conhost.exe virus in services

Hewlett-packard / PAVILION
June 24, 2016 at 15:34:57
Specs: Windows 7 Home Premium , i3- 1.7 Ghz
I just found several infections 134 to be exact on my Inspiron 3542 Windows 7 laptop. I did the scan with maleware bytes. It quenteened them asked to restart I did not because I was going to shut down and boot back up. It was applying some updates and then shut down. I booted it back up it finished with the updates and then did clean up then just a black screen. I noticed conhost.exe running in services after hitting ctrl alt delete. It looks like I am locked out. I need some help here I have not tried safe mode yet. Thanks

See More: conhost.exe virus in services

Report •


#1
June 24, 2016 at 16:44:42
Here is the 1st step, more steps will be needed.

Run HitmanPro Kickstart. Note: You will need a USB flash/thumb/pen drive to use this method.
http://www.surfright.nl/en/kickstart
Create a HitmanPro.Kickstart USB flash drive on a good comp, then insert the flash drive in the faulty comp.
Boot & go into the bios & change the boot order to the thumb drive first. F10 to Save & Exit.
HitmanPro.Kickstart user manual / guide
http://antimalwaresoftware.nl/handl...
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
Download 32-bit HitmanPro 3.7 with Kickstart
http://dl.surfright.nl/HitmanPro.exe
HitmanPro 3.7 with Kickstart (64-bit)
http://dl.surfright.nl/HitmanPro_x6...


Report •

#2
June 25, 2016 at 02:55:42
After I shut down and booted back up it seems fine now. I will do what you said. Thanks for the help.

Report •

#3
June 25, 2016 at 04:38:16
When I try to start with Hit man pro USB I select option 1 it runs startup repair.

Just tried a second time went back to startup repair and I get a message startup repair cannot repair this computer automatically. I can boot into Windows now.

message edited by ChristopherTGarrett


Report •

Related Solutions

#4
June 25, 2016 at 07:17:41
conhost.exe ain't a virus, its a service which was probably ain't infected.

Report •

#5
June 25, 2016 at 09:09:02
It can be a virus. The computer just had a black screen. I hit ctrl-alt-delete there was actually 2 conhost.exe running. I tried to close them they came right back. And right now conhost.exe is not running.

Report •

#6
June 25, 2016 at 11:54:16
OK I am sorry maybe it is not a virus. I just got Process Explore and it shows it is a Microsoft Service. From google results there is a fake conhost just like csrss.

Report •

#7
June 25, 2016 at 16:25:49
"OK I am sorry maybe it is not a virus"
Yep, it looks that way.

"google results there is a fake conhost just like csrss"
You can have a fake system file of anything.
Running special tools will confirm, or you do a manual search on the comp & the fake will be in a place it shouldn't be.
In your case > C:\Windows\System32\conhost.exe


Report •

#8
June 25, 2016 at 16:29:19
"It quenteened them asked to restart I did not because I was going to shut down and boot back up"
Copy & Paste the contents of that log, please.
Log locations
http://i.imgur.com/s05hsP9.gif
http://i.imgur.com/qZ5dybV.gif
http://i.imgur.com/wOHlluy.gif
http://i.imgur.com/pYQQLah.gif

Report •

#9
June 26, 2016 at 08:14:46
Agreed, you can have a fake version of any system file.
It might/might not be a virus, not sure yet.
What are the test results??

Report •

#10
June 26, 2016 at 13:20:06
OK Here it is I do not like the new version of malware bytes.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 6/24/2016
Scan Time: 4:39 PM
Logfile: mbamlog2.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.06.24.04
Rootkit Database: v2016.05.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Chris

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 448660
Time Elapsed: 1 hr, 39 min, 44 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 2
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\AdVpnService.exe, 1716, Delete-on-Reboot, [9e263ac60e8c9a9c58454b7a13efe11f]
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\AdVpnProxyService.exe, 1764, Delete-on-Reboot, [9d270bf50a9077bf633b0fb606fc13ed]

Modules: 0
(No malicious items detected)

Registry Keys: 23
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E, Quarantined, [a71d30d0782292a45de35b7ef40fcd33],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E, Quarantined, [1ca808f839610e28320e09d029daa25e],
PUP.Optional.iDot, HKLM\SOFTWARE\IDOT, Quarantined, [c5ffdf21a3f7c472a15f3abfcc37817f],
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\TRACING\ddnow_RASAPI32, Quarantined, [4b7921df6931b581b7fbd6233dc67789],
Adware.Agent, HKLM\SOFTWARE\MICROSOFT\TRACING\ddnow_RASMANCS, Quarantined, [33913cc4623886b0bdf57e7bd033b050],
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\Matlane_RASAPI32, Quarantined, [af15b0504c4e95a1a0f4d21ce71c48b8],
PUP.Optional.Smeazymo, HKLM\SOFTWARE\MICROSOFT\TRACING\Matlane_RASMANCS, Quarantined, [c400b64a3367171f8c088c62f310bf41],
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{74B387AC-537A-4E34-91D9-C211382070F8}, Delete-on-Reboot, [9c285fa1e4b6a096125ea324768c9f61],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D79DF908-EAD6-47ED-9872-7C3F0014B77A}, Delete-on-Reboot, [6460be42504a201655bfec0149ba58a8],
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA580F15-E8A2-4E69-9DC1-B28194674C91}, Delete-on-Reboot, [497b51afbddd3df9898a0be2b64d05fb],
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF4C3C29-9C8D-4788-B869-AC2E3BDCBE29}, Delete-on-Reboot, [10b4768a2d6d1521531cf9ce5ba71ce4],
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\24840602, Delete-on-Reboot, [5b6918e823777eb88ee4d9ee06fc38c8],
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Da2484060224840602, Delete-on-Reboot, [e4e0f808abef1b1bcfa4af18887aa35d],
PUP.Optional.AdVPN, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AdVPN, Quarantined, [20a4f808cfcb61d5db2a6e8d4db6d42c],
PUP.Optional.AdVPN, HKLM\SOFTWARE\WOW6432NODE\AdVPN, Quarantined, [e2e2b8486634d95dbc47be3d9d662ed2],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E, Quarantined, [497bb64a5a407eb86cd4657444bf629e],
PUP.Optional.iDot, HKLM\SOFTWARE\WOW6432NODE\IDOT, Quarantined, [0abaec14e8b246f06c94c6331ae92cd4],
PUP.Optional.AdVPN, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AdVPN, Quarantined, [9232e818f5a5b87ebd488b7041c2827e],
PUP.Optional.AdVPN, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\AdVpnProxyService, Quarantined, [269e01ff811969cd0cfab249ea197888],
PUP.Optional.AdVPN, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Alto Cloud Media Ltd. AdVpnProxyService, Quarantined, [566ec13ff3a7300656b1f704788b0df3],
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}, Quarantined, [329237c9cad0db5bfdec5445bc47fa06],
PUP.Optional.AdVPN, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdVPN Service, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AdVpnProxyService, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],

Registry Values: 11
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E|ProductName, Consumer Input Update Helper, Quarantined, [a71d30d0782292a45de35b7ef40fcd33]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E|ProductName, Consumer Input Update Helper, Quarantined, [1ca808f839610e28320e09d029daa25e]
PUP.Optional.iDot, HKLM\SOFTWARE\IDOT|idot, ok, Quarantined, [c5ffdf21a3f7c472a15f3abfcc37817f]
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{74B387AC-537A-4E34-91D9-C211382070F8}|Path, \Da2484060224840602, Delete-on-Reboot, [9c285fa1e4b6a096125ea324768c9f61]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D79DF908-EAD6-47ED-9872-7C3F0014B77A}|Path, \SPDriver, Delete-on-Reboot, [6460be42504a201655bfec0149ba58a8]
PUP.Optional.Goobzo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FA580F15-E8A2-4E69-9DC1-B28194674C91}|Path, \ShopperProJSUpd, Delete-on-Reboot, [497b51afbddd3df9898a0be2b64d05fb]
PUP.Optional.MultiPlug.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{FF4C3C29-9C8D-4788-B869-AC2E3BDCBE29}|Path, \24840602, Delete-on-Reboot, [10b4768a2d6d1521531cf9ce5ba71ce4]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INSTALLER\PRODUCTS\93BAD29AC2E44034A96BCB446EB8552E|ProductName, Consumer Input Update Helper, Quarantined, [497bb64a5a407eb86cd4657444bf629e]
PUP.Optional.iDot, HKLM\SOFTWARE\WOW6432NODE\IDOT|idot, ok, Quarantined, [0abaec14e8b246f06c94c6331ae92cd4]
PUP.Optional.ConsumerInput, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}|DisplayName, Consumer Input Update Helper, Quarantined, [329237c9cad0db5bfdec5445bc47fa06]
PUM.Optional.ProxyHijacker, HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|ProxyServer, 127.0.0.1:8118, Quarantined, [d1f306faadeda98d2dc9dbf39073a55b]

Registry Data: 0
(No malicious items detected)

Folders: 14
PUP.Optional.Amonetize, C:\ProgramData\1466193305, Quarantined, [c6fee41c3e5ca09674589c5e28db47b9],
PUP.Optional.Amonetize, C:\ProgramData\1466200397, Quarantined, [f3d1d12f168442f4b01cf50550b304fc],
PUP.Optional.AdVPN, C:\Users\Chris\AppData\Roaming\AdVPN, Quarantined, [a1239769e6b4c5717725e6df09f96898],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN, Delete-on-Reboot, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Logs, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\Tap, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\Tap\Driver, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\tls, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService, Delete-on-Reboot, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\Logs, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdVPN, Quarantined, [1ba9dc244e4c62d4f8a7c2039a688e72],
PUP.Optional.FastWeb, C:\Program Files (x86)\FastWeb, Quarantined, [1fa54cb47822e551eec52f967b877987],
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Openla, Quarantined, [b90b5ea2a5f52d09bf2a9bfd2cd80ff1],

Files: 84
PUP.Optional.DotDo.PrxySvrRST, C:\WINDOWS\names.exe, Quarantined, [6c581be5d2c8d95d439cc11c3dc49967],
PUP.Optional.DotDo.PrxySvrRST, C:\WINDOWS\settings.dll, Quarantined, [faca37c96139a690c2e09a3440c1c739],
Trojan.Agent, C:\Users\Chris\AppData\Local\55598.exe, Quarantined, [8e3655ab940666d04ed295cfd0329d63],
PUP.Optional.LogicHandler, C:\Users\Chris\AppData\Roaming\Icelux.bin, Quarantined, [0eb6ab559ffb270ff302c09e14ecfd03],
PUP.Optional.Amonetize, C:\Users\Chris\AppData\Roaming\PlusZenhome.bin, Quarantined, [655f8c747b1f0630f45d27645da4b34d],
PUP.Optional.Linkury, C:\Users\Chris\AppData\Roaming\Supercof.bin, Quarantined, [dde736ca920849edad73074ecf35768a],
PUP.Optional.DotDo.PrxySvrRST, C:\Program Files (x86)\snobby\settings.dll, Quarantined, [b90ba35d831724122181cfff06fb718f],
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\System32\Tasks\24840602, Quarantined, [00c4ad534c4ed5611059b80f16ec20e0],
PUP.Optional.MultiPlug.PrxySvrRST, C:\WINDOWS\System32\Tasks\Da2484060224840602, Quarantined, [5d672bd5fb9fc274b6b45d6afb0728d8],
PUP.Optional.Linkury, C:\Users\Chris\AppData\Roaming\ApplicationHosting.dat, Quarantined, [ae161ae64f4b71c5dcc79458ef144db3],
PUP.Optional.Linkury, C:\Users\Chris\AppData\Roaming\md.xml, Quarantined, [a61eb44c0e8ca78fd2d215d75fa4c53b],
PUP.Optional.Linkury, C:\Users\Chris\AppData\Roaming\noah.dat, Quarantined, [774d24dc900aed49c6dfa34926dd57a9],
PUP.Optional.Linkury, C:\Users\Chris\AppData\Roaming\uninstall_temp.ico, Quarantined, [dfe56997b0ea2313683ee408be45e31d],
PUP.Optional.Linkury, C:\Users\Chris\AppData\Roaming\lobby.dat, Quarantined, [af153ac61288ef478da26b8205fe44bc],
PUP.Optional.Smeazymo, C:\Users\Chris\AppData\Local\Matlane.dat, Quarantined, [e8dc669ae1b98aac08896886ab58d828],
PUP.Optional.Smeazymo, C:\Users\Chris\AppData\Local\Matlane.exe.config, Quarantined, [0abab54bc1d951e5eca515d94ab949b7],
PUP.Optional.ProntSpooler, C:\Users\Chris\AppData\Local\Apps\2.0\abril.InstallLog, Quarantined, [a61e4db3ecae80b6b70342b346bdeb15],
PUP.Optional.ProntSpooler, C:\Users\Chris\AppData\Local\Apps\2.0\abril.InstallState, Quarantined, [556f26dabae0c076803a7a7b38cbbc44],
Adware.Agent.Trace, C:\Users\Chris\AppData\Local\aatxtname.txt, Quarantined, [d6ee5da39dfd81b5e14e77813ac9ab55],
Adware.Agent.Trace, C:\Users\Chris\AppData\Local\ok223.txt, Quarantined, [972d867a247684b27db3ad4b699a8f71],
Adware.Agent.Trace, C:\Users\Chris\AppData\Local\tr5b.txt, Quarantined, [6c58f40cb0ead85e2a07fff9af54a957],
PUP.Optional.Linkury.Gen, C:\Users\Chris\AppData\Roaming\GoldenSilla.tst, Quarantined, [4381c13f455573c34539699162a127d9],
PUP.Optional.Linkury.Gen, C:\Users\Chris\AppData\Roaming\Saodax.tst, Quarantined, [5b69fa061783d75fe896867482819c64],
PUP.Optional.Amonetize, C:\ProgramData\1466193305\s9.zip.dl, Quarantined, [c6fee41c3e5ca09674589c5e28db47b9],
PUP.Optional.Amonetize, C:\ProgramData\1466200397\s9.zip.dl, Quarantined, [f3d1d12f168442f4b01cf50550b304fc],
PUP.Optional.AdVPN, C:\Users\Chris\AppData\Roaming\AdVPN\log.log, Quarantined, [a1239769e6b4c5717725e6df09f96898],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\AdVPN.exe, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\AdVPN.exe.config, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\AdVPN.ico, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\AdvpnCommon.dll, Delete-on-Reboot, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\AdVpnService.exe, Delete-on-Reboot, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\AdVpnService.exe.config, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\GalaSoft.MvvmLight.Extras.WPF45.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\GalaSoft.MvvmLight.WPF45.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Hardcodet.Wpf.TaskbarNotification.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\log4net.dll, Delete-on-Reboot, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Microsoft.Practices.ServiceLocation.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\NDde.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Newtonsoft.Json.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\RestSharp.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Serializer.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\System.Windows.Interactivity.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Uninstall.exe, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Logs\AdVpn.log, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Logs\AdVpn20160617.log, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\Logs\AdVpn20160618.log, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\libeay32.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\liblzo2-2.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\libpkcs11-helper-1.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\openssl.exe, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\openvpn.exe, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\ovpn.cer, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\ssleay32.dll, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\Tap\devcon.exe, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\Tap\tapinstall.exe, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\Tap\Driver\OemWin2k.inf, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\Tap\Driver\tap0901.cat, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\Tap\Driver\tap0901.sys, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\tls\ca.crt, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\tls\client.crt, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\tls\client.key, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVPN\OpenVPN\tls\client.ovpn, Quarantined, [9e263ac60e8c9a9c58454b7a13efe11f],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\AdvpnCommon.dll, Delete-on-Reboot, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\AdVpnProxyService.exe, Delete-on-Reboot, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\AdVpnProxyService.exe.config, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\log4net.dll, Delete-on-Reboot, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\Newtonsoft.Json.dll, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\RestSharp.dll, Delete-on-Reboot, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\Serializer.dll, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\SOCKS5.dll, Delete-on-Reboot, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\uninstall.exe, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\Logs\AdVpnProxyService.log, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\Logs\AdVpnProxyService20160617.log, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\Program Files (x86)\AdVpnProxyService\Logs\AdVpnProxyService20160618.log, Quarantined, [9d270bf50a9077bf633b0fb606fc13ed],
PUP.Optional.AdVPN, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdVPN\AdVPN.lnk, Quarantined, [1ba9dc244e4c62d4f8a7c2039a688e72],
PUP.Optional.AdVPN, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AdVPN\Uninstall AdVPN.lnk, Quarantined, [1ba9dc244e4c62d4f8a7c2039a688e72],
PUP.Optional.FastWeb, C:\Program Files (x86)\FastWeb\config_ns1.dat, Quarantined, [1fa54cb47822e551eec52f967b877987],
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Openla\InstallationConfiguration.xml, Quarantined, [b90b5ea2a5f52d09bf2a9bfd2cd80ff1],
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Openla\uninstall.dat, Quarantined, [b90b5ea2a5f52d09bf2a9bfd2cd80ff1],
PUP.Optional.Linkury.ACMB1, C:\Program Files (x86)\Common Files\Openla\uninstall.ico, Quarantined, [b90b5ea2a5f52d09bf2a9bfd2cd80ff1],
PUP.Optional.Linkury.ACMB1, C:\Users\Chris\AppData\Roaming\Config.xml, Quarantined, [18ac8878d2c864d2bf1d7a1e43c130d0],
PUP.Optional.Linkury.ACMB1, C:\Users\Chris\AppData\Roaming\InstallationConfiguration.xml, Quarantined, [745058a82872c5713ba2c6d2be46718f],
PUP.Optional.Linkury.ACMB1, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sop5vem6.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "C:\ProgramData\Ronzaps\ff.NT");), Replaced,[4a7ae7192d6db1856f67c1d8ff05ed13]
PUP.Optional.Linkury.ACMB1, C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sop5vem6.default\prefs.js, Good: (user_pref("browser.startup.homepage", "https://www.malwarebytes.org/restorebrowser/), Bad: (user_pref("browser.startup.homepage", "C:\ProgramData\Ronzaps\ff.HP), Replaced,[19abd32d8911e6504b996c2f0ef6d22e]

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#11
June 26, 2016 at 16:05:33
"OK Here it is I do not like the new version of malware bytes"

Next step.

Run Malwarebytes Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Malwarebytes Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#12
June 26, 2016 at 17:16:37
Here is JRT.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 7 Home Premium x64
Ran by Chris (Administrator) on Sun 06/26/2016 at 20:12:48.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 8

Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ED3GYNX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J8T9GDX (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN1IUA25 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDLO4CEH (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7ED3GYNX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9J8T9GDX (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IN1IUA25 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDLO4CEH (Temporary Internet Files Folder)

Registry: 2

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 06/26/2016 at 20:14:54.85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#13
June 26, 2016 at 17:21:09
Next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#14
Report •

#15
June 27, 2016 at 05:43:59
Run FRST64 again please.

This time from the Desktop as per the instructions.

Then upload two files as per the instructions.


Report •

#16
June 27, 2016 at 14:35:02
It was ran from the desktop.

Report •

#17
June 27, 2016 at 15:17:06

Report •

#18
June 27, 2016 at 17:14:59
"It was ran from the desktop"
Not the first logs you sent, here is where your logs show. New logs are Ok.
Running from C:\Users\Chris\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDLO4CEH

Report •

#19
June 27, 2016 at 17:16:35
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {22561A27-849F-4C5C-9BEA-E0EBE2AA025B} - \CLVDLauncher -> No File <==== ATTENTION
Task: {2BF8879E-96F3-4440-9B54-1C911A6C3FB3} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {3BBC7B8E-124E-4F89-83F5-A17C947C3E01} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4A3DA23A-1824-459F-8D11-B2C0232A11B8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4BE8BE90-53FB-44AA-B6DB-5FA64392E4F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52B7136A-3DEC-4056-AA92-F9E9A6EE7FB6} - \CLMLSvc_P2G8 -> No File <==== ATTENTION
Task: {5D1DFE53-51A1-49D6-8118-93AB92C82E19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {64C2FAA3-2175-4D98-B6DA-C8F6F410A49C} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {66AFDC7A-622F-4569-996D-A6E99B195296} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {785743D3-B8C3-492B-B525-22A997DC333E} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {7CC0E9CA-07A0-44B5-A058-07EED35E7066} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {97D1FCA3-2E8A-4222-9C14-827F9DC2362F} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {A08000EB-ABCE-484F-9235-53FC14F9F85B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A4333759-6756-4683-BA4A-66DC5E74DD45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A8A20253-F423-48BB-B279-23B90D93DF04} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B0847F7B-6633-4030-B067-BF0028AC6E2D} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B3EF24F5-4A86-433F-80B0-56748D5F0C6B} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {CC4DB548-3846-49C3-9E42-6B01933ED261} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CE990C33-6A0B-477B-9A75-27338682478D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CF832FF1-E72F-4BBD-95AB-4EE20CE5A6B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D02A0C7B-CE07-4387-A310-8DAC325E09D6} - \YTDownloader -> No File <==== ATTENTION
Task: {D4B84889-0355-4DC8-A118-392DAA4C380D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {DBFD1EB1-1377-459C-AE6E-E3F17D3F3CC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DC8556A8-5E9D-4381-BB0D-18A9BAD41654} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E7D79035-086C-4862-A8B1-E49953292D7E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E80CD108-61DC-4196-98CA-C0BF04ADC358} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION
Task: {FB1AA641-012D-4923-83C7-A7EBEF6E0A58} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [138]
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [3231232 2016-04-09] (Microsoft Corporation) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\Software\Microsoft\Internet Explorer\Main,Local Page = index.html
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sop5vem6.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [not found]
S3 GENERICDRV; \??\C:\Users\Chris\Desktop\amifldrv64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2016-06-25 07:58 - 2016-05-15 17:47 - 00000000 ____D C:\ProgramData\Temp

Open FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#20
June 28, 2016 at 04:42:56
Ok here is the fixlist.

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-06-2016 02
Ran by Chris (2016-06-28 07:48:33) Run:1
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
Task: {22561A27-849F-4C5C-9BEA-E0EBE2AA025B} - \CLVDLauncher -> No File <==== ATTENTION
Task: {2BF8879E-96F3-4440-9B54-1C911A6C3FB3} - \DropboxUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {3BBC7B8E-124E-4F89-83F5-A17C947C3E01} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {4A3DA23A-1824-459F-8D11-B2C0232A11B8} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {4BE8BE90-53FB-44AA-B6DB-5FA64392E4F3} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {52B7136A-3DEC-4056-AA92-F9E9A6EE7FB6} - \CLMLSvc_P2G8 -> No File <==== ATTENTION
Task: {5D1DFE53-51A1-49D6-8118-93AB92C82E19} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {64C2FAA3-2175-4D98-B6DA-C8F6F410A49C} - \YTDownloaderUpd -> No File <==== ATTENTION
Task: {66AFDC7A-622F-4569-996D-A6E99B195296} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {785743D3-B8C3-492B-B525-22A997DC333E} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {7CC0E9CA-07A0-44B5-A058-07EED35E7066} - \SystemToolsDailyTest -> No File <==== ATTENTION
Task: {97D1FCA3-2E8A-4222-9C14-827F9DC2362F} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {A08000EB-ABCE-484F-9235-53FC14F9F85B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A4333759-6756-4683-BA4A-66DC5E74DD45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A8A20253-F423-48BB-B279-23B90D93DF04} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {B0847F7B-6633-4030-B067-BF0028AC6E2D} - \DropboxUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {B3EF24F5-4A86-433F-80B0-56748D5F0C6B} - \PCDDataUploadTask -> No File <==== ATTENTION
Task: {CC4DB548-3846-49C3-9E42-6B01933ED261} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {CE990C33-6A0B-477B-9A75-27338682478D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CF832FF1-E72F-4BBD-95AB-4EE20CE5A6B0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D02A0C7B-CE07-4387-A310-8DAC325E09D6} - \YTDownloader -> No File <==== ATTENTION
Task: {D4B84889-0355-4DC8-A118-392DAA4C380D} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {DBFD1EB1-1377-459C-AE6E-E3F17D3F3CC2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DC8556A8-5E9D-4381-BB0D-18A9BAD41654} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E7D79035-086C-4862-A8B1-E49953292D7E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E80CD108-61DC-4196-98CA-C0BF04ADC358} - \Dell SupportAssistAgent AutoUpdate -> No File <==== ATTENTION
Task: {FB1AA641-012D-4923-83C7-A7EBEF6E0A58} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [138]
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\...\Winlogon: [Shell] C:\Windows\EXPLORER.EXE [3231232 2016-04-09] (Microsoft Corporation) <==== ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\Software\Microsoft\Internet Explorer\Main,Local Page = index.html
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope value is missing
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: No Name - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sop5vem6.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} [not found]
S3 GENERICDRV; \??\C:\Users\Chris\Desktop\amifldrv64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
2016-06-25 07:58 - 2016-05-15 17:47 - 00000000 ____D C:\ProgramData\Temp

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{22561A27-849F-4C5C-9BEA-E0EBE2AA025B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{22561A27-849F-4C5C-9BEA-E0EBE2AA025B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLVDLauncher" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2BF8879E-96F3-4440-9B54-1C911A6C3FB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2BF8879E-96F3-4440-9B54-1C911A6C3FB3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BBC7B8E-124E-4F89-83F5-A17C947C3E01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BBC7B8E-124E-4F89-83F5-A17C947C3E01}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4A3DA23A-1824-459F-8D11-B2C0232A11B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4A3DA23A-1824-459F-8D11-B2C0232A11B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BE8BE90-53FB-44AA-B6DB-5FA64392E4F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BE8BE90-53FB-44AA-B6DB-5FA64392E4F3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{52B7136A-3DEC-4056-AA92-F9E9A6EE7FB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{52B7136A-3DEC-4056-AA92-F9E9A6EE7FB6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CLMLSvc_P2G8" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5D1DFE53-51A1-49D6-8118-93AB92C82E19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D1DFE53-51A1-49D6-8118-93AB92C82E19}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{64C2FAA3-2175-4D98-B6DA-C8F6F410A49C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64C2FAA3-2175-4D98-B6DA-C8F6F410A49C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloaderUpd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{66AFDC7A-622F-4569-996D-A6E99B195296}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66AFDC7A-622F-4569-996D-A6E99B195296}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{785743D3-B8C3-492B-B525-22A997DC333E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{785743D3-B8C3-492B-B525-22A997DC333E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineUA" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7CC0E9CA-07A0-44B5-A058-07EED35E7066}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CC0E9CA-07A0-44B5-A058-07EED35E7066}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SystemToolsDailyTest" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{97D1FCA3-2E8A-4222-9C14-827F9DC2362F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97D1FCA3-2E8A-4222-9C14-827F9DC2362F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A08000EB-ABCE-484F-9235-53FC14F9F85B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A08000EB-ABCE-484F-9235-53FC14F9F85B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4333759-6756-4683-BA4A-66DC5E74DD45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4333759-6756-4683-BA4A-66DC5E74DD45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8A20253-F423-48BB-B279-23B90D93DF04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8A20253-F423-48BB-B279-23B90D93DF04}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B0847F7B-6633-4030-B067-BF0028AC6E2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B0847F7B-6633-4030-B067-BF0028AC6E2D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DropboxUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3EF24F5-4A86-433F-80B0-56748D5F0C6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3EF24F5-4A86-433F-80B0-56748D5F0C6B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDDataUploadTask" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CC4DB548-3846-49C3-9E42-6B01933ED261}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CC4DB548-3846-49C3-9E42-6B01933ED261}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CE990C33-6A0B-477B-9A75-27338682478D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CE990C33-6A0B-477B-9A75-27338682478D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{CF832FF1-E72F-4BBD-95AB-4EE20CE5A6B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CF832FF1-E72F-4BBD-95AB-4EE20CE5A6B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D02A0C7B-CE07-4387-A310-8DAC325E09D6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D02A0C7B-CE07-4387-A310-8DAC325E09D6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\YTDownloader => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D4B84889-0355-4DC8-A118-392DAA4C380D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D4B84889-0355-4DC8-A118-392DAA4C380D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUpdateTaskMachineCore" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBFD1EB1-1377-459C-AE6E-E3F17D3F3CC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBFD1EB1-1377-459C-AE6E-E3F17D3F3CC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC8556A8-5E9D-4381-BB0D-18A9BAD41654}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC8556A8-5E9D-4381-BB0D-18A9BAD41654}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E7D79035-086C-4862-A8B1-E49953292D7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E7D79035-086C-4862-A8B1-E49953292D7E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E80CD108-61DC-4196-98CA-C0BF04ADC358}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E80CD108-61DC-4196-98CA-C0BF04ADC358}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Dell SupportAssistAgent AutoUpdate" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB1AA641-012D-4923-83C7-A7EBEF6E0A58}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB1AA641-012D-4923-83C7-A7EBEF6E0A58}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-Weekend" => key removed successfully
C:\ProgramData\Temp => ":CB0AACC9" ADS removed successfully.
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-2272597785-1754445251-1554147460-1000\Software\Microsoft\Internet Explorer\Main\\Local Page => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\sop5vem6.default\Extensions\{746505DC-0E21-4667-97F8-72EA6BCF5EEF} => path removed successfully
GENERICDRV => service removed successfully
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
C:\ProgramData\Temp => moved successfully

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5509431 B
Java, Flash, Steam htmlcache => 506 B
Windows/system/drivers => 11266 B
Edge => 0 B
Chrome => 66078650 B
Firefox => 1439944 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 16802 B
systemprofile32 => 779338 B
LocalService => 0 B
NetworkService => 3714 B
Chris => 24181211 B

RecycleBin => 0 B
EmptyTemp: => 101.5 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 07:48:59 ====

message edited by ChristopherTGarrett


Report •

#21
June 28, 2016 at 05:20:46
"Ok here is the fixlist"
Thanks, do you have any problems with the comp?

Report •

#22
June 28, 2016 at 05:25:46
It seems fine running like it should. Thanks for the help.

Report •

#23
June 28, 2016 at 05:38:28
Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...
http://www.howtogeek.com/198622/her...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif


Report •

Ask Question