80DCA655A7D2C0D691D in index $I30 of file 95014.
              Index entry 603601~1 of index $I30 in file 0x17326 points to unused file 0xc25e9.
              Deleting index entry 603601~1 in index $I30 of file 95014.
              Index entry 6BAFC561533FFC84344E21F9CAD60D3A243644D6 of index $I30 in file 0x17326 points to unused file
              0xc25f7.
              Deleting index entry 6BAFC561533FFC84344E21F9CAD60D3A243644D6 in index $I30 of file 95014.
              Index entry 6BAFC5~1 of index $I30 in file 0x17326 points to unused file 0xc25f7.
              Deleting index entry 6BAFC5~1 in index $I30 of file 95014.
              Index entry 6D2CBAB9EE63BD0F11381B2AC1CCDCFA20118B6B of index $I30 in file 0x17326 points to unused file
              0xc2190.
              Deleting index entry 6D2CBAB9EE63BD0F11381B2AC1CCDCFA20118B6B in index $I30 of file 95014.
              Index entry 6D2CBA~1 of index $I30 in file 0x17326 points to unused file 0xc2190.
              Deleting index entry 6D2CBA~1 in index $I30 of file 95014.
              Index entry 6F62867C5043072BA93D972C6A745916D9F217F2 of index $I30 in file 0x17326 points to unused file
              0xc25ca.
              Deleting index entry 6F62867C5043072BA93D972C6A745916D9F217F2 in index $I30 of file 95014.
              Index entry 6F6286~1 of index $I30 in file 0x17326 points to unused file 0xc25ca.
              Deleting index entry 6F6286~1 in index $I30 of file 95014.
              Index entry 71218DEBB6D863BA2B3934AD6912F3B50E963830 of index $I30 in file 0x17326 points to unused file
              0xc69d7.
              Deleting index entry 71218DEBB6D863BA2B3934AD6912F3B50E963830 in index $I30 of file 95014.
              Index entry 71218D~1 of index $I30 in file 0x17326 points to unused file 0xc69d7.
              Deleting index entry 71218D~1 in index $I30 of file 95014.
              Index entry 757DAB0498325FAC7BD47C57EA69F6805541FC87 of index $I30 in file 0x17326 points to unused file
              0xc2608.
              Deleting index entry 757DAB0498325FAC7BD47C57EA69F6805541FC87 in index $I30 of file 95014.
              Index entry 757DAB~1 of index $I30 in file 0x17326 points to unused file 0xc2608.
              Deleting index entry 757DAB~1 in index $I30 of file 95014.
              Index entry 77308D3F140FA97C6E8F21CAE3410AE27B1BA317 of index $I30 in file 0x17326 points to unused file
              0xc1f88.
              Deleting index entry 77308D3F140FA97C6E8F21CAE3410AE27B1BA317 in index $I30 of file 95014.
              Index entry 77308D~1 of index $I30 in file 0x17326 points to unused file 0xc1f88.
              Deleting index entry 77308D~1 in index $I30 of file 95014.
              Index entry 78005304A3F8C9B72D64A457F12D7C8E266A40E2 of index $I30 in file 0x17326 points to unused file
              0xc7f0b.
              Deleting index entry 78005304A3F8C9B72D64A457F12D7C8E266A40E2 in index $I30 of file 95014.
              Index entry 780053~1 of index $I30 in file 0x17326 points to unused file 0xc7f0b.
              Deleting index entry 780053~1 in index $I30 of file 95014.
              Index entry 7975B22CAB42908C5E52A757D630F2943BB1359B of index $I30 in file 0x17326 points to unused file
              0xc2562.
              Deleting index entry 7975B22CAB42908C5E52A757D630F2943BB1359B in index $I30 of file 95014.
              Index entry 7975B2~1 of index $I30 in file 0x17326 points to unused file 0xc2562.
              Deleting index entry 7975B2~1 in index $I30 of file 95014.
              Index entry 8368A1FEE76A2592E08D739D983F9D0DFEC5BC03 of index $I30 in file 0x17326 points to unused file
              0xc0e58.
              Deleting index entry 8368A1FEE76A2592E08D739D983F9D0DFEC5BC03 in index $I30 of file 95014.
              Index entry 8368A1~1 of index $I30 in file 0x17326 points to unused file 0xc0e58.
              Deleting index entry 8368A1~1 in index $I30 of file 95014.
              Index entry 85094E~1 of index $I30 in file 0x17326 points to unused file 0xc25cd.
              Deleting index entry 85094E~1 in index $I30 of file 95014.
              Index entry 8C7A87D5BEE09438AA28D83538569ACEAC45B3C7 of index $I30 in file 0x17326 points to unused file
              0xc25a9.
              Deleting index entry 8C7A87D5BEE09438AA28D83538569ACEAC45B3C7 in index $I30 of file 95014.
              Index entry 8C7A87~1 of index $I30 in file 0x17326 points to unused file 0xc25a9.
              Deleting index entry 8C7A87~1 in index $I30 of file 95014.
              Index entry 8E1444A4085A036E14239FB83209FFD5765C198D of index $I30 in file 0x17326 points to unused file
              0xc24e9.
              Deleting index entry 8E1444A4085A036E14239FB83209FFD5765C198D in index $I30 of file 95014.
              Index entry 8E1444~1 of index $I30 in file 0x17326 points to unused file 0xc24e9.
              Deleting index entry 8E1444~1 in index $I30 of file 95014.
              Index entry 8F20B955A083B9BE841088E753B8D00246B4362D of index $I30 in file 0x17326 points to unused file
              0xc265c.
              Deleting index entry 8F20B955A083B9BE841088E753B8D00246B4362D in index $I30 of file 95014.
              Index entry 8F20B9~1 of index $I30 in file 0x17326 points to unused file 0xc265c.
              Deleting index entry 8F20B9~1 in index $I30 of file 95014.
              Index entry 9DA45CACCF61BEDAFC74B080AEB7859E5C3618F7 of index $I30 in file 0x17326 points to unused file
              0xc2566.
              Deleting index entry 9DA45CACCF61BEDAFC74B080AEB7859E5C3618F7 in index $I30 of file 95014.
              Index entry 9DA45C~1 of index $I30 in file 0x17326 points to unused file 0xc2566.
              Deleting index entry 9DA45C~1 in index $I30 of file 95014.
              Index entry 9E03A5F0B9F191B38E585ED2DDBF79121EB68413 of index $I30 in file 0x17326 points to unused file
              0xc21d4.
              Deleting index entry 9E03A5F0B9F191B38E585ED2DDBF79121EB68413 in index $I30 of file 95014.
              Index entry 9E03A5~1 of index $I30 in file 0x17326 points to unused file 0xc21d4.
              Deleting index entry 9E03A5~1 in index $I30 of file 95014.
              Index entry A4B3F5~1 of index $I30 in file 0x17326 points to unused file 0xc255f.
              Deleting index entry A4B3F5~1 in index $I30 of file 95014.
              Index entry AEE6F22DB93A6346E4354E85E37CEE74AAFC18BA of index $I30 in file 0x17326 points to unused file
              0xc2578.
              Deleting index entry AEE6F22DB93A6346E4354E85E37CEE74AAFC18BA in index $I30 of file 95014.
              Index entry AEE6F2~1 of index $I30 in file 0x17326 points to unused file 0xc2578.
              Deleting index entry AEE6F2~1 in index $I30 of file 95014.
              Index entry AEEEF91E365B76CD8D597EA6A576A0D178537E2E of index $I30 in file 0x17326 points to unused file
              0xc24f6.
              Deleting index entry AEEEF91E365B76CD8D597EA6A576A0D178537E2E in index $I30 of file 95014.
              Index entry AEEEF9~1 of index $I30 in file 0x17326 points to unused file 0xc24f6.
              Deleting index entry AEEEF9~1 in index $I30 of file 95014.
              Index entry B2DB15EE2D6C269CDB34A890747D091FDD1EF36B of index $I30 in file 0x17326 points to unused file
              0xc260f.
              Deleting index entry B2DB15EE2D6C269CDB34A890747D091FDD1EF36B in index $I30 of file 95014.
              Index entry B2DB15~1 of index $I30 in file 0x17326 points to unused file 0xc260f.
              Deleting index entry B2DB15~1 in index $I30 of file 95014.
              Index entry B3FBE874BC7011F22FFB231D8DDC903A03ADF556 of index $I30 in file 0x17326 points to unused file
              0xc259d.
              Deleting index entry B3FBE874BC7011F22FFB231D8DDC903A03ADF556 in index $I30 of file 95014.
              Index entry B3FBE8~1 of index $I30 in file 0x17326 points to unused file 0xc259d.
              Deleting index entry B3FBE8~1 in index $I30 of file 95014.
              Index entry B49451F8D0595193E5879AEC2EC88859D7AD2C89 of index $I30 in file 0x17326 points to unused file
              0xc243c.
              Deleting index entry B49451F8D0595193E5879AEC2EC88859D7AD2C89 in index $I30 of file 95014.
              Index entry B49451~1 of index $I30 in file 0x17326 points to unused file 0xc243c.
              Deleting index entry B49451~1 in index $I30 of file 95014.
              Index entry B90635C89456FBF5B9C06D3950E7B88D51510A85 of index $I30 in file 0x17326 points to unused file
              0xc2428.
              Deleting index entry B90635C89456FBF5B9C06D3950E7B88D51510A85 in index $I30 of file 95014.
              Index entry B90635~1 of index $I30 in file 0x17326 points to unused file 0xc2428.
              Deleting index entry B90635~1 in index $I30 of file 95014.
              Index entry B9138DB68222CF52FEFCF7C5DD747117B3A023E8 of index $I30 in file 0x17326 points to unused file
              0xc25d1.
              Deleting index entry B9138DB68222CF52FEFCF7C5DD747117B3A023E8 in index $I30 of file 95014.
              Index entry B9138D~1 of index $I30 in file 0x17326 points to unused file 0xc25d1.
              Deleting index entry B9138D~1 in index $I30 of file 95014.
              Index entry C067C5178E5C0B3D220DB396DE6B074ED3C1EE72 of index $I30 in file 0x17326 points to unused file
              0xc243e.
              Deleting index entry C067C5178E5C0B3D220DB396DE6B074ED3C1EE72 in index $I30 of file 95014.
              Index entry C067C5~1 of index $I30 in file 0x17326 points to unused file 0xc243e.
              Deleting index entry C067C5~1 in index $I30 of file 95014.
              Index entry C1516AD939BE3BDAF5ADC36B40ED26033D93C06A of index $I30 in file 0x17326 points to unused file
              0x31893.
              Deleting index entry C1516AD939BE3BDAF5ADC36B40ED26033D93C06A in index $I30 of file 95014.
              Index entry C1516A~1 of index $I30 in file 0x17326 points to unused file 0x31893.
              Deleting index entry C1516A~1 in index $I30 of file 95014.
              Index entry C42EF9871EB4C7F8B1BE736C61E0AEFF4661955E of index $I30 in file 0x17326 points to unused file
              0xc2568.
              Deleting index entry C42EF9871EB4C7F8B1BE736C61E0AEFF4661955E in index $I30 of file 95014.
              Index entry C42EF9~1 of index $I30 in file 0x17326 points to unused file 0xc2568.
              Deleting index entry C42EF9~1 in index $I30 of file 95014.
              Index entry C6339C564B6C7D3C5AE9D09573


 

 

 

 

GSmartControl:

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win8(64)] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF INFORMATION SECTION ===
Device Model:     WDC WD5000LPVX-75V0TT0
Serial Number:    WX51A74FVPRS
LU WWN Device Id: 5 0014ee 20abe6b90
Firmware Version: 01.01A01
User Capacity:    500,107,862,016 bytes [500 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ACS-2 (revision not indicated)
Local Time is:    Tue Apr 26 02:18:51 2016 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x00)    Offline data collection activity
                    was never started.
                    Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0)    The previous self-test routine completed
                    without error or no self-test has ever
                    been run.
Total time to complete Offline
data collection:         ( 9480) seconds.
Offline data collection
capabilities:              (0x7b) SMART execute Offline immediate.
                    Auto Offline data collection on/off support.
                    Suspend Offline collection upon new
                    command.
                    Offline surface scan supported.
                    Self-test supported.
                    Conveyance Self-test supported.
                    Selective Self-test supported.
SMART capabilities:            (0x0003)    Saves SMART data before entering
                    power-saving mode.
                    Supports SMART auto save timer.
Error logging capability:        (0x01)    Error logging supported.
                    General Purpose Logging supported.
Short self-test routine
recommended polling time:      (   2) minutes.
Extended self-test routine
recommended polling time:      ( 108) minutes.
Conveyance self-test routine
recommended polling time:      (   5) minutes.
SCT capabilities:            (0x7035)    SCT Status supported.
                    SCT Feature Control supported.
                    SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x002f   200   200   051    Pre-fail  Always       -       0
  3 Spin_Up_Time            0x0027   149   145   021    Pre-fail  Always       -       1508
  4 Start_Stop_Count        0x0032   100   100   000    Old_age   Always       -       799
  5 Reallocated_Sector_Ct   0x0033   200   200   140    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x002e   200   200   000    Old_age   Always       -       0
  9 Power_On_Hours          0x0032   090   090   000    Old_age   Always       -       8004
 10 Spin_Retry_Count        0x0032   100   100   000    Old_age   Always       -       0
 11 Calibration_Retry_Count 0x0032   100   100   000    Old_age   Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       722
191 G-Sense_Error_Rate      0x0032   001   001   000    Old_age   Always       -       437
192 Power-Off_Retract_Count 0x0032   200   200   000    Old_age   Always       -       80
193 Load_Cycle_Count        0x0032   166   166   000    Old_age   Always       -       102465
194 Temperature_Celsius     0x0022   107   077   000    Old_age   Always       -       36
196 Reallocated_Event_Count 0x0032   200   200   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0032   200   200   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0030   100   253   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x0032   200   200   000    Old_age   Always       -       0
200 Multi_Zone_Error_Rate   0x0008   100   253   000    Old_age   Offline      -       0
240 Head_Flying_Hours       0x0032   090   090   000    Old_age   Always       -       7481
241 Total_LBAs_Written      0x0032   200   200   000    Old_age   Always       -       37939104879
242 Total_LBAs_Read         0x0032   200   200   000    Old_age   Always       -       29244717073
254 Free_Fall_Sensor        0x0032   200   200   000    Old_age   Always       -       0

SMART Error Log Version: 1
No Errors Logged

SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%      8004         -
# 2  Short offline       Completed without error       00%      7573         -
# 3  Short offline       Completed without error       00%      7235         -
# 4  Short offline       Aborted by host               90%      5291         -
# 5  Short offline       Completed without error       00%      4828         -
# 6  Short offline       Completed without error       00%      4704         -
# 7  Short offline       Completed without error       00%      3525         -
# 8  Short offline       Completed without error       00%      3148         -
# 9  Short offline       Completed without error       00%      1912         -
#10  Short offline       Completed without error       00%      1291         -
#11  Short offline       Completed without error       00%         0         -
#12  Short offline       Interrupted (host reset)      80%         0         -

SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.

 

 

 

I didn't tell it to abort anything... so to verify, ran it again, got similar errors but on different runs.  I guess that might be fairly normal??

 

 

 

Had an issue the other day with a few YouTube videos open where I literally couldn't do a single thing for 10-15 minutes.  No mouse cursor, no alt+tab, no ctrl+shift+esc.  The type of full blown freeze you'd have to just sit around and wait forever you'd come across years ago... but had never come across anything like that in recent times.  Certainly still a bit slowish.  At times.  Not something I'd be certain was outside the operating world, though.  Still the occasional mouse issues.  But just these little quirks.  No popups or immediately alarming processes or anything.

 

So if you have any more thoughts, I'm all ears, but also certainly up for considering it just the occasional conflict or bug, what's always seemed to be the usual.

 

 

BTW, there were a couple minor changes that I'll note incase you're pasting instructions, for the benefit down the line:

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

had match instead of -match.  Wouldn't run until changed to

get-winevent -FilterHashTable @{logname="Application"; id="1001"}| ?{$_.providername -match "wininit"} | fl timecreated, message | out-file Desktop\CHKDSKResults.txt

And GSmartControl is now a full program installation rather than unzipping a folder.

 

 

But sorry about all the delays, and really appreciative of all you do.  Certainly up to keep trying, but if there's a lot of other fish on your plate, real crippled systems, no problem if you wish to consider the situation closed, or take your time.

 

Thanks again,

To Jesus Christ be any glory,

Shane



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 26 April 2016 - 08:19 PM

Hi Shane,

Thanks for letting me know of the changes I need to make on my instructions.

Please do these things.

===================================================

Core Temp

--------------------

NOTE: Many antivirus programs will flag this as malicious software but it is not. It can be safely downloaded and launched.
  • Disable your AntiVirus and AntiSpyware applications. Sometimes you can simply select that option after right clicking on the System Tray Program icon on the lower right corner of the screen
  • Please download Core Temp and save it to your desktop
  • If you receive a warning the file is malicious you can ignore the warning and download the file anyway
  • Unzip the folder onto your Desktop
  • Double click the unzipped folder then double click Core Temp.exe
  • Monitor the core temperature both at computer idle and while stressing your computer by launching videos, multiple programs, and high demand programs all at the same time
  • Please report the readings and especially the readings if your computer freezes or shuts down
===================================================

Testing Computer Memory Using MemTest86+

--------------------
  • Download MemTest86+ for creating a bootable CD (ISO format) and and save it to your desktop
  • Right click on the folder and select Extract All...
  • Select Next, Next, then Finish
  • Burn the image file to a CD, as an image file. If you're unsure how to do this, see the How to Burn an ISO File tutorial.. Be sure to uncheck any additional software that is offered.
  • Put your CD in the drive and configure your machine to boot to the CD. This is different on all machines, but it's usually by pressing F12 or F10 as your system boots, and selecting either "CDROM" or your cdrom drive.
  • If you've done it correctly, MemTest86+ will start to run automaticly, as shown below:

memtestStart.png

  • If you want to be reasonably certain your RAM is OK, then allow MemTest to run until you see this message:

memtestFinished.png

  • On the other hand, if you want to be completely sure your RAM is OK, allow MemTest to run overnight. Memtest will continue to run until the program is stopped.
  • Check the MemTest screen for any reported errors. Errors will appear as RED warnings at the bottom of the screen, similar to the following screenshot:

memtestFail.png

  • Press the reset button on the computer, removing the MemTest disk in the process
  • Report the results
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Core Temp results[
  • MemTest results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 29 April 2016 - 09:28 AM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#13 JeopardyTempest

JeopardyTempest
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:02:35 AM

Posted 01 May 2016 - 01:25 AM

Hi Gary, sorry for the delay again, and thanks again for keeping with it.

 

Appreciate you directing me to the temp monitor, didn't know such a good widespread one was available now :-)

However, tonight, under usual usage a few minutes ago, both cores were steady in the 45C range, and rather low load.

Then even after throwing the best things I could at it (numerous progs, big Excel calculations, many YouTubes) (enough to cause the more typical window freezes regularly), the load got up reasonable (usually in the 70s, peaked at 94%?)... but temperature peaked in only the upper 50s before receding.
Not sure what a couple of the other values mean: lithography 22 nm, TDP 15.0 Watts, VID 0.7305 v so throwing those in for good measure.

I'm in a cool building at the moment, but certainly don't see any indications temp is an issue.

Never felt the laptop temp go high in the past either (including the day of the big freeze up). 

 

 

I haven't been at home but will be back in a couple days... if it's alright with you, I'd like to wait til then when I have access to my own USBs\recordable disks?

 

Firefox has always seemed to leak memory with time (though I haven't found a browser that really does work great consistently, at least not in usage of IE and Chrome), and maybe it was just extreme this time.

Had a weird incident earlier where I hit shift+delete (which would cut text) accidentally on selected text earlier in Notepad++, where the program appeared to rapidly flash into the background before returning to cut the text despite no other heavy usage... similar to the cmd video I posted in my first post.  Wasn't doing much else, n other lagging issues.
Always suspicious of such weird stuff.  But you seem fairly convinced it's clean in terms of the nefarious things (though I certainly recognize the seemingly widespread viewpoint that we can never be absolutely sure).

Perhaps the memory test will prove to show the issue, that'd be great.  Can't imagine there'd be much else to test at this point, but open to ideas as always.

Really appreciate you continuing to be of help.

To God be every praise, your work is most honorable and glorifying,

Thanks,

Shane



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 01 May 2016 - 01:50 PM

Hi Shane,

No problem on the delay and thanks for the ongoing words of encouragement.

Thanks for check the temperatures. Let's see what MemTest tells us.

I would like to uninstall Splitcam. If you use it and would not be able to reinstall it stop and let me know.

Please do this.

===================================================

Uninstalling Programs Using Revo Uninstaller Free

--------------------

I recommend uninstalling the below listed program(s) from your computer.

Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.

Please note there is a chance when you look for this program to uninstall through Revo it might not be listed because of a previous uninstall. If that is the case simply stop and let me know.
  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on the listed program(s), or anything similar, to remove it (if it exists)
SplitCam
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next.
  • Check the items in bold only on the list then click Delete. You may have to expand some folders by clicking the "+" mark.
  • When prompted click on Yes and then on Next.
  • Click on Select all then click Delete
  • When prompted select Yes then Next
  • Once done click Finish
  • Test your computer performance
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Memtest results
  • Did you uninstall Splitcam?
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,444 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:11:35 PM

Posted 04 May 2016 - 09:16 AM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users