Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Randomly losing Disk Space [Closed] [Solved]

disk space eating losing losing disk space disappearing appdata

  • This topic is locked This topic is locked

#1
burntreesplease

burntreesplease

    Member

  • Member
  • PipPip
  • 11 posts

Hello, GTG! I'm here inquiring about an issue I've put up with from my computer that I want to resolve. My hard drive loses disk space randomly and I don't know why.
 
I don't have too many files or programs on my computer but out of the 119GB I have available to me, only 1.22 GB is currently available and that's only because I went through my computer this morning and deleted a few programs. Usually I'm at around 100ish MB available and on some days it fluctuates greatly, anywhere from 1.5 GB to none at all (0 byte).
 
I have a a few malware removal tools on my computer that don't help much at all. I've scanned my computer with Spybot, Microsoft Security Essentials and Malware Bytes Anti-Malware. Over the course of the last year Spybot and MSE have said my computer is completely clean and MBAM has notified me once of malware, finding and quarantining two files at that point in time, both of which I believe were in AppData.
 
I've tried to resolve this problem once before and this website I found once explained how to access AppData and manually delete sketchy file names from this cache. Before I did this I downloaded this program that showed how your disk space was being allotted and App Data was consuming most of my space, though that was almost a year ago now. I did that and my computer got much better for a short period of time, it seemed and was too good to be true. Many of them were pop up windows that looked familiar.
 
Some symptoms I experience are slow internet browsing speeds, shoddy connection via Skype (video is always blurry for whoever I'm skyping with unless I delete some programs), my computer incessantly reminding me I have Low Disk Space, Netflix will say "Something went wrong..." with an error code resembling M###-18053 or something similar to that, etc. I'm sure there are other symptoms that aren't coming to mind but I will edit this if I remember anything else.
 
So, yea. My computer is losing disk space for some strange reason which I SURMISE may be due to some files in my AppData but I am not entirely sure and any help would be amazing. Thank you.
 
If I have not been descriptive enough or you are confused on something please let me know and I'll try my best to fill in the blanks. Thanks again
 
Here is the FRST.txt log from my FRT64.exe scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016

Ran by Evans (administrator) on BOOMSTATION (22-04-2016 12:22:22)
Running from C:\Users\Evans\Desktop
Loaded Profiles: Evans (Available Profiles: Evans & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Flux Software LLC) C:\Users\Evans\AppData\Local\FluxSoftware\Flux\flux.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [f.lux] => C:\Users\Evans\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Google Update] => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Spotify Web Helper] => C:\Users\Evans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-22] (Spotify Ltd)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-01-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-01-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [MusicManager] => C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Spotify] => C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe [6855280 2016-04-22] (Spotify Ltd)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-27] (Google Inc.)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12900864 2015-09-10] (Verizon)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Policies\Explorer: [] 
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {127f379e-098a-11e2-ae48-70f1a1b7c8b0} - E:\setup.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {1b971fbc-6dc9-11e5-9fb5-70f1a1b7c8b0} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {24e9bf11-c599-11e1-af4f-f04da247060b} - E:\setup.exe -a
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {292a1846-0d7f-11e2-afed-70f1a1b7c8b0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {325a1442-6aa1-11e4-b5da-70f1a1b7c8b0} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {d8c71570-c262-11e3-86a8-70f1a1b7c8b0} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-12-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Evans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-01-30]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BDE40C7-9904-4D29-A8F0-21C239BA3C04}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Evans\AppData\Roaming\Mozilla\Firefox\Profiles\5t1kyevr.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Evans\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Evans\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @talk.google.com/O1DPlugin -> C:\Users\Evans\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Evans\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evans\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-21]
CHR Extension: (Google Docs) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-21]
CHR Extension: (Google Drive) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-09-21]
CHR Extension: (Google Search) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Netflix) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-09-21]
CHR Extension: (Google+) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-10]
CHR Extension: (Google Calendar) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-10]
CHR Extension: (Google Sheets) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-21]
CHR Extension: (Mentioned Videos for Reddit) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiimkmdalmgffhibfdjnhljpnigcmohf [2015-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (VBA-M) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\haggjokgofpdnidibklgiepchbpamcni [2015-09-21]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-21]
CHR Extension: (Crackle) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-21]
CHR Extension: (Google Play Music) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-09-21]
CHR Extension: (Really unexpected jihad and cena!) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikdnplleocicihlgeaijcmjhobapdmep [2016-02-22]
CHR Extension: (SoundCloud) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-09-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (Google Hangouts) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-03-16]
CHR Extension: (Google Play) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-09-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Maps) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-21]
CHR Extension: (Google Drawings) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-09-27]
CHR Extension: (Ghostery) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-22]
CHR Extension: (Google Play Books) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (My Chrome Theme) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]
CHR Extension: (myHomework Student Planner) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pembccdigcahnckbjcbehhcacplbbomj [2016-03-25]
CHR Extension: (Visualping) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2016-04-05]
CHR Extension: (SiteBlock) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2012-11-12]
CHR Extension: (Gmail) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR Extension: (RSS Feed Reader) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-03-07]
CHR HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Evans\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-17]
CHR HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-08-16] (Bradford Networks)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [403456 2009-09-16] (Red Bend Ltd.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [907264 2009-09-16] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 PCDSRVC{1353820B-E58E0D1F-06020200}_0; \??\c:\__de11ctstestfolder20120wdcsa__\tools\pcdr\pcdsrvc_x64.pkms [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-22 12:22 - 2016-04-22 12:22 - 00027779 _____ C:\Users\Evans\Desktop\FRST.txt
2016-04-22 12:21 - 2016-04-22 12:22 - 00000000 ____D C:\FRST
2016-04-22 12:16 - 2016-04-22 12:16 - 02375680 _____ (Farbar) C:\Users\Evans\Desktop\FRST64.exe
2016-04-20 13:03 - 2016-04-20 13:03 - 00480336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-20 13:03 - 2016-04-20 13:03 - 00124712 _____ C:\Users\Evans\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-20 13:02 - 2016-04-20 13:02 - 00785232 ____H C:\Users\Evans\AppData\Local\IconCache.db.backup
2016-04-18 09:42 - 2016-04-18 09:42 - 00000000 _____ C:\Users\Evans\Desktop\study_guide_electrochemistry.pdf
2016-04-18 09:41 - 2016-04-18 09:41 - 00087161 _____ C:\Users\Evans\Desktop\attachments.zip
2016-04-15 13:57 - 2016-04-15 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Messages
2016-04-15 13:56 - 2016-04-15 13:56 - 00000000 ____D C:\Program Files (x86)\Verizon
2016-04-15 13:55 - 2016-04-15 13:55 - 14616608 _____ (Verizon) C:\Users\Evans\Documents\Message+.exe
2016-04-03 22:24 - 2016-04-19 19:04 - 00000000 ____D C:\Users\Evans\Desktop\Lab 126
2016-04-03 22:22 - 2016-04-03 22:22 - 21692750 _____ C:\Users\Evans\Desktop\Physics_Lab-2016-01-21.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-22 12:20 - 2012-02-07 16:14 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Skype
2016-04-22 12:20 - 2009-07-14 00:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-22 12:20 - 2009-07-14 00:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-22 12:15 - 2013-03-12 15:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-22 11:58 - 2012-06-15 16:12 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Spotify
2016-04-22 11:53 - 2012-06-15 16:13 - 00000000 ____D C:\Users\Evans\AppData\Local\Spotify
2016-04-22 11:52 - 2012-02-25 13:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-22 11:49 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-22 11:48 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-22 11:39 - 2012-01-30 19:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job
2016-04-22 11:27 - 2015-09-21 23:21 - 00000000 ____D C:\Users\Evans\AppData\Local\Dropbox
2016-04-22 11:26 - 2012-02-25 13:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-22 10:50 - 2015-09-21 23:16 - 00000000 ___RD C:\Users\Evans\Dropbox
2016-04-22 10:50 - 2014-04-04 14:25 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Dropbox
2016-04-22 10:17 - 2012-03-08 14:27 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job
2016-04-22 03:57 - 2009-12-15 12:54 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 16:17 - 2012-03-08 14:27 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job
2016-04-21 15:00 - 2012-01-30 19:26 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job
2016-04-15 13:57 - 2013-08-24 15:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-15 13:42 - 2009-07-14 01:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-03 13:39 - 2012-02-25 13:54 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-01 08:01 - 2009-07-14 01:13 - 00000574 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-30 07:25 - 2012-11-26 00:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-30 07:25 - 2012-02-25 13:53 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-30 07:24 - 2012-02-07 16:14 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2015-05-15 17:06 - 2015-05-15 17:06 - 0000000 _____ () C:\Program Files (x86)\GUTF3B1.tmp
2012-11-02 06:00 - 2012-11-02 06:04 - 0005305 _____ () C:\Users\Evans\AppData\Roaming\flexadmin.xml
2014-11-01 11:13 - 2014-11-01 11:13 - 0000000 _____ () C:\Users\Evans\AppData\Local\{3C79C78A-7E6E-4E32-978C-55C0793C005F}
2012-10-03 01:22 - 2012-10-03 02:19 - 0000815 _____ () C:\ProgramData\hpzinstall.log
2012-10-03 16:33 - 2012-10-03 16:33 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-09 02:50
 
==================== End of FRST.txt ============================

 

And here is the Addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016

Ran by Evans (2016-04-22 12:23:19)
Running from C:\Users\Evans\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-01-30 23:25:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2915380412-2660705316-131880791-500 - Administrator - Disabled)
Evans (S-1-5-21-2915380412-2660705316-131880791-1001 - Administrator - Enabled) => C:\Users\Evans
Guest (S-1-5-21-2915380412-2660705316-131880791-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2915380412-2660705316-131880791-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bradford Persistent Agent (HKLM-x32\...\{1DFDD524-C61F-444A-AFD4-E780DECF7816}) (Version: 2.2.6.4 - Bradford Networks)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
f.lux (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Flux) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout (HKLM-x32\...\Fallout_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FAE224AF-B15E-448B-88FA-1839A7570CF8}) (Version: 2.00.0011 - Intel Corporation)
InViewer version 0.81 (HKLM-x32\...\{7E575733-1DF5-4064-AE38-289BA932398A}_is1) (Version: 0.81 - Stefan Wobbe)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maple 16 (HKLM\...\Maple 16) (Version:  - Maplesoft)
Maple 16 (HKLM-x32\...\Maple 16) (Version: 16.0.0.0 - Maplesoft)
Maple Toolbox (HKLM-x32\...\Maple Toolbox) (Version: 16.0.0.0 - Maplesoft)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Message+ (HKLM-x32\...\{c828830f-53d4-4a2f-ad5a-0b86574bce11}) (Version: 1.0.17.0 - Verizon)
Message+ (x32 Version: 1.0.17.0 - Verizon) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MusicManager) (Version:  - Google, Inc.)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.8 - Verizon)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{F493FC2E-A0ED-4B7F-A25B-2161A225D294}) (Version: 2.15.0904 - Samsung Electronics Co., Ltd.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C1BAFFB-809A-416E-A536-D9C19424F1A8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {0E61D970-4B54-443B-B8C5-8A59C01B7A85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {129215A7-C6B5-490E-BB0A-235D20A68C56} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {2AD370D3-8235-4222-A56A-75AA4CB1D6F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2C7A7AEE-9D08-44CD-BE64-F59C2E5291E8} - System32\Tasks\{80034D0E-D9D9-4A21-AEE9-7376293B06A3} => pcalua.exe -a C:\Users\Evans\Downloads\winsdk_web.exe -d C:\Users\Evans\Downloads
Task: {3B691F75-0F9F-4609-960A-AE2902EFA315} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {42439A62-EAB9-46AF-BCD3-57EBEBDF19AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4A636A23-2DF3-4BA9-BCA0-4EBFB8121C57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5653D9B7-02C0-4F37-8D72-4332B373FC38} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {58F04CD6-7E8E-41EE-9F73-908D5C560707} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {60026016-4E1F-42CE-B1EE-061E4077B868} - System32\Tasks\{30BBAB27-7BD1-47D8-8BD9-E1FB6EC92C43} => pcalua.exe -a C:\Users\Evans\Downloads\setup1.exe -d C:\Users\Evans\Downloads
Task: {6537CA8B-A253-4BF8-853E-81109AE5B7D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {7ACAF0BB-406A-415B-9406-8563FB966D92} - System32\Tasks\{B40F3588-512D-4179-88D9-51B019C70E75} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\PTC\Creo 1.0\Parametric\bin\parametric.exe"
Task: {9DAB3923-1F4E-4C16-BF0B-F39A54FBD64C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B3E3CED7-52E6-4B9A-BA03-2ECF28A33785} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B9689E7B-9A9A-4F63-840A-364343B9BBE9} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {CAA4BDB6-E505-4702-949D-AB4F953D5A40} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E6BDAA22-1C6B-4E79-99F4-1A938048A57A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-08-18 01:10 - 2009-08-18 01:10 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 10683392 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 07741952 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 02248192 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 01681408 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00117248 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00231936 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00253440 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00344064 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 00026624 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-10-20 20:21 - 2014-10-20 20:21 - 00612152 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\sqlite3.DLL
2015-05-13 04:30 - 2015-05-13 04:30 - 01655296 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\VzMessagingClientLib.dll
2016-04-03 13:39 - 2016-03-27 03:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-04-03 13:39 - 2016-03-27 03:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2015-09-24 00:40 - 2016-04-22 11:53 - 47503472 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libcef.dll
2015-09-24 00:40 - 2016-04-22 11:52 - 01584240 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libglesv2.dll
2015-09-24 00:40 - 2016-04-22 11:52 - 00082032 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libegl.dll
2016-04-08 18:08 - 2016-04-08 13:53 - 17532096 _____ () C:\Users\Evans\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\Evans\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Evans\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Evans\Documents\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-01-19 02:41 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15465 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BNPagent => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Evans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: Facebook Update => "C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: MusicManager => "C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Evans\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Evans\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VerizonCloud => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{E73EF87B-EE4B-4CF9-949D-C98E35896CB1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{CCB9054E-25C3-4735-8AB3-7109E6F7A0D1}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{EA6A1E13-EDA1-4BF1-B708-847BDB1E311F}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{AEC9E28B-2600-443C-8D5E-5B85793085D8}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{CBD705DF-22B4-4ED9-9690-56366FFBEDB2}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{3BFB1D7B-0C3F-4BEA-81A0-628F6EA43B02}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{890E5581-056B-4834-946D-145553300CE7}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{DA2FC488-4B3B-415A-9672-6014875DA63B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{EB68A79C-07B9-4ED9-B1CA-567BC2726D48}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{A8322172-BEED-41BE-8E29-005466B9584B}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [UDP Query User{B7856398-59F2-4A0D-98C5-E68E6D39CB5B}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe
FirewallRules: [TCP Query User{74630DF9-8C47-49B1-8D5A-9A120A1491A0}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{E07441E5-30E5-4716-89FB-40C80145D374}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{08FC080A-F940-41CC-B5DC-5045307376DB}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{8116D51D-EFFB-44CD-BFCC-A0EA3A136E31}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{96B0D7DC-EA65-46E9-B710-E1E4158A8F4B}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [UDP Query User{6D539426-B09A-4ADC-80C3-D7B90B488BBB}C:\program files\maple 16\jre\bin\maple.exe] => (Allow) C:\program files\maple 16\jre\bin\maple.exe
FirewallRules: [{D4462BB6-61CD-4FCD-871A-74529879968C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{98C590F4-18BC-4CC2-A62E-43DE686D895A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9A6A114E-2F34-4B10-B4D9-64B93AC41F77}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [TCP Query User{54DC3574-D2F6-4E54-ADEB-A8058A54BBFA}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exe
FirewallRules: [UDP Query User{41D99AE9-AAC0-45D0-9897-937FF4BB926E}C:\program files\maple 16\jre\bin\java.exe] => (Allow) C:\program files\maple 16\jre\bin\java.exe
FirewallRules: [{C311A571-9D4D-4514-92AE-56FB5900CC9F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{6E361D9D-08D5-426D-9551-88E5973A1A0D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{CE42180B-BAD7-4CA0-86FB-57A2B25116A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{89B6D13C-FC9B-42A1-A30E-62A5AB6C92CF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{03D9A15A-724F-4A82-86A2-E49DAADD09AE}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [{B8FFD3A0-1DFF-4981-BB04-2A918207B404}] => (Allow) C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe
FirewallRules: [TCP Query User{544CB7B1-0643-4A60-A4BF-BBB52FE7BDDF}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [UDP Query User{C5261BDA-A057-4406-8E6B-2EBB32E846A1}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe] => (Block) C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe
FirewallRules: [{FD401FCD-1869-4DD2-9FF2-24633E401F0B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{75DA58BA-8B3A-46D3-B890-1BD812118444}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A6C3ECE0-2DD3-472E-A081-E1B2E98C0A11}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CCD2670D-394A-41BB-B6B4-DE23369EE5AF}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{9D11C3AF-8543-46A6-9C23-DCE9ED72DE82}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{11A667C8-8A12-4D4E-8412-9DEA001FCF96}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{795309CB-AC84-4D80-8EEC-93B5CA202D30}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{268F7511-83CF-4FBB-8A77-224CFD3CE522}] => (Allow) C:\Users\Evans\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{F43729AF-4AC6-4E60-9640-73CDF1E98012}] => (Allow) C:\Users\Evans\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{223534D1-57E0-4EC9-A22A-62E116279E6E}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1D8F0A09-FA25-488C-93DF-B771E5253FDF}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{4D3B0286-6462-4CD5-95F7-BC4510F9813A}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{977E4189-B0A6-49FC-945B-C3A931E6F6F7}] => (Allow) C:\Users\Evans\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7BFB9115-18F2-4370-AE63-49F50BFB7DD7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{5CD73307-B759-43BF-B724-006E1BEF54FC}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [TCP Query User{3808BB10-9611-4689-A152-B35C4FD5EE33}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [UDP Query User{42A56D02-0221-4574-B713-DBA084C25BD2}C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe] => (Allow) C:\program files (x86)\heroes of the storm\versions\base34659\heroesofthestorm_x64.exe
FirewallRules: [TCP Query User{4EAC10E0-E3AA-4ACC-B9F6-49B45B10983C}C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{0D43BCED-0EEB-4ACD-85AC-39D184AD5D20}C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\evans\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{9C19EAA3-A8D5-46AC-B2F8-9DE64002668E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{F63B33F2-BEF9-43DD-8B9F-03EA9B07926E}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{45EFA899-41B2-45CC-A820-181EC66B1D0E}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{3BA443CB-B6D2-4888-97EF-86111FF74BDC}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{2AF5C7CE-91BD-47A1-9419-91115C0E202E}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{6A66852A-EAEF-4B8D-861C-E497EF43A7D4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
22-04-2016 12:02:23 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/22/2016 11:55:36 AM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
Error: (04/22/2016 10:49:32 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Apple Software Update; Error = 0x8004231f).
 
Error: (04/22/2016 10:49:31 AM) (Source: VSS) (EventID: 4001) (User: )
Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.
Add at least one NTFS drive to the system with enough free space.
The free space needed is at least 320 Mb for each volume to be shadow copied.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (04/22/2016 10:49:26 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\msiexec.exe /V; Description = Removed Apple Software Update; Error = 0x8004231f).
 
Error: (04/22/2016 10:49:25 AM) (Source: VSS) (EventID: 4001) (User: )
Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.
Add at least one NTFS drive to the system with enough free space.
The free space needed is at least 320 Mb for each volume to be shadow copied.
 
 
Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots
 
Context:
   Execution Context: System Provider
 
Error: (04/22/2016 10:19:57 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (132) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 0 (0x0000000000000000) for 98304 (0x00018000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/22/2016 10:13:51 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (204) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb" at offset 491520 (0x0000000000078000) for 32768 (0x00008000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/22/2016 10:07:35 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (204) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\Logs\edbtmp.log" at offset 393216 (0x0000000000060000) for 393216 (0x00060000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/22/2016 10:07:34 AM) (Source: ESENT) (EventID: 482) (User: )
Description: wuaueng.dll (204) SUS20ClientDataStore: An attempt to write to the file "C:\Windows\SoftwareDistribution\DataStore\DataStore.edb" at offset 144244736 (0x0000000008990000) for 393216 (0x00060000) bytes failed after wuaueng.dll0 seconds with system error 112 (0x00000070): "There is not enough space on the disk. ".  The write operation will fail with error -1808 (0xfffff8f0).  If this error persists then the file may be damaged and may need to be restored from a previous backup.
 
Error: (04/22/2016 02:41:45 AM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x8004231f).
 
 
System errors:
=============
Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/22/2016 11:52:32 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/22/2016 11:52:32 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/22/2016 11:52:32 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/22/2016 11:52:21 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/22/2016 11:52:21 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/22/2016 11:52:21 AM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/22/2016 11:48:30 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:47:46 AM on ‎4/‎22/‎2016 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2013-04-11 17:15:25.842
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-11 17:15:25.721
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-11 17:05:58.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-11 17:05:58.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-10 01:52:20.922
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-10 01:52:20.656
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 22:50:47.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 22:50:47.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 18:43:39.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 18:43:39.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 48%
Total physical RAM: 8180.5 MB
Available physical RAM: 4205.64 MB
Total Virtual: 8204.27 MB
Available Virtual: 3560.89 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:0.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 77C8EAB9)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by burntreesplease, 22 April 2016 - 11:03 AM.

  • 0

Advertisements


#2
burntreesplease

burntreesplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

bump


  • 0

#3
burntreesplease

burntreesplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

bump.....................


  • 0

#4
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
Hello :)

Bumping your topic has caused it to be automatically removed from the Unreplied Topics section. When you bump your topic and it's removed from the Unreplied Topics section, we no longer see it, and assume that a helper has replied. If you've not received help within 3 days of posting your topic, please follow the instructions here.
 
I've reviewed your logs, but see very little there.  But there are a lot of orphaned entries, (items left over from uninstalled software, etc.) so let's get rid of those and run a few more tools. :thumbsup:


Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: P2P Warning

I noticed that you have a P2P file sharing program on your computer . I cannot stress highly enough the danger in using these types of programs. P2P programs are one of the major avenues of infection these days. The files downloaded with these programs are more likely than not infected with trojans, malware, rootkits, etc.

You run the risk of getting an infection that can compromise your sensitive data, such as financial records, personal information, etc. That is just the infection aspect of using P2P programs. You also run the risk of possible arrest, fines, or in severe cases, jail time for illegal downloading of copyrighted material.

There are also new infections out there such as CryptoWall 3.0 and CryptoLocker. When infected with these, all of your personal files on any drive connected to your computer will be affected. These infections copy all your files, encrypt them, and then delete the originals, leaving you with the encrypted copies. You are then presented with a screen telling you you have a certain amount of time to pay the ransom for the decryption code to decrypt your files. Even if you pay the ransom, there decryption process usually results in corrupt and unusable files.

There is nothing we can do to decrypt the files, as they use very sophisticated encryption techniques. Please consider this when using P2P programs. Malware and ransomware writers use P2P to spread their infections.


Here are some information sources about the dangers of P2P programs:

FBI - Peer to Peer Scams

USA Today Artticle on P2P Programs

File Sharing Infects 500,000 Computers

I very much recommend you uninstall this program from your machine. If not, I can guarantee you will be back needing help with your machine again. The risks of infections from content downloaded with P2P programs far outweigh any benefit of using them.

It is, of course, your choice as to whether or not you remove the program from your machine. It is my duty though, to point out how dangerous it is to use these programs. However, I must request that you do not use it while we are cleaning your machine.


Step 2: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {127f379e-098a-11e2-ae48-70f1a1b7c8b0} - E:\setup.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {1b971fbc-6dc9-11e5-9fb5-70f1a1b7c8b0} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {24e9bf11-c599-11e1-af4f-f04da247060b} - E:\setup.exe -a
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {292a1846-0d7f-11e2-afed-70f1a1b7c8b0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {325a1442-6aa1-11e4-b5da-70f1a1b7c8b0} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {d8c71570-c262-11e3-86a8-70f1a1b7c8b0} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Evans\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 PCDSRVC{1353820B-E58E0D1F-06020200}_0; \??\c:\__de11ctstestfolder20120wdcsa__\tools\pcdr\pcdsrvc_x64.pkms [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {129215A7-C6B5-490E-BB0A-235D20A68C56} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
AlternateDataStreams: C:\Users\Evans\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Evans\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Evans\Documents\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Step 3: Junkware Removal Tool

junkware-removal-tool_zpspjolgpuh.png Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: AdwCleaner

Download ADWcleaner by clicking here. Please save it to your Desktop


adwcleanerscreen_zpsm6wq1ei9.jpg
  • Double click (Vista and 7 Users)right click the adwcleaner.exe file and click Run as Adminstrator and accept the UAC prompt to run AdwCleaner
  • Once AdwCleaner's control panel is open and it says "Waiting for Action", click on Options at the top of the control panel.
  • Please Check the following options:
    • Reset Proxy Settings
    • Reset Winsock Settings
    • Reset TCP/IP Settings
    • Reset Firewall Settings
    • Reset IPSec Settings
    • Reset BITS Queue
    • Reset Internet Explorer Policies
    • Reset Chrome Policies
  • Close any open windows or browsers.
  • Pause your Anti-Virus program if it is running.
  • Once it starts, click on the Scan button.
  • Let the scan complete itself. This may take a few minutes.
  • Once the scan has finished, it will say "Pending, uncheck elements you don't want to remove.", don't worry about unchecking anything and then click the Cleaning button. When finished, it will ask to reboot. Please reboot.
  • When the machine has rebooted, a log will be produced. Please copy/paste that in your next reply. Here's how:
    • Click the Logfile button and the log will open. Copy and Paste the contents of the log file into your next reply.
    This report is also saved at C:\Adwcleaner
Step 5: Fresh FRST Scan
  • Start Farbar's Recovery Scan Tool and press the Scan button.
  • FRST will scan your system and produce two logs: FRST.txt and Addition.txt. Please post them in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

Fixlog.txt Log

Junkware Removal Tool Log

AdwCleaner Log

Fresh FRST.txt Log

Fresh Addition.txt Log

  • 0

#5
burntreesplease

burntreesplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version:18-04-2016

Ran by Evans (2016-04-24 16:09:42) Run:1
Running from C:\Users\Evans\Desktop
Loaded Profiles: Evans (Available Profiles: Evans & Guest)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Policies\Explorer: []
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {127f379e-098a-11e2-ae48-70f1a1b7c8b0} - E:\setup.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {1b971fbc-6dc9-11e5-9fb5-70f1a1b7c8b0} - E:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {24e9bf11-c599-11e1-af4f-f04da247060b} - E:\setup.exe -a
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {292a1846-0d7f-11e2-afed-70f1a1b7c8b0} - E:\LaunchU3.exe -a
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {325a1442-6aa1-11e4-b5da-70f1a1b7c8b0} - F:\VZW_Software_upgrade_assistant.exe
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MountPoints2: {d8c71570-c262-11e3-86a8-70f1a1b7c8b0} - E:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
SearchScopes: HKLM-x32 -> {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2786678
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Evans\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [No File]
S3 Delldiag; \??\C:\__de11ctstestfolder20120wdcsa__\DellDiags\WBT_W64\DDDriver.sys [X]
S3 PCDSRVC{1353820B-E58E0D1F-06020200}_0; \??\c:\__de11ctstestfolder20120wdcsa__\tools\pcdr\pcdsrvc_x64.pkms [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
Task: {129215A7-C6B5-490E-BB0A-235D20A68C56} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
C:\Program Files (x86)\YourFileDownloader
AlternateDataStreams: C:\Users\Evans\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Evans\Desktop\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Evans\Documents\.DS_Store:AFP_AfpInfo [122]
AlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo [122]
CMD: bitsadmin /reset /allusers
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
CMD: ipconfig /flushdns
Emptytemp:
End
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\ => value removed successfully
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{127f379e-098a-11e2-ae48-70f1a1b7c8b0}" => key removed successfully
HKCR\CLSID\{127f379e-098a-11e2-ae48-70f1a1b7c8b0} => key not found. 
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1b971fbc-6dc9-11e5-9fb5-70f1a1b7c8b0}" => key removed successfully
HKCR\CLSID\{1b971fbc-6dc9-11e5-9fb5-70f1a1b7c8b0} => key not found. 
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24e9bf11-c599-11e1-af4f-f04da247060b}" => key removed successfully
HKCR\CLSID\{24e9bf11-c599-11e1-af4f-f04da247060b} => key not found. 
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{292a1846-0d7f-11e2-afed-70f1a1b7c8b0}" => key removed successfully
HKCR\CLSID\{292a1846-0d7f-11e2-afed-70f1a1b7c8b0} => key not found. 
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{325a1442-6aa1-11e4-b5da-70f1a1b7c8b0}" => key removed successfully
HKCR\CLSID\{325a1442-6aa1-11e4-b5da-70f1a1b7c8b0} => key not found. 
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d8c71570-c262-11e3-86a8-70f1a1b7c8b0}" => key removed successfully
HKCR\CLSID\{d8c71570-c262-11e3-86a8-70f1a1b7c8b0} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\GDriveSharedOverlay" => key removed successfully
HKCR\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key removed successfully
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}" => key removed successfully
HKCR\Wow6432Node\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b} => key not found. 
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
C:\Users\Evans\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin" => key removed successfully
C:\Users\Evans\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll => not found.
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
"HKU\S-1-5-21-2915380412-2660705316-131880791-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Users\Evans\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll => not found.
Delldiag => service removed successfully
PCDSRVC{1353820B-E58E0D1F-06020200}_0 => service removed successfully
Synth3dVsc => service removed successfully
tsusbhub => service removed successfully
VGPU => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{129215A7-C6B5-490E-BB0A-235D20A68C56}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{129215A7-C6B5-490E-BB0A-235D20A68C56}" => key removed successfully
C:\Windows\System32\Tasks\Your File Updater => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Your File Updater" => key removed successfully
"C:\Program Files (x86)\YourFileDownloader" => not found.
C:\Users\Evans\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Evans\Desktop\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Evans\Documents\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {D01236A5-63C6-4B81-A7AE-3A2584A4CCEC}.
Unable to cancel {41CD2BD3-2190-45B2-A5C5-C0473FDC6996}.
Unable to cancel {29FF54AB-26A7-4E05-84D7-C46D70BB732C}.
Unable to cancel {64090FD0-E63A-470E-9DE1-222265EF0407}.
Unable to cancel {B41358FB-BC4B-4D96-B6BB-4BF330DF4D5C}.
Unable to cancel {1B487D93-1EB7-4080-B792-198BF5D839C6}.
Unable to cancel {A4AE46BF-B9AC-44EB-9584-4DC6BC81B714}.
Unable to cancel {3A0EDF4C-C9B1-4B41-B4C3-FCEB4C9B088A}.
Unable to cancel {5553A139-56ED-479D-9183-0B84D63B80B5}.
Unable to cancel {53589FDF-6DED-4EB2-B35C-5F0A48EC6487}.
Unable to cancel {BD5D7F0F-31B3-4CC0-8076-3AA90E266539}.
Unable to cancel {FA8813A6-14FA-4607-9568-6690F05CEF56}.
Unable to cancel {F5583189-23B4-43B7-A329-A5B387D0AC7C}.
{AF61B95A-C995-42BF-A7A6-A7AD6D968CCB} canceled.
{1B16A182-C0E1-477F-81B9-62E79CE98170} canceled.
{C263BA57-BAAE-4BF8-A97F-B007DC601405} canceled.
{0D9F2C57-BD4F-469B-92DA-E3A9BBCB74B3} canceled.
{A10956CE-AEA0-4630-89BA-A89B39AFB17F} canceled.
5 out of 18 jobs canceled.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
EmptyTemp: => 394 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 16:10:15 ====

 

 

 

First JRT.txt (forgot to run as administrator)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Evans (Administrator) on Sun 04/24/2016 at 16:26:42.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 13 
 
Successfully deleted: C:\ProgramData\apn (Folder) 
Successfully deleted: C:\Users\Evans\AppData\Local\packageaware (Folder) 
Successfully deleted: C:\Users\Evans\Appdata\LocalLow\conduit (Folder) 
Successfully deleted: C:\Program Files (x86)\conduit (Folder) 
Successfully deleted: C:\Program Files (x86)\GUTF3B1.tmp (File) 
Successfully deleted: C:\Users\Evans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SCM107V (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Evans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIGHL2UQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Evans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKSKHV4G (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Evans\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUFBXII2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5SCM107V (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IIGHL2UQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WKSKHV4G (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUFBXII2 (Temporary Internet Files Folder) 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/24/2016 at 16:30:06.90
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

Second JRT.txt (ran as administrator this time. didn't seem to make much of a difference)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.5 (04.20.2016)
Operating System: Windows 7 Ultimate x64 
Ran by Evans (Administrator) on Sun 04/24/2016 at 16:30:34.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 1 
 
Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660 (Registry Value) 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 04/24/2016 at 16:33:25.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

AdwareCleaner[C1].txt

 

# AdwCleaner v5.113 - Logfile created 24/04/2016 at 16:40:55

# Updated 24/04/2016 by Xplode
# Database : 2016-04-24.3 [Server]
# Operating system : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Evans - BOOMSTATION
# Running from : C:\Users\Evans\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\ShowMyPCService
 
***** [ Files ] *****
 
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Toolbar
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKU\.DEFAULT\Software\AskPartnerNetwork
[-] Key Deleted : HKU\.DEFAULT\Software\VNT
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
:: TCP/IP settings cleared
:: Firewall settings cleared
:: IPSec settings cleared
:: BITS queue cleared
:: IE policies deleted
:: Chrome policies deleted
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [1201 bytes] - [24/04/2016 16:40:55]
C:\AdwCleaner\AdwCleaner[S2].txt - [1334 bytes] - [24/04/2016 16:37:29]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1347 bytes] ##########
 

 

 

 

Fresh FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-04-2016

Ran by Evans (administrator) on BOOMSTATION (24-04-2016 16:48:17)
Running from C:\Users\Evans\Desktop
Loaded Profiles: Evans (Available Profiles: Evans & Guest)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(DEVGURU Co., LTD.) C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Flux Software LLC) C:\Users\Evans\AppData\Local\FluxSoftware\Flux\flux.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIHSA.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Verizon) C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-01-21] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1822504 2009-08-24] (Synaptics Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [IntelWirelessWiMAX] => C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe [1437696 2009-09-16] (Intel® Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1340192 2016-01-29] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [f.lux] => C:\Users\Evans\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Google Update] => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Spotify Web Helper] => C:\Users\Evans\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1525360 2016-04-22] (Spotify Ltd)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [EPLTarget\P0000000000000002] => C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHSA.EXE [241280 2013-01-03] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [MusicManager] => C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [Spotify] => C:\Users\Evans\AppData\Roaming\Spotify\Spotify.exe [6855280 2016-04-22] (Spotify Ltd)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [AutoStartVMA] => C:\Program Files (x86)\Verizon\Verizon Messages\WinVMAClient.exe [12900864 2015-09-10] (Verizon)
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Run: [GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-27] (Google Inc.)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-03-30] (Google)
ShellIconOverlayIdentifiers: [ SncrOverlays (Blocked)] -> {C418E880-6280-4010-A888-FD76028E5511} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (InSync)] -> {5F4A6070-DB92-4C56-A487-F3850430608F} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Pending)] -> {EE73A341-C788-4A6B-B1EF-DDBFC0F190B6} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
ShellIconOverlayIdentifiers: [ SncrOverlays (Syncing)] -> {28CDCD88-B179-49D6-8B21-1A9AF9C0AE13} => C:\Program Files\Verizon\Verizon Cloud\x64\Sncr.Overlays.dll [2015-11-24] (Synchronoss Technologies Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2009-12-15]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Evans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk [2012-01-30]
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9BDE40C7-9904-4D29-A8F0-21C239BA3C04}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\Evans\AppData\Roaming\Mozilla\Firefox\Profiles\5t1kyevr.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-02-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Evans\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @talk.google.com/O1DPlugin -> C:\Users\Evans\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-2915380412-2660705316-131880791-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-01-03] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\Evans\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evans\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR StartupUrls: Default -> "","hxxp://www.google.com/"
CHR Session Restore: Default -> is enabled.
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.7.796\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-21]
CHR Extension: (Google Docs) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-21]
CHR Extension: (Google Drive) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-27]
CHR Extension: (Adblock Plus) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-08]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-09-21]
CHR Extension: (Google Search) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Netflix) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-09-21]
CHR Extension: (Google+) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-10]
CHR Extension: (Google Calendar) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Photo Zoom for Facebook) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\elioihkkcdgakfbahdoddophfngopipi [2014-08-10]
CHR Extension: (Google Sheets) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-21]
CHR Extension: (Mentioned Videos for Reddit) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiimkmdalmgffhibfdjnhljpnigcmohf [2015-07-01]
CHR Extension: (Google Docs Offline) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (VBA-M) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\haggjokgofpdnidibklgiepchbpamcni [2015-09-21]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-04-21]
CHR Extension: (Crackle) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2015-09-21]
CHR Extension: (Google Play Music) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-09-21]
CHR Extension: (Really unexpected jihad and cena!) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikdnplleocicihlgeaijcmjhobapdmep [2016-02-22]
CHR Extension: (SoundCloud) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipebkipbeggmmkjjljenoblnfaenambp [2015-09-21]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-03-17]
CHR Extension: (Google Hangouts) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-03-16]
CHR Extension: (Google Play) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-09-21]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-06]
CHR Extension: (Google Maps) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-21]
CHR Extension: (Google Drawings) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkaakpdehdafacodkgkpghoibnmamcme [2015-09-27]
CHR Extension: (Ghostery) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-22]
CHR Extension: (Google Play Books) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmimngoggfoobjdlefbcabngfnmieonb [2016-04-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (My Chrome Theme) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-08-26]
CHR Extension: (myHomework Student Planner) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pembccdigcahnckbjcbehhcacplbbomj [2016-03-25]
CHR Extension: (Visualping) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pemhgklkefakciniebenbfclihhmmfcd [2016-04-05]
CHR Extension: (SiteBlock) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfglnpdpgmecffbejlfgpnebopinlclj [2012-11-12]
CHR Extension: (Gmail) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-04]
CHR Extension: (RSS Feed Reader) - C:\Users\Evans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2016-03-07]
CHR HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Evans\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-05-17]
CHR HKU\S-1-5-21-2915380412-2660705316-131880791-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 BNPagent; C:\Program Files (x86)\Bradford Networks\Persistent Agent\bndaemon.exe [3082384 2012-08-16] (Bradford Networks)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [403456 2009-09-16] (Red Bend Ltd.) [File not signed]
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2010-01-11] (Stardock Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2016-01-29] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-07-17] ()
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [374344 2016-01-29] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S4 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S4 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S4 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe [244736 2010-01-21] (IDT, Inc.)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [907264 2009-09-16] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3377904 2013-07-17] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [289120 2015-11-13] (Microsoft Corporation)
R3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133816 2015-11-13] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-07-09] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-24 16:35 - 2016-04-24 16:40 - 00000000 ____D C:\AdwCleaner
2016-04-24 16:31 - 2016-04-24 16:31 - 03580480 _____ C:\Users\Evans\Desktop\AdwCleaner.exe
2016-04-24 16:30 - 2016-04-24 16:33 - 00000707 _____ C:\Users\Evans\Desktop\JRT.txt
2016-04-24 16:26 - 2016-04-24 16:26 - 01610008 _____ (Malwarebytes) C:\Users\Evans\Desktop\JRT.exe
2016-04-24 16:20 - 2016-04-24 16:20 - 00480336 _____ C:\Windows\system32\FNTCACHE.DAT
2016-04-24 16:20 - 2016-04-24 16:20 - 00124712 _____ C:\Users\Evans\AppData\Local\GDIPFONTCACHEV1.DAT
2016-04-24 16:09 - 2016-04-24 16:31 - 00011231 _____ C:\Users\Evans\Desktop\Fixlog.txt
2016-04-22 23:01 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-04-22 13:32 - 2016-04-22 13:32 - 00000000 ____D C:\Program Files (x86)\ESET
2016-04-22 12:23 - 2016-04-22 12:25 - 00049267 _____ C:\Users\Evans\Desktop\Addition.txt
2016-04-22 12:22 - 2016-04-24 16:48 - 00024498 _____ C:\Users\Evans\Desktop\FRST.txt
2016-04-22 12:21 - 2016-04-24 16:48 - 00000000 ____D C:\FRST
2016-04-22 12:16 - 2016-04-22 12:16 - 02375680 _____ (Farbar) C:\Users\Evans\Desktop\FRST64.exe
2016-04-20 13:02 - 2016-04-20 13:02 - 00785232 ____H C:\Users\Evans\AppData\Local\IconCache.db.backup
2016-04-18 09:42 - 2016-04-18 09:42 - 00000000 _____ C:\Users\Evans\Desktop\study_guide_electrochemistry.pdf
2016-04-18 09:41 - 2016-04-18 09:41 - 00087161 _____ C:\Users\Evans\Desktop\attachments.zip
2016-04-15 13:57 - 2016-04-15 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Verizon Messages
2016-04-15 13:56 - 2016-04-15 13:56 - 00000000 ____D C:\Program Files (x86)\Verizon
2016-04-15 13:55 - 2016-04-15 13:55 - 14616608 _____ (Verizon) C:\Users\Evans\Documents\Message+.exe
2016-04-03 22:24 - 2016-04-19 19:04 - 00000000 ____D C:\Users\Evans\Desktop\Lab 126
2016-04-03 22:22 - 2016-04-03 22:22 - 21692750 _____ C:\Users\Evans\Desktop\Physics_Lab-2016-01-21.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-24 16:48 - 2012-06-15 16:12 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Spotify
2016-04-24 16:43 - 2012-06-15 16:13 - 00000000 ____D C:\Users\Evans\AppData\Local\Spotify
2016-04-24 16:43 - 2012-02-25 13:53 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-24 16:43 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-24 16:39 - 2012-01-30 19:26 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job
2016-04-24 16:28 - 2009-07-14 00:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-24 16:28 - 2009-07-14 00:45 - 00020112 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-24 16:26 - 2012-02-25 13:53 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-24 16:18 - 2012-01-31 18:36 - 00000000 ____D C:\Users\Evans\AppData\Roaming\uTorrent
2016-04-24 16:18 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-04-24 16:17 - 2012-03-08 14:27 - 00000928 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job
2016-04-24 16:17 - 2012-03-08 14:27 - 00000906 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job
2016-04-24 16:15 - 2013-03-12 15:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-24 16:10 - 2012-01-31 16:08 - 00000000 ____D C:\Users\Evans\AppData\LocalLow\Temp
2016-04-24 15:53 - 2016-01-24 02:53 - 00000000 ____D C:\Users\Evans\AppData\LocalLow\uTorrent
2016-04-24 15:51 - 2015-08-23 01:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-04-24 12:39 - 2012-01-30 19:26 - 00000856 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job
2016-04-24 11:53 - 2015-04-05 12:54 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-23 05:28 - 2012-02-07 16:14 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Skype
2016-04-22 15:30 - 2013-05-17 02:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-04-22 13:32 - 2009-07-14 01:32 - 00000000 ____D C:\Windows\Downloaded Program Files
2016-04-22 11:27 - 2015-09-21 23:21 - 00000000 ____D C:\Users\Evans\AppData\Local\Dropbox
2016-04-22 10:50 - 2015-09-21 23:16 - 00000000 ___RD C:\Users\Evans\Dropbox
2016-04-22 10:50 - 2014-04-04 14:25 - 00000000 ____D C:\Users\Evans\AppData\Roaming\Dropbox
2016-04-22 03:57 - 2009-12-15 12:54 - 00453288 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-15 13:57 - 2013-08-24 15:26 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-15 13:42 - 2009-07-14 01:08 - 00032634 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-04-03 13:39 - 2012-02-25 13:54 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-01 08:01 - 2009-07-14 01:13 - 00000574 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-30 07:25 - 2012-11-26 00:28 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-30 07:25 - 2012-02-25 13:53 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-30 07:24 - 2012-02-07 16:14 - 00000000 ____D C:\ProgramData\Skype
 
==================== Files in the root of some directories =======
 
2012-11-02 06:00 - 2012-11-02 06:04 - 0005305 _____ () C:\Users\Evans\AppData\Roaming\flexadmin.xml
2014-11-01 11:13 - 2014-11-01 11:13 - 0000000 _____ () C:\Users\Evans\AppData\Local\{3C79C78A-7E6E-4E32-978C-55C0793C005F}
2012-10-03 01:22 - 2012-10-03 02:19 - 0000815 _____ () C:\ProgramData\hpzinstall.log
2012-10-03 16:33 - 2012-10-03 16:33 - 0000153 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
 
Some files in TEMP:
====================
C:\Users\Evans\AppData\Local\Temp\libeay32.dll
C:\Users\Evans\AppData\Local\Temp\msvcr120.dll
C:\Users\Evans\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-09 02:50
 
==================== End of FRST.txt ============================

 

 

 

Fresh Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-04-2016

Ran by Evans (2016-04-24 16:48:56)
Running from C:\Users\Evans\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2012-01-30 23:25:24)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2915380412-2660705316-131880791-500 - Administrator - Disabled)
Evans (S-1-5-21-2915380412-2660705316-131880791-1001 - Administrator - Enabled) => C:\Users\Evans
Guest (S-1-5-21-2915380412-2660705316-131880791-501 - Limited - Enabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-2915380412-2660705316-131880791-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {768124D7-F5F7-6D2F-DDC2-94DFA4017C95}
AS: Microsoft Security Essentials (Enabled - Up to date) {CDE0C533-D3CD-62A1-E772-AFADDF863628}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.15) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.15 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
AMD Catalyst Install Manager (HKLM\...\{7E5DC2C5-115A-322B-976C-219237FAED66}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bradford Persistent Agent (HKLM-x32\...\{1DFDD524-C61F-444A-AFD4-E780DECF7816}) (Version: 2.2.6.4 - Bradford Networks)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
Chrome Remote Desktop Host (HKLM-x32\...\{C230A275-D2A0-446B-ACE5-06BF067D50F2}) (Version: 50.0.2661.22 - Google Inc.)
Defraggler (HKLM\...\Defraggler) (Version: 2.14 - Piriform)
Dell Dock (HKLM-x32\...\Dell Dock) (Version: 2.0 - Stardock Corporation)
Dell Dock (Version: 2.0 - Stardock Corporation) Hidden
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 14.0.2.0 - Synaptics Incorporated)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON WorkForce 845 Series Printer Uninstall (HKLM\...\EPSON WorkForce 845 Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Flux) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fallout (HKLM-x32\...\Fallout_is1) (Version:  - GOG.com)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.110 - Google Inc.)
Google Drive (HKLM-x32\...\{B0F1B758-60D6-41F7-93D9-212A448813FE}) (Version: 1.29.1862.0513 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{CA3DD97D-1FD7-37A7-BD5C-FC4430C8B8E6}) (Version: 5.41.2.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version:  - Blizzard Entertainment)
HP Photosmart D110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{14BC6853-A74E-4874-B50D-679889D1544D}) (Version: 14.0 - HP)
Intel® PROSet/Wireless Software (HKLM-x32\...\{1e9b4847-4e73-4d00-91f5-96e0f6ce3e5a}) (Version: 16.1.1 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{FAE224AF-B15E-448B-88FA-1839A7570CF8}) (Version: 2.00.0011 - Intel Corporation)
InViewer version 0.81 (HKLM-x32\...\{7E575733-1DF5-4064-AE38-289BA932398A}_is1) (Version: 0.81 - Stefan Wobbe)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Magicka (HKLM-x32\...\Steam App 42910) (Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Maple 16 (HKLM\...\Maple 16) (Version:  - Maplesoft)
Maple 16 (HKLM-x32\...\Maple 16) (Version: 16.0.0.0 - Maplesoft)
Maple Toolbox (HKLM-x32\...\Maple Toolbox) (Version: 16.0.0.0 - Maplesoft)
MediaMonkey 4.0 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.0 - Ventis Media Inc.)
Message+ (HKLM-x32\...\{c828830f-53d4-4a2f-ad5a-0b86574bce11}) (Version: 1.0.17.0 - Verizon)
Message+ (x32 Version: 1.0.17.0 - Verizon) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.9.218.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\MusicManager) (Version:  - Google, Inc.)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
PS_AIO_07_D110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM-x32\...\{627FFC10-CE0A-497F-BA2B-208CAC638010}) (Version: 7.77.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
RPG MAKER VX Ace RTP (HKLM-x32\...\RPGVXAce_RTP_is1) (Version: 1.00 - Enterbrain)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\Spotify) (Version: 1.0.27.75.gdc223232 - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUABnR (HKLM-x32\...\InstallShield_{2485354C-6B65-4978-BB91-CCE61442377B}) (Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.)
SUABnR (x32 Version: 1.1.0.13103_1 - Samsung Electronics Co., Ltd.) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
Toolbox (x32 Version: 140.0.424.000 - Hewlett-Packard) Hidden
Unity Web Player (HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Verizon Cloud (HKLM\...\Verizon Cloud) (Version: 15.3.7.8 - Verizon)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM-x32\...\{3D355D7F-004B-4D8B-9AAC-E1B4F8F7A6E7}) (Version: 2.15.0508 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM-x32\...\{F493FC2E-A0ED-4B7F-A25B-2161A225D294}) (Version: 2.15.0904 - Samsung Electronics Co., Ltd.)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9603 - Broadcom Corporation)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\ooofilt_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\propertyhdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files (x86)\OpenOffice 4\program\shlxthdl\shlxthdl_x64.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-2915380412-2660705316-131880791-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evans\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0C1BAFFB-809A-416E-A536-D9C19424F1A8} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {0E61D970-4B54-443B-B8C5-8A59C01B7A85} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-04] (Adobe Systems Incorporated)
Task: {2AD370D3-8235-4222-A56A-75AA4CB1D6F2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {2C7A7AEE-9D08-44CD-BE64-F59C2E5291E8} - System32\Tasks\{80034D0E-D9D9-4A21-AEE9-7376293B06A3} => pcalua.exe -a C:\Users\Evans\Downloads\winsdk_web.exe -d C:\Users\Evans\Downloads
Task: {3B691F75-0F9F-4609-960A-AE2902EFA315} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {42439A62-EAB9-46AF-BCD3-57EBEBDF19AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {4A636A23-2DF3-4BA9-BCA0-4EBFB8121C57} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {5653D9B7-02C0-4F37-8D72-4332B373FC38} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {58F04CD6-7E8E-41EE-9F73-908D5C560707} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {60026016-4E1F-42CE-B1EE-061E4077B868} - System32\Tasks\{30BBAB27-7BD1-47D8-8BD9-E1FB6EC92C43} => pcalua.exe -a C:\Users\Evans\Downloads\setup1.exe -d C:\Users\Evans\Downloads
Task: {6537CA8B-A253-4BF8-853E-81109AE5B7D8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {7ACAF0BB-406A-415B-9406-8563FB966D92} - System32\Tasks\{B40F3588-512D-4179-88D9-51B019C70E75} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\PTC\Creo 1.0\Parametric\bin\parametric.exe"
Task: {9DAB3923-1F4E-4C16-BF0B-F39A54FBD64C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {B3E3CED7-52E6-4B9A-BA03-2ECF28A33785} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {B9689E7B-9A9A-4F63-840A-364343B9BBE9} - System32\Tasks\avastBCLRestart_chrome.exe => Chrome.exe 
Task: {CAA4BDB6-E505-4702-949D-AB4F953D5A40} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E6BDAA22-1C6B-4E79-99F4-1A938048A57A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job => C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001Core.job => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2915380412-2660705316-131880791-1001UA.job => C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-08-18 01:10 - 2009-08-18 01:10 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 10683392 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 07741952 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 02248192 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 01681408 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00117248 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00231936 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00253440 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2015-03-31 18:33 - 2015-03-31 18:33 - 00344064 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-09-03 15:15 - 2014-09-03 15:15 - 00026624 _____ () C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2015-09-24 00:40 - 2016-04-22 11:53 - 47503472 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libcef.dll
2014-10-20 20:21 - 2014-10-20 20:21 - 00612152 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\sqlite3.DLL
2015-05-13 04:30 - 2015-05-13 04:30 - 01655296 _____ () C:\Program Files (x86)\Verizon\Verizon Messages\VzMessagingClientLib.dll
2016-04-03 13:39 - 2016-03-27 03:58 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libglesv2.dll
2016-04-03 13:39 - 2016-03-27 03:58 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\libegl.dll
2015-09-24 00:40 - 2016-04-22 11:52 - 01584240 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libglesv2.dll
2015-09-24 00:40 - 2016-04-22 11:52 - 00082032 _____ () C:\Users\Evans\AppData\Roaming\Spotify\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMPCHelper => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\tvnserver => ""=""
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-2915380412-2660705316-131880791-1001\...\123simsen.com -> www.123simsen.com
 
There are 7867 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:34 - 2015-01-19 02:41 - 00450892 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15465 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2915380412-2660705316-131880791-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Evans\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: BNPagent => 2
MSCONFIG\Services: EPSON_PM_RPCV4_05 => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: SDScannerService => 2
MSCONFIG\Services: SDUpdateService => 2
MSCONFIG\Services: SDWSCService => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\startupfolder: C:^Users^Evans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Curse.lnk => C:\Windows\pss\Curse.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Evans^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: EPLTarget => 
MSCONFIG\startupreg: Facebook Update => "C:\Users\Evans\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\Evans\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3D53C1E8C493C45D0E2DECFF5959F660 => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: MusicManager => "C:\Users\Evans\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Raptr => C:\PROGRA~2\Raptr\raptrstub.exe --startup
MSCONFIG\startupreg: SDTray => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
MSCONFIG\startupreg: Spotify => "C:\Users\Evans\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Evans\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VerizonCloud => C:\Program Files\Verizon\Verizon Cloud\VerizonCloud.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{1788B10E-56DE-4147-950A-F096FA5C42CD}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{4C78A861-DE9F-4921-BFB3-6AA8D718EF75}C:\users\evans\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\evans\appdata\roaming\spotify\spotify.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
24-04-2016 16:30:34 JRT Pre-Junkware Removal
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/24/2016 04:48:49 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3002) (User: NT AUTHORITY)
Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is . The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.
 
 
System errors:
=============
Error: (04/24/2016 04:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/24/2016 04:44:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/24/2016 04:44:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/24/2016 04:44:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/24/2016 04:44:06 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/24/2016 04:44:06 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/24/2016 04:43:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: 
%%-2140993535
 
Error: (04/24/2016 04:43:56 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Peer Name Resolution Protocol service terminated with the following error: 
%%-2140993535
 
Error: (04/24/2016 04:43:56 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
 
Error: (04/24/2016 04:43:26 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:42:32 PM on ‎4/‎24/‎2016 was unexpected.
 
 
CodeIntegrity:
===================================
  Date: 2013-04-11 17:15:25.842
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-11 17:15:25.721
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-11 17:05:58.543
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-11 17:05:58.387
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-10 01:52:20.922
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-10 01:52:20.656
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 22:50:47.752
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 22:50:47.471
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 18:43:39.594
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2013-04-09 18:43:39.329
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\atikmpag.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 51%
Total physical RAM: 8180.5 MB
Available physical RAM: 3944.19 MB
Total Virtual: 8178.71 MB
Available Virtual: 3789.63 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:0.49 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 77C8EAB9)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 

These should be all the logs you requested. Awaiting your instruction.


Edited by burntreesplease, 24 April 2016 - 02:54 PM.

  • 0

#6
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
Hello :)

The fresh FRST logs are clean, let's run some further scans. :thumbsup:

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Step 1: Scan with Malwarebytes

Start the program and select Update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings_zpsb6b9ada0.jpg

Go back to the Dashboard and select Scan Now

mbam21-console_zpslhr5hawa.jpg

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot_zps9089ab30.jpg

MBAMLog_zpsade07f42.jpg

On completion of the scan (or after the reboot), start MBAM,

Click History, then Application Logs, then check the Select box by the first Scan Log in the list and then click on the log to highlight it.

Click Export, select text file and save to the desktop as MBAM.txt and post in your next reply.




Step 2: ESET Online Virus Scan

Please note: You can use Internet Explorer or Firefox for this step.

If you use Firefox, you will be prompted to download esetsmartinstaller_enu.exe. Please do so, then double click it to install it.

Please click on this link and then click the ESET Online Scanner bar ---->esetbar_zps93905f48.jpg
  • Select the option YES, I accept the Terms of Use then click on Start
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • Now click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Step 3: Security Analysis

Please download Security Analysis by Rocket Grannie from here
  • Save it to your Desktop.
  • Close your security software to avoid potential conflicts.
  • Double click RGSA.exe
  • Click OK on the copyright-disclaimer
  • It will produce a log named SALog.txt on the Desktop or in the same folder from where the tool is run if installed elsewhere.
  • Please copy and paste the contents of that log in this topic.
Things I need to see in your next post:
  • ESET Scan Log
  • MBAM Log
  • SecurityCheck Log

  • 0

#7
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#8
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
User returned.
  • 0

#9
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0

#10
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
User returned.


Step 1: Fresh FRST Logs

If you stll have FRST on your Desktop, please delete it and download a fresh copy.

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Place a check in the box marked Addition.txt

    farbarmainpanel_zps77bf9e25.jpg
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Step 2: RogueKiller

Please disable your antivirus for the duration of my instructions. Don't forget to re-enable them after you have completed the steps.

Please click the link below to download Rogue Killer to your desktop

RogueKiller
  • Click on Scan
  • The scan will take a short amount of time
  • Click on Report to open the log.
  • Copy and paste the content of the log in your next reply.
Things I need to see in your next post:

Please post each of these logs as a separate reply in this thread.

FRST Log

Addition.txt Log

RogueKiller Log

  • 0

Advertisements


#11
burntreesplease

burntreesplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

FRST Log

 

 

 

 
 
LastRegBack: 2016-04-09 02:50
 
==================== End of FRST.txt ============================

  • 0

#12
burntreesplease

burntreesplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Addition Log

 

 

 

 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7 CPU Q 720 @ 1.60GHz
Percentage of memory in use: 43%
Total physical RAM: 8180.5 MB
Available physical RAM: 4661.82 MB
Total Virtual: 8400.29 MB
Available Virtual: 4199.62 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.24 GB) (Free:0 GB) NTFS ==>[drive with boot components (obtained from BCD)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 119.2 GB) (Disk ID: 77C8EAB9)
Partition 1: (Active) - (Size=119.2 GB) - (Type=07 NTFS)
 

  • 0

#13
burntreesplease

burntreesplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

For the RogueKiller program, it requires 26.84 MB of space to download and I currently have 0. When I delete anything I get no space back. The amount of space I have available at any point in time seems to be random. Is there anything I can do to gain 30 MB of space long enough to download RogueKiller?


  • 0

#14
pystryker

pystryker

    Trusted Helper

  • Malware Removal
  • 3,884 posts
Let's try running a small FRST script to empty your temp files out, as the logs produced have nothing in them.

Once this fix is complete, check you disk space. If it's enough to run RogueKiller, please do so. Also, please re-run FRST with the Addition box checked.

Step 1: Fix with FRST
  • Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below. (To do this highlight the contents of the box, right click on it and select copy.
  • Right-click in the open notepad and select Paste).
  • Save it on the desktop as fixlist.txt

    NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

Start
Emptytemp:
End


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.


Run FRST and press the Fix button just once and wait. The tool will make a log on the desktop (Fixlog.txt) please post it in your next reply.


Things I need to see in your next post:

Fixlog.txt Log

If enough space is open:

FRST.txt Log

Addition.txt Log

RogueKiller Log

  • 0

#15
burntreesplease

burntreesplease

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts

Thanks for all of your help but I believe I've found out and fixed the issue and I don't think it malware based. It just seemed that way with how aggressive the loss of memory was. Thanks again


  • 0






Similar Topics


Also tagged with one or more of these keywords: disk space, eating, losing, losing disk space, disappearing, appdata

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP