Solved Win10 Virus Problem On Lenovo Laptop

September 17, 2015 at 19:32:45
Specs: Window 10, i7/4gb
I've run Malwarebytes (found 3,900+ instances of potential malware). I ran ESET and found numerous instances of Win32/opencandy, Win32/Distromatic, Win32/Systweak and others. Both programs quarantined and then deleted files in question. I re-ran both programs and get no infections. However, the computer is still slow on startup and comodo program when clicked refuses to open and goes into a cycle that overtakes the mouse. I think there is still something going on... I did pursue trying to use scannow and DMIS, but had no success on either.

message edited by Bangkokindy


See More: Win10 Virus Problem On Lenovo Laptop

Report •


✔ Best Answer
September 18, 2015 at 18:30:30
Nice & clean.

"Windows Defender"
Turn it on again, reboot, then open it up & see if you can update it.



#1
September 17, 2015 at 19:37:22
ESET LOG:

C:\Users\Sharon\Downloads\Adaware_Installer.exe Win32/OpenCandy potentially unsafe application deleted - quarantined
C:\Users\Sharon\Downloads\PCHealthBoost-Setup (1).exe Win32/Distromatic.C potentially unwanted application deleted - quarantined
C:\Users\Sharon\Downloads\PCHealthBoost-Setup (2).exe Win32/Distromatic.C potentially unwanted application deleted - quarantined
C:\Users\Sharon\Downloads\PCHealthBoost-Setup (3).exe Win32/Distromatic.C potentially unwanted application deleted - quarantined
C:\Users\Sharon\Downloads\PCHealthBoost-Setup.exe Win32/Distromatic.C potentially unwanted application deleted - quarantined
C:\Users\Sharon\Downloads\setup (1).exe Win32/Systweak.K potentially unwanted application deleted - quarantined
C:\Users\Sharon\Downloads\setup (2).exe Win32/Systweak.K potentially unwanted application deleted - quarantined
C:\Users\Sharon\Downloads\setup (3).exe Win32/Systweak.K potentially unwanted application deleted - quarantined
C:\Users\Sharon\Downloads\setup.exe Win32/Systweak.K potentially unwanted application deleted - quarantined
C:\Windows.old\Users\Sharon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G6G6XGOY\TelevisionFanatic.exe a variant of Win32/AdInstaller potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\Users\Sharon\AppData\Local\Temp\APNSetup.exe a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application cleaned by deleting - quarantined
C:\Windows.old\Users\Sharon\AppData\Local\Temp\gcpAB3C.tmp\UPDATER.EXE Win32/Toolbar.MyWebSearch.Y potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\Users\Sharon\AppData\Local\Temp\jhg5994.tmp\UPDATER.EXE Win32/Toolbar.MyWebSearch.Y potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\Users\Sharon\AppData\Local\Temp\jkm653A.tmp\UPDATER.EXE Win32/Toolbar.MyWebSearch.Y potentially unwanted application cleaned by deleting - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-ST-SPE[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-ST-SPE[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-ST-SPE[3].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-ST-SPE[4].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[10].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[1].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[2].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[3].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[4].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[5].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[6].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[7].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[8].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined
C:\Windows.old\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AskToolbarInstaller-ORJ-V7C[9].7z a variant of Win32/Bundled.Toolbar.Ask.M potentially unsafe application deleted - quarantined


Report •

#2
September 17, 2015 at 19:45:03
Wow. Did you download all that crap before or did it install unknowingly??

Check your uninstall panel and uninstall all what you don't need especially that crap you may think makes life easier...


Report •

#3
September 17, 2015 at 19:46:04
Malwarebytes:

The file has way way too many entries to copy and place here... suggestions?


Report •

Related Solutions

#4
September 17, 2015 at 19:53:35
I have suggested that JohnW pop in and help you to make sure that your system is cleaned out fully, I have not seen many with that long a list before of malware and I know that that usually means that something is hiding behind the scenes and may be responsible for at leat some if not most of what got on your machine.

You have to be a little bit crazy to keep you from going insane.


Report •

#5
September 17, 2015 at 19:56:18

Report •

#6
September 17, 2015 at 19:58:57
Thanks. I've had JohnW's help before. This is my niece's mother-in-laws computer. It started out with her updating to win10 and then getting locked out of the computer. I was just figuring out why it wouldn't let her in... solved that... solved the related email problem and related connectivity problems. Thought I would be nice and check for any simple malware problems... since it seemed slow and had a lot of browser problems. Now I dare not move forward without help due to the number of malware problems.

message edited by Bangkokindy


Report •

#7
September 17, 2015 at 20:01:53
Thanks Fingers, Hi again Bangkokindy.

"The file has way way too many entries to copy and place here... suggestions?"
Upload using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#8
September 17, 2015 at 20:03:56
Hi JohnW, I remembered that after I wrote that from a previous time and looked it up... I put it on the page already... but here is the link again:

http://www89.zippyshare.com/v/uNrQJ...


Report •

#9
September 17, 2015 at 20:04:28
"Malwarebytes Text Log:"
Got it.

Here are the next 2 steps, there will be more steps needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Malwarebytes Acquires Junkware Removal Tool
https://blog.malwarebytes.org/news/...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

#10
September 17, 2015 at 20:22:28
AdWCleaner did not leave a text file that I can find and the file was not opened when windows restarted. I wonder if the same thing that is causing comodo not to open stopped the text file from being created. I looked in C: and it is not there. Any other hiding places? It found a lot of stuff by the way.

Report •

#11
September 17, 2015 at 20:23:51
"You can find the logfile at C:\AdwCleaner[S1].txt as well"
http://i.imgur.com/r3PoAEG.gif

message edited by Johnw


Report •

#12
September 17, 2015 at 20:27:12
Yeah, I looked... no folder or text file in the local disk c: folder...

Report •

#13
September 17, 2015 at 20:32:36
Just to make sure it is not hidden, try Ultra please, using this keyword in search > AdwCleaner

UltraSearch. Make sure Files & Folders are checked.
http://www.softpedia.com/get/File-m...
http://www.freewarefiles.com/UltraS...
http://www.freewarefiles.com/screen...
http://www.jam-software.com/ultrase...
http://i.imgur.com/QgiMjvr.gif


Report •

#14
September 17, 2015 at 20:42:39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 10 Home x64
Ran by Sharon on Thu 09/17/2015 at 20:25:48.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{856FAA66-A004-4D4D-9904-E017D1508F0F}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\apn
Successfully deleted: [Folder] C:\ProgramData\partner
Successfully deleted: [Folder] C:\Users\Sharon\Appdata\Local\ysearchutil

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic

[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
gpdjojdkbbmdfjfahjcgigfpmkopogic
jkmljihjgjdghdhggolmhbjekicljfci

[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[
gpdjojdkbbmdfjfahjcgigfpmkopogic,
jkmljihjgjdghdhggolmhbjekicljfci,
pljcgbedjplidkdjahbaalanadmjfgop
]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 09/17/2015 at 20:42:14.67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#15
September 17, 2015 at 20:45:45
Ultra Search worked! The location address looks weird... anyway here is AdwCleaner:

# AdwCleaner v5.008 - Logfile created 17/09/2015 at 20:08:27
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Sharon - MCCARTNEY
# Running from : C:\Users\Sharon\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Sharon\AppData\Local\YSearchUtil
Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi
Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgdphfpmicmcjljihifcbkejmgbnmoc
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

File Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ffjcmnpnoopgilmnfhloocdcbnimmmea_0.localstorage

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : askws
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : search.ask.com_
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask search
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : amogncdhclnhneejdfggljpdgigffhfi
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ffjcmnpnoopgilmnfhloocdcbnimmmea
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jhgdphfpmicmcjljihifcbkejmgbnmoc
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jkmljihjgjdghdhggolmhbjekicljfci
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : pljcgbedjplidkdjahbaalanadmjfgop

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3512 bytes] ##########


Report •

#16
September 17, 2015 at 20:50:02
Great.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt).
The logs are large, upload them using Zippy.


Report •

#17
September 17, 2015 at 20:50:03
BTW the path says C:\VTRoot\Harddiskvolume2\AdwCleaner\

Report •

#18
September 17, 2015 at 20:55:08
AdwCleaner:
# Option : Scan
This log just shows what it found.

Did you hit the Cleaning button, if so, post the Clean log please.


Report •

#19
September 17, 2015 at 20:57:16
"BTW the path says C:\VTRoot\Harddiskvolume2\AdwCleaner\"
Ok, I shall see how it performs, at the end of the cleaning.

Report •

#20
September 17, 2015 at 20:59:16
Getting error:

"Error saving file c:\frst\hives\bcd!

continue with next file?

Regcreatekeyex: 5 - access is denied"

should I say yes or no?


Report •

#21
September 17, 2015 at 21:04:50
Shall have to move on.

Download ComboFix onto your Desktop & then run. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your next post please. ComboFix's log should be located at C:\COMBOFIX.TXT.
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif
http://www.bleepingcomputer.com/dow...
http://download.bleepingcomputer.co...
http://www.forospyware.com/sUBs/Com...
A guide and tutorial on using ComboFix
http://www.bleepingcomputer.com/com...
http://www.winhelp.us/index.php/gen...
Manually restoring the Internet connection
http://www.bleepingcomputer.com/com...
There are circumstances ComboFix will hang, crash or stall at various stages due to malware interference, failure to disable other real-time protection tools or the presence of CD Emulators (Daemon Tools, Alchohol 120%, Astroburn, AnyDVD) so that it does not complete successfully. Also, depending on how badly a system is infected, ComboFix may take longer to complete its routine than it normally does or fail to run properly. While that is not normal behavior, it is not unusual"
If you think it's frozen, look at the computer clock.
If it's running, Combofix is still working.
NOTE: Do not mouseclick combofix's window while it is running. That may cause it to stall.
NOTE: ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
**Please Note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes.
If after running Combofix you discover none of your programs will open up, and you recieve the following error: "Illegal operation attempted on a registry key that has been marked for deletion". Then the answer is to REBOOT the machine, and all will be corrected.
Can't Install an Antivirus - Windows Security Center still detects previous AV
http://www.experts-exchange.com/Vir...
We are almost ready to start ComboFix, but before we do so, we need to take some preventative measures so that there are no conflicts with other programs when running ComboFix. At this point you should do the following:
* Close all open Windows including this one.
* Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix. Instructions on disabling these type of programs can be found in this topic.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Once these two steps have been completed, double-click on the ComboFix icon found on your Desktop.
Please Note: Once you start ComboFix you should not click anywhere on the ComboFix window as it can cause the program to stall. In fact, when ComboFix is running, do not touch your computer at all. The scan could take a while, so please be patient.

message edited by Johnw


Report •

#22
September 17, 2015 at 21:07:02
FRST64 is giving me the above error. It is not allowing it to save a file. Do you want me to press yes or no to continue.

Report •

#23
September 17, 2015 at 21:09:30
Oops! I saw your post... I'll click yes and continue on... with combofix. Oops again... yes does not work... moving on...

message edited by Bangkokindy


Report •

#24
September 17, 2015 at 21:14:02
Weird... once I clicked no it started running... here is one scan log:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Sharon (2015-09-17 21:12:20)
Running from C:\Users\Sharon\Desktop
Windows 10 Home (X64) (2015-08-16 23:47:01)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-847172801-566133333-2783540900-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-847172801-566133333-2783540900-503 - Limited - Disabled)
Guest (S-1-5-21-847172801-566133333-2783540900-501 - Limited - Disabled)
Sharon (S-1-5-21-847172801-566133333-2783540900-1000 - Administrator - Enabled) => C:\Users\Sharon

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

COMODO Internet Security Premium (HKLM\...\{38F898C8-272F-455F-9BD6-71FEBA3E4AF5}) (Version: 8.2.0.4703 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.2.1 - Lenovo)
Energy Management (x32 Version: 6.0.2.1 - Lenovo) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GoToAssist Corporate (HKLM-x32\...\GoToAssist) (Version: 10.4.0.896 - Citrix Online, a division of Citrix Systems, Inc.)
Intel PROSet Wireless (x32 Version: - ) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2342 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Intel(R) Wireless Display (HKLM-x32\...\{F84906ED-BB54-4889-B131-FED9C9056FC8}) (Version: 2.0.27.0 - Intel Corporation)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lenovo Bluetooth with Enhanced Data Rate Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.8000 - Broadcom Corporation)
Lenovo EasyCamera (HKLM-x32\...\{FC9B811E-39BC-4813-9E29-B83CCF700010}) (Version: 2.16.23.3 - Alcor)
Lenovo EE Boot Optimizer (HKLM\...\Lenovo EE Boot Optimizer) (Version: 0.0.1.5 - Lenovo)
Lenovo Games Console (HKLM-x32\...\Lenovo Games Console) (Version: 1.2.6.436 - Oberon Media Inc.)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3603 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 3.1.3603 - CyberLink Corp.) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.152 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Onekey Theater (HKLM-x32\...\InstallShield_{D4B060B9-AD4A-4152-9D99-28B93C615AFE}) (Version: 2.0.2.7 - Lenovo)
Onekey Theater (x32 Version: 2.0.2.7 - Lenovo) Hidden
ooVoo (HKLM-x32\...\{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}) (Version: 2.2.4.25 - ooVoo LLC.)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.7303 - CyberLink Corp.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.21.531.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10008 - Realtek Semiconductor Corp.)
RtLED (HKLM\...\{ACB6F4ED-835B-44EC-9EFD-AC8C83D28597}) (Version: 1.0.3 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SRS Premium Sound Control Panel (HKLM\...\{2998191E-A35E-47E2-BE38-7702C731D722}) (Version: 1.10.18.0 - SRS Labs, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.9.5 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.47484 - TeamViewer)
UltraSearch V2.0.3 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 2.0.3 - JAM Software)
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.6 - Lenovo)
UserGuide (x32 Version: 1.0.0.6 - Lenovo) Hidden
VeriFace (HKLM-x32\...\VeriFace) (Version: 4.0.0.1206 - Lenovo)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Waterfox 40.0.3 (x64 en-US) (HKLM\...\Waterfox 40.0.3 (x64 en-US)) (Version: 40.0.3 - Mozilla)
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wise Disk Cleaner 8.82 (HKLM-x32\...\Wise Disk Cleaner_is1) (Version: 8.82 - WiseCleaner.com, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

Could not list restore points
Check "winmgmt" service or repair WMI.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {02E14F2A-393C-4582-8A54-A002EC4F02E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0AE0BB30-DC03-454D-AAC5-ADD776878728} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {0EB4BF71-FD86-4C27-BF0D-87BE612BF560} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2010-12-04] (CyberLink)
Task: {220B84AD-FDF8-4863-A1AD-91416CA92F32} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3268BC39-6665-4AAD-8E98-2A029EE84CCD} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {3DFD8604-485E-4E7E-BFED-E2D9B765C4AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4307C524-6C28-4B6D-AD2F-4CE466335DDA} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-16] (Adobe Systems Incorporated)
Task: {53C32D25-FC1C-44E5-A315-07BB5AF731D5} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {556CFFDC-A524-4F88-B590-EBDF170E3BFC} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2015-08-05] (COMODO)
Task: {5850C4B4-03BC-49B5-8E84-34ADC5E3CD05} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5FBAF6B3-D59B-4D6B-A39A-188194815011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {74ADE221-8B56-494E-A81C-231DB615EDDA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8B7A0E5D-AEBC-49D3-82D0-9B0D3235A227} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {9100320D-DD57-4637-BAEA-84ED41608261} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93DD8434-2B74-4029-8499-C00DD2E40803} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A0B49DE8-A339-457B-A174-4A3E52DD12DD} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {A3BD20A2-D7EA-4C15-B9CF-E7D0F0E2FE54} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {A56BDCE9-0BCE-461B-98FF-6D7124DC7B18} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CDE0048E-40D8-4E51-B35E-FE9FF52134D8} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe
Task: {D9601277-1AFD-4166-B649-01DACAF3AAB1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E00271D6-5E9E-4F09-92BF-025DBF185AA7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-03] (Google Inc.)
Task: {E9C410BF-542C-4928-AAA2-34D3587952D5} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [2015-08-05] (COMODO)
Task: {F4138B4D-5295-46E6-A6D2-35419C239D11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files (x86)\AVG Secure Search\PostInstall\ROC.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-16 17:11 - 2015-08-16 17:11 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-09-03 18:10 - 2015-08-11 02:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-09-03 18:27 - 2015-08-18 00:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2011-12-02 17:17 - 2011-12-02 17:17 - 01502720 _____ () C:\windows\system32\IcnOvrly.dll
2010-11-11 03:42 - 2010-11-11 03:42 - 00202144 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect64.dll
2010-11-11 03:44 - 2010-11-11 03:44 - 00156576 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll64.dll
2015-01-08 23:02 - 2015-01-08 23:02 - 00067808 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav
2015-09-03 18:27 - 2015-08-18 00:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-16 17:11 - 2015-08-16 17:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-09-03 18:10 - 2015-08-11 01:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-16 17:11 - 2015-08-16 17:11 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-02 17:21 - 2011-12-02 17:21 - 00100256 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
2015-09-03 18:10 - 2015-08-11 02:10 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-09-16 20:17 - 2015-09-16 20:17 - 08241152 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-09-16 20:17 - 2015-09-16 20:17 - 02238976 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2010-11-11 03:38 - 2010-11-11 03:38 - 00161696 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll
2010-11-11 03:39 - 2010-11-11 03:39 - 00133024 _____ () C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll
2011-12-02 17:17 - 2011-12-02 17:17 - 00013664 _____ () C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\WINDOWS\system32\acmigration.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\MRT.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\schedsvc.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kbase.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\win32kfull.sys:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\Windows.UI.PicturePassword.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\system32\winlogon.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmfd.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\atmlib.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\authui.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\edgehtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\fontdrvhost.exe:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\ieframe.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\iertutil.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\jscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\mshtml.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\SettingSync.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\shacct.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\vbscript.dll:$CmdTcID
AlternateDataStreams: C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll:$CmdTcID
AlternateDataStreams: C:\Users\Sharon\Desktop\FRST.exe:$CmdTcID
AlternateDataStreams: C:\Users\Sharon\Desktop\FRST.exe:$CmdZnID
AlternateDataStreams: C:\Users\Sharon\Desktop\FRST64.exe:$CmdTcID
AlternateDataStreams: C:\Users\Sharon\Desktop\FRST64.exe:$CmdZnID
AlternateDataStreams: C:\Users\Sharon\Desktop\JRT.exe:$CmdTcID
AlternateDataStreams: C:\Users\Sharon\Desktop\JRT.exe:$CmdZnID
AlternateDataStreams: C:\Users\Sharon\Downloads\AdwCleaner.exe:$CmdZnID
AlternateDataStreams: C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe:$CmdTcID
AlternateDataStreams: C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe:$CmdZnID
AlternateDataStreams: C:\Users\Sharon\Downloads\UltraSearch-x64-Setup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Sharon\Downloads\UltraSearch-x64-Setup.exe:$CmdZnID

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-847172801-566133333-2783540900-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sharon\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
mpsdrv Firewall Service is not running.
MpsSvc Firewall Service is not running.
bfe Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{230107DD-A2E6-4985-9F01-967269C85530}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{65C85CEC-647B-412C-91FA-2B6B0440DCEB}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{23DFF33C-CD7D-47CB-AF5D-904D58A74C50}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{03026154-1826-4394-8BB2-BE3AB178006B}] => (Allow) C:\Program Files (x86)\AVG\AVG2013\avgmfapx.exe
FirewallRules: [{0AC2537F-9962-4C83-8316-C6E40587E82C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{D91F4DC2-470E-4242-981B-2AEA40EFA48F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{94FB3EEC-BDD7-4348-92FC-0008E54DECA6}] => (Allow) LPort=1900
FirewallRules: [{D10051D8-B49E-460D-BA58-993988A52D78}] => (Allow) LPort=2869
FirewallRules: [{C26D0EF5-56BC-4CE9-A6FB-744E9D5C7A01}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{F68026B0-F73E-426F-84DA-BF1B9EBBC842}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{66336517-93A9-401B-A851-2593EBF3560E}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{FEA0E850-D292-46C1-A41F-ABCCFCF73477}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{03724322-5A92-410B-8F2F-B9367C0615E9}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{58728F72-F6CB-4504-97FE-B2B75B2CB94E}] => (Allow) C:\Program Files\Waterfox\waterfox.exe
FirewallRules: [{C32EBBB2-B048-47A9-B3E8-E605EC003CB7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{7D846487-4F50-4F3A-B458-36C9BE8F8FDA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{ABB3247C-1D22-4A41-B550-F17A228F2286}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{DCA3C31D-63AE-4D3F-A1F0-CFDAE7A51A7D}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.


==================== Event log errors: =========================

Could not start eventlog service, could not read events.

System error 123 has occurred.

The filename, directory name, or volume label syntax is incorrect.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 40%
Total physical RAM: 4010.14 MB
Available physical RAM: 2377.92 MB
Total Virtual: 8106.14 MB
Available Virtual: 6166.41 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:354.83 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.96 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B63EA2C5)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

==================== End of Addition.txt ============================


Report •

#25
September 17, 2015 at 21:22:43
FRST #2

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Sharon (administrator) on MCCARTNEY (17-09-2015 21:10:33)
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available Profiles: Sharon & DefaultAppPool)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topi...

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe
() C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe
(Alcor) C:\Windows\WebCam\S6000\S6000Mnt.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6208.42001.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.9.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================


Report •

#26
September 17, 2015 at 21:23:16
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_DOLBYDRAGON] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_LENOVO_MICPKEY] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [IntelPAN] => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe [114688 2011-12-02] (Lenovo)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe [789920 2011-12-02] (Lenovo)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9769888 2011-12-02] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2011-12-02] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-06-03] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-05] (COMODO)
HKLM-x32\...\Run: [S6000Mnt] => C:\WINDOWS\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2010-12-04] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [224352 2010-12-04] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2011-12-02] (Lenovo)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\896\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-847172801-566133333-2783540900-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [3847 2015-09-17] ()
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2011-12-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SRS Premium Sound.lnk [2011-12-02]
ShortcutTarget: SRS Premium Sound.lnk -> C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (SRS Labs, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{ec6337ff-7131-4da2-b750-3e3e9d021826}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{f19b6f55-a25a-422d-bf59-913b4b34b85d}: [DhcpNameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> DefaultScope {856FAA66-A004-4D4D-9904-E017D1508F0F} URL =
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-03] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-03] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-09-02] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-09-02] (McAfee, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Sharon\AppData\Roaming\Mozilla\Firefox\Profiles\qn9agpva.default
FF Homepage: google.com
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-03] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-15] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2015-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\gcswf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR Profile: C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (OnlineMapFinder) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ceopoaldcnmhechacafgagdkklcogkgd [2015-09-16]
CHR Extension: (TelevisionFanatic) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdcfojopgjmdijbebdcnnhbnlofoncp [2015-09-16]
CHR Extension: (DailyLocalGuide) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckchkohkbpoijhiebdafjlnlhjpijgoh [2015-09-16]
CHR Extension: (SiteAdvisor) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-18]
CHR Extension: (InboxAce) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkfcmeoepjhclglafbppmeidjjolcgid [2015-09-16]
CHR Extension: (Internet Speed Tracker) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcphnjpafgpmilhofjhnigjpldknfpjm [2015-09-16]
CHR Extension: (InboxAce) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbdhaekeogebjjbaldibekfepbhogdng [2015-09-16]
CHR Extension: (MapsGalaxy) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkhmajblgekhffchpjcbdcanjcelcffi [2015-09-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-22]
CHR Extension: (MapsGalaxy) - C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oieblhiigdlbmggpfgamghhnmhjiokdf [2015-09-16]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-09-03]
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/crx


Report •

#27
September 17, 2015 at 21:23:50
==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 gpsvc; C:\Windows\System32\gpsvc.dll [1335296 2015-07-10] (Microsoft Corporation) [File not signed]
R2 gpsvc; C:\Windows\System32\gpsvc.dll [1335296 2015-07-10] (Microsoft Corporation) [File not signed]
R2 nsi; C:\Windows\System32\nsisvc.dll [29184 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\Windows\system32\winhttp.dll [855552 2015-08-16] (Microsoft Corporation) [File not signed]
U3 WinHttpAutoProxySvc; C:\Windows\SysWOW64\winhttp.dll [667136 2015-08-16] (Microsoft Corporation) [File not signed]
U3 AJRouter; C:\Windows\System32\AJRouter.dll [23040 2015-07-10] (Microsoft Corporation) [File not signed]
U3 ALG; C:\Windows\System32\alg.exe [97792 2015-07-10] (Microsoft Corporation) [File not signed]
U2 AppHostSvc; C:\Windows\system32\inetsrv\apphostsvc.dll [64512 2015-08-16] (Microsoft Corporation) [File not signed]
U3 AppIDSvc; C:\Windows\System32\appidsvc.dll [43520 2015-07-10] (Microsoft Corporation) [File not signed]
R3 Appinfo; C:\Windows\System32\appinfo.dll [93696 2015-07-10] (Microsoft Corporation) [File not signed]
U3 AppReadiness; C:\Windows\system32\AppReadiness.dll [621056 2015-07-10] (Microsoft Corporation) [File not signed]
U3 AppXSvc; C:\Windows\system32\appxdeploymentserver.dll [2178560 2015-08-17] (Microsoft Corporation) [File not signed]
U2 AudioEndpointBuilder; C:\Windows\System32\AudioEndpointBuilder.dll [280064 2015-08-16] (Microsoft Corporation) [File not signed]
R2 Audiosrv; C:\Windows\System32\Audiosrv.dll [1067520 2015-08-16] (Microsoft Corporation) [File not signed]
U3 AxInstSV; C:\Windows\System32\AxInstSV.dll [114176 2015-07-10] (Microsoft Corporation) [File not signed]
U2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
U3 BDESVC; C:\Windows\System32\bdesvc.dll [359936 2015-07-10] (Microsoft Corporation) [File not signed]
U2 BFE; C:\Windows\System32\bfe.dll [794112 2015-07-10] (Microsoft Corporation) [File not signed]
U2 BITS; C:\Windows\System32\qmgr.dll [1168896 2015-07-10] (Microsoft Corporation) [File not signed]
U2 BrokerInfrastructure; C:\Windows\System32\bisrv.dll [526336 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Browser; C:\Windows\System32\browser.dll [133120 2015-07-10] (Microsoft Corporation) [File not signed]
U3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation) [File not signed]
U3 bthserv; C:\Windows\system32\bthserv.dll [85504 2015-07-10] (Microsoft Corporation) [File not signed]
U3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation) [File not signed]
U3 CertPropSvc; C:\Windows\System32\certprop.dll [192000 2015-07-10] (Microsoft Corporation) [File not signed]
U2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-03] (COMODO)
U3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-05] (COMODO)
U2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-08-16] (Microsoft Corporation) [File not signed]
R2 CryptSvc; C:\Windows\system32\cryptsvc.dll [77312 2015-07-10] (Microsoft Corporation) [File not signed]
R2 DcomLaunch; C:\Windows\system32\rpcss.dll [873984 2015-07-10] (Microsoft Corporation) [File not signed]
U3 DcpSvc; C:\Windows\system32\dcpsvc.dll [196096 2015-07-10] (Microsoft Corporation) [File not signed]
U3 defragsvc; C:\Windows\System32\defragsvc.dll [495104 2015-07-10] (Microsoft Corporation) [File not signed]
U2 DeviceAssociationService; C:\Windows\system32\das.dll [405504 2015-07-10] (Microsoft Corporation) [File not signed]
U3 DeviceInstall; C:\Windows\system32\umpnpmgr.dll [111616 2015-07-10] (Microsoft Corporation) [File not signed]
U3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [33280 2015-07-10] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\Windows\system32\dhcpcore.dll [356352 2015-07-10] (Microsoft Corporation) [File not signed]
U2 Dhcp; C:\Windows\SysWOW64\dhcpcore.dll [292352 2015-07-10] (Microsoft Corporation) [File not signed]
U3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation) [File not signed]
U3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation) [File not signed]
U2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [63488 2015-07-10] (Microsoft Corporation) [File not signed]
U2 Dnscache; C:\Windows\System32\dnsrslvr.dll [276992 2015-07-10] (Microsoft Corporation) [File not signed]
U2 DoSvc; C:\Windows\system32\dosvc.dll [1169408 2015-08-16] (Microsoft Corporation) [File not signed]
U3 dot3svc; C:\Windows\System32\dot3svc.dll [263680 2015-07-10] (Microsoft Corporation) [File not signed]
U2 DPS; C:\Windows\system32\dps.dll [168960 2015-07-10] (Microsoft Corporation) [File not signed]
U3 DsmSvc; C:\Windows\System32\DeviceSetupManager.dll [237568 2015-07-10] (Microsoft Corporation) [File not signed]
U3 DsSvc; C:\Windows\System32\DsSvc.dll [143872 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Eaphost; C:\Windows\System32\eapsvc.dll [106496 2015-07-10] (Microsoft Corporation) [File not signed]
U3 EFS; C:\Windows\system32\efssvc.dll [55808 2015-07-10] (Microsoft Corporation) [File not signed]
U3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation) [File not signed]
U3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation) [File not signed]
U2 EventLog; C:\Windows\System32\wevtsvc.dll [1729024 2015-07-10] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\Windows\system32\es.dll [472576 2015-07-10] (Microsoft Corporation) [File not signed]
U2 EventSystem; C:\Windows\SysWOW64\es.dll [344576 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Fax; C:\Windows\system32\fxssvc.exe [651776 2015-07-10] (Microsoft Corporation) [File not signed]
U3 fdPHost; C:\Windows\system32\fdPHost.dll [21504 2015-07-10] (Microsoft Corporation) [File not signed]
U2 FDResPub; C:\Windows\system32\fdrespub.dll [35840 2015-07-10] (Microsoft Corporation) [File not signed]
U3 fhsvc; C:\Windows\system32\fhsvc.dll [118784 2015-07-10] (Microsoft Corporation) [File not signed]
U2 FontCache; C:\Windows\system32\FntCache.dll [1679360 2015-08-16] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\Windows\system32\hidserv.dll [34304 2015-07-10] (Microsoft Corporation) [File not signed]
U3 hidserv; C:\Windows\SysWOW64\hidserv.dll [29696 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HomeGroupListener; C:\Windows\system32\ListSvc.dll [273408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\Windows\system32\provsvc.dll [463872 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HomeGroupProvider; C:\Windows\SysWOW64\provsvc.dll [381440 2015-07-10] (Microsoft Corporation) [File not signed]
U3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation) [File not signed]
U3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [115200 2015-07-10] (Microsoft Corporation) [File not signed]
U2 IKEEXT; C:\Windows\System32\ikeext.dll [954368 2015-07-10] (Microsoft Corporation) [File not signed]
U2 iphlpsvc; C:\Windows\System32\iphlpsvc.dll [954880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\Windows\system32\keyiso.dll [96256 2015-07-10] (Microsoft Corporation) [File not signed]
U3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [69632 2015-07-10] (Microsoft Corporation) [File not signed]
U3 KtmRm; C:\Windows\system32\msdtckrm.dll [378880 2015-07-10] (Microsoft Corporation) [File not signed]
U2 LanmanServer; C:\Windows\system32\srvsvc.dll [283136 2015-07-10] (Microsoft Corporation) [File not signed]
R2 LanmanWorkstation; C:\Windows\System32\wkssvc.dll [279040 2015-07-10] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\Windows\System32\lfsvc.dll [27136 2015-07-10] (Microsoft Corporation) [File not signed]
U3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation) [File not signed]
U3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation) [File not signed]
U3 lltdsvc; C:\Windows\System32\lltdsvc.dll [279040 2015-07-10] (Microsoft Corporation) [File not signed]
U3 lmhosts; C:\Windows\System32\lmhsvc.dll [23040 2015-07-10] (Microsoft Corporation) [File not signed]
U2 LSM; C:\Windows\System32\lsm.dll [749056 2015-07-10] (Microsoft Corporation) [File not signed]
U2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation) [File not signed]
U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
U2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [157928 2015-09-02] (McAfee, Inc.)
U2 MpsSvc; C:\Windows\system32\mpssvc.dll [856576 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MSDTC; C:\Windows\System32\msdtc.exe [147968 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MSiSCSI; C:\Windows\system32\iscsiexe.dll [151040 2015-07-10] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\System32\msiexec.exe [65536 2015-08-16] (Microsoft Corporation) [File not signed]
S3 msiserver; C:\Windows\SysWOW64\msiexec.exe [58368 2015-08-16] (Microsoft Corporation) [File not signed]
U2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-08-16] (Microsoft Corporation) [File not signed]
U3 NcaSvc; C:\Windows\System32\ncasvc.dll [167424 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NcbService; C:\Windows\System32\ncbservice.dll [337408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NcdAutoSetup; C:\Windows\System32\NcdAutoSetup.dll [75264 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\Windows\system32\netlogon.dll [836096 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [708608 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Netman; C:\Windows\System32\netman.dll [265728 2015-07-10] (Microsoft Corporation) [File not signed]
U3 netprofm; C:\Windows\System32\netprofmsvc.dll [550400 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [187392 2015-08-17] (Microsoft Corporation) [File not signed]
U3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [268800 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NgcSvc; C:\Windows\system32\ngcsvc.dll [512000 2015-07-10] (Microsoft Corporation) [File not signed]
U2 NlaSvc; C:\Windows\System32\nlasvc.dll [371712 2015-07-10] (Microsoft Corporation) [File not signed]
U2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation) [File not signed]
U3 p2pimsvc; C:\Windows\system32\pnrpsvc.dll [351232 2015-07-10] (Microsoft Corporation) [File not signed]
U3 p2psvc; C:\Windows\system32\p2psvc.dll [434176 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PerfHost; C:\Windows\SysWow64\perfhost.exe [21504 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation) [File not signed]
U3 pla; C:\Windows\system32\pla.dll [1486848 2015-07-10] (Microsoft Corporation) [File not signed]
U3 pla; C:\Windows\SysWOW64\pla.dll [1536512 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PlugPlay; C:\Windows\system32\umpnpmgr.dll [111616 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PNRPAutoReg; C:\Windows\system32\pnrpauto.dll [27648 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PNRPsvc; C:\Windows\system32\pnrpsvc.dll [351232 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PolicyAgent; C:\Windows\System32\ipsecsvc.dll [390656 2015-07-10] (Microsoft Corporation) [File not signed]
U2 Power; C:\Windows\system32\umpo.dll [93184 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PrintNotify; C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll [3337728 2015-07-10] (Microsoft Corporation) [File not signed]
U2 ProfSvc; C:\Windows\system32\profsvc.dll [324608 2015-07-10] (Microsoft Corporation) [File not signed]
U3 QWAVE; C:\Windows\system32\qwave.dll [286720 2015-07-10] (Microsoft Corporation) [File not signed]
S3 RasAuto; C:\Windows\System32\rasauto.dll [106496 2015-07-10] (Microsoft Corporation) [File not signed]
S3 RasMan; C:\Windows\System32\rasmans.dll [679936 2015-07-10] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\System32\mprdim.dll [497152 2015-07-10] (Microsoft Corporation) [File not signed]
S4 RemoteAccess; C:\Windows\SysWOW64\mprdim.dll [410112 2015-07-10] (Microsoft Corporation) [File not signed]
U4 RemoteRegistry; C:\Windows\system32\regsvc.dll [154112 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation) [File not signed]
R2 RpcEptMapper; C:\Windows\System32\RpcEpMap.dll [79360 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RpcLocator; C:\Windows\system32\locator.exe [10752 2015-07-10] (Microsoft Corporation) [File not signed]
R2 RpcSs; C:\Windows\system32\rpcss.dll [873984 2015-07-10] (Microsoft Corporation) [File not signed]
U2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-09-30] (Realtek Semiconductor Corp.) [File not signed]
U4 SCardSvr; C:\Windows\System32\SCardSvr.dll [232448 2015-07-10] (Microsoft Corporation) [File not signed]
U3 ScDeviceEnum; C:\Windows\System32\ScDeviceEnum.dll [181760 2015-07-10] (Microsoft Corporation) [File not signed]
U2 Schedule; C:\Windows\system32\schedsvc.dll [1008640 2015-09-17] (Microsoft Corporation) [File not signed]
U3 SCPolicySvc; C:\Windows\System32\certprop.dll [192000 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SDRSVC; C:\Windows\System32\SDRSVC.dll [150528 2015-07-10] (Microsoft Corporation) [File not signed]
U3 seclogon; C:\Windows\system32\seclogon.dll [31232 2015-07-10] (Microsoft Corporation) [File not signed]
R2 SENS; C:\Windows\System32\sens.dll [72192 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-16] (Microsoft Corporation) [File not signed]
U3 SensorService; C:\Windows\system32\SensorService.dll [229376 2015-08-16] (Microsoft Corporation) [File not signed]
U3 SensrSvc; C:\Windows\system32\sensrsvc.dll [177152 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\Windows\system32\sessenv.dll [371200 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SessionEnv; C:\Windows\SysWOW64\sessenv.dll [312320 2015-07-10] (Microsoft Corporation) [File not signed]
U4 SharedAccess; C:\Windows\System32\ipnathlp.dll [452608 2015-07-10] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\Windows\System32\shsvcs.dll [593920 2015-07-10] (Microsoft Corporation) [File not signed]
U2 ShellHWDetection; C:\Windows\SysWOW64\shsvcs.dll [544768 2015-07-10] (Microsoft Corporation) [File not signed]
U3 smphost; C:\Windows\System32\smphost.dll [19968 2015-07-10] (Microsoft Corporation) [File not signed]
U3 smphost; C:\Windows\SysWOW64\smphost.dll [17920 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [583680 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [15872 2015-07-10] (Microsoft Corporation) [File not signed]
R2 Spooler; C:\Windows\System32\spoolsv.exe [781824 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SSDPSRV; C:\Windows\System32\ssdpsrv.dll [243712 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SstpSvc; C:\Windows\system32\sstpsvc.dll [210944 2015-07-10] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation) [File not signed]
U3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation) [File not signed]
U3 stisvc; C:\Windows\System32\wiaservc.dll [637440 2015-07-10] (Microsoft Corporation) [File not signed]
U3 StorSvc; C:\Windows\system32\storsvc.dll [394240 2015-07-10] (Microsoft Corporation) [File not signed]
U3 svsvc; C:\Windows\system32\svsvc.dll [13824 2015-07-10] (Microsoft Corporation) [File not signed]
U3 swprv; C:\Windows\System32\swprv.dll [464896 2015-07-10] (Microsoft Corporation) [File not signed]
U2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [249032 2015-06-03] (Synaptics Incorporated)
U2 SysMain; C:\Windows\system32\sysmain.dll [1106432 2015-08-11] (Microsoft Corporation) [File not signed]
U2 SystemEventsBroker; C:\Windows\System32\SystemEventsBrokerServer.dll [379904 2015-07-10] (Microsoft Corporation) [File not signed]
U3 TabletInputService; C:\Windows\System32\TabSvc.dll [151040 2015-08-16] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\Windows\System32\tapisrv.dll [311808 2015-07-10] (Microsoft Corporation) [File not signed]
U3 TapiSrv; C:\Windows\SysWOW64\tapisrv.dll [254976 2015-07-10] (Microsoft Corporation) [File not signed]
U2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5702416 2015-09-11] (TeamViewer GmbH)
S3 TermService; C:\Windows\System32\termsrv.dll [1032192 2015-07-10] (Microsoft Corporation) [File not signed]
R2 Themes; C:\Windows\system32\themeservice.dll [58368 2015-07-10] (Microsoft Corporation) [File not signed]
U2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [503808 2015-08-16] (Microsoft Corporation) [File not signed]
U3 TimeBroker; C:\Windows\System32\TimeBrokerServer.dll [167936 2015-07-10] (Microsoft Corporation) [File not signed]
U2 TrkWks; C:\Windows\System32\trkwks.dll [114176 2015-07-10] (Microsoft Corporation) [File not signed]
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [120832 2015-07-10] (Microsoft Corporation) [File not signed]
U3 UI0Detect; C:\Windows\system32\UI0Detect.exe [43008 2015-07-10] (Microsoft Corporation) [File not signed]
U3 UmRdpService; C:\Windows\System32\umrdp.dll [276992 2015-07-10] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-08-16] (Microsoft Corporation) [File not signed]
U3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-08-16] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\Windows\System32\upnphost.dll [452096 2015-07-10] (Microsoft Corporation) [File not signed]
U3 upnphost; C:\Windows\SysWOW64\upnphost.dll [329216 2015-07-10] (Microsoft Corporation) [File not signed]
U3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-08-16] (Microsoft Corporation) [File not signed]
U2 UserManager; C:\Windows\System32\usermgr.dll [717312 2015-07-10] (Microsoft Corporation) [File not signed]
U3 UsoSvc; C:\Windows\system32\usocore.dll [343040 2015-08-16] (Microsoft Corporation) [File not signed]
U3 VaultSvc; C:\Windows\System32\vaultsvc.dll [322048 2015-08-17] (Microsoft Corporation) [File not signed]
U3 vds; C:\Windows\System32\vds.exe [665088 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmicguestinterface; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmicheartbeat; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmickvpexchange; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmicrdv; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmicshutdown; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmictimesync; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vmicvss; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation) [File not signed]
U3 VSS; C:\Windows\system32\vssvc.exe [1370112 2015-07-10] (Microsoft Corporation) [File not signed]
U3 W32Time; C:\Windows\system32\w32time.dll [518656 2015-07-10] (Microsoft Corporation) [File not signed]
U3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-16] (Microsoft Corporation) [File not signed]
U2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-16] (Microsoft Corporation) [File not signed]
U3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WAS; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-08-16] (Microsoft Corporation) [File not signed]
U3 wbengine; C:\Windows\system32\wbengine.exe [1570816 2015-07-10] (Microsoft Corporation) [File not signed]
U2 WbioSrvc; C:\Windows\System32\wbiosrvc.dll [605184 2015-07-10] (Microsoft Corporation) [File not signed]
U2 Wcmsvc; C:\Windows\System32\wcmsvc.dll [593920 2015-08-11] (Microsoft Corporation) [File not signed]
U3 wcncsvc; C:\Windows\System32\wcncsvc.dll [471040 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WcsPlugInService; C:\Windows\System32\WcsPlugInService.dll [43008 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WcsPlugInService; C:\Windows\SysWOW64\WcsPlugInService.dll [33792 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\Windows\system32\wdi.dll [98304 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WdiServiceHost; C:\Windows\SysWOW64\wdi.dll [89600 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\Windows\system32\wdi.dll [98304 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WdiSystemHost; C:\Windows\SysWOW64\wdi.dll [89600 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
U3 WebClient; C:\Windows\System32\webclnt.dll [228864 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WebClient; C:\Windows\SysWOW64\webclnt.dll [199680 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Wecsvc; C:\Windows\system32\wecsvc.dll [211456 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WEPHOSTSVC; C:\Windows\system32\wephostsvc.dll [27648 2015-07-10] (Microsoft Corporation) [File not signed]
U3 wercplsupport; C:\Windows\System32\wercplsupport.dll [95744 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WerSvc; C:\Windows\System32\WerSvc.dll [133120 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WiaRpc; C:\Windows\System32\wiarpc.dll [74752 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
U2 Winmgmt; C:\Windows\system32\wbem\WMIsvc.dll [226304 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\Windows\system32\WsmSvc.dll [2556928 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WinRM; C:\Windows\SysWOW64\WsmSvc.dll [2181120 2015-07-10] (Microsoft Corporation) [File not signed]
U2 WlanSvc; C:\Windows\System32\wlansvc.dll [2226688 2015-08-18] (Microsoft Corporation) [File not signed]
U3 wlidsvc; C:\Windows\system32\wlidsvc.dll [2093056 2015-08-12] (Microsoft Corporation) [File not signed]
U3 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [202752 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WMPNetworkSvc; C:\Program Files\Windows Media Player\wmpnetwk.exe [1473536 2015-07-10] (Microsoft Corporation) [File not signed]
U3 workfolderssvc; C:\Windows\system32\workfolderssvc.dll [1844736 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WPDBusEnum; C:\Windows\system32\wpdbusenum.dll [86016 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WpnService; C:\Windows\system32\WpnService.dll [49152 2015-07-10] (Microsoft Corporation) [File not signed]
U2 wscsvc; C:\Windows\System32\wscsvc.dll [179200 2015-07-10] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\Windows\system32\SearchIndexer.exe [902656 2015-08-16] (Microsoft Corporation) [File not signed]
U2 WSearch; C:\Windows\SysWOW64\SearchIndexer.exe [712192 2015-08-16] (Microsoft Corporation) [File not signed]
U3 wuauserv; C:\Windows\system32\wuaueng.dll [2235904 2015-08-19] (Microsoft Corporation) [File not signed]
U3 wudfsvc; C:\Windows\System32\WUDFSvc.dll [96256 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WwanSvc; C:\Windows\System32\wwansvc.dll [1178112 2015-08-11] (Microsoft Corporation) [File not signed]
U3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation) [File not signed]
U3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation) [File not signed]
U3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation) [File not signed]
U2 RtkAudioService; "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [X]

===================== Drivers (Whitelisted) ==========================


Report •

#28
September 17, 2015 at 21:24:28
Forget trying to run Combofix, just remembered it is W10.

Comodo is making life very hard during cleanup, I would uninstall it, I myself use the MS AV.

How to uninstall Comodo AntiVirus (CAV)
https://support.comodo.com/index.ph...

Run RogueKiller
http://www.softpedia.com/get/Securi...
http://majorgeeks.com/RogueKiller_d...
http://www.geekstogo.com/forum/file...
http://tigzy.geekstogo.com/roguekil...
http://www.sur-la-toile.com/RogueKi...
User Guide
http://www.adlice.com/softwares/rog...
Official tutorial
http://www.adlice.com/softwares/rog...
How to Temporarily Disable your Anti-virus
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
If RogueKiller won't run, open IE & turn off SmartScreen Filter.
http://windows.microsoft.com/en-AU/...
http://www.askvg.com/how-to-disable...
Download & SAVE to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Quit all programs that you may have started.
Shutdown your antivirus to avoid any conflicts.
Please disconnect any USB or external drives from the computer before you run this scan!
For Vista or Windows 7/8, right-click and select "Run as Administrator to start"

For Windows XP, double-click to start.
Wait until Prescan has finished ...
Then Click on "Scan" button
Wait until the Status box shows "Scan Finished"
Anything that is not checked, leave it unchecked.
Click on "Delete"
Wait until the Status box shows "Deleting Finished"
Click on "Report" and Copy & Paste the content of the Notepad into your next reply.
The log should be found in RKreport[1].txt on your Desktop.
Exit/Close RogueKiller.
When completed, make sure to re-enable your antivirus.


Report •

#29
September 17, 2015 at 21:25:19
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

U3 1394ohci; C:\Windows\System32\drivers\1394ohci.sys [235520 2015-07-10] (Microsoft Corporation) [File not signed]
U3 acpipagr; C:\Windows\System32\drivers\acpipagr.sys [12288 2015-07-10] (Microsoft Corporation) [File not signed]
U3 AcpiPmi; C:\Windows\System32\drivers\acpipmi.sys [13312 2015-07-10] (Microsoft Corporation) [File not signed]
U3 acpitime; C:\Windows\System32\drivers\acpitime.sys [12800 2015-07-10] (Microsoft Corporation) [File not signed]
U1 ahcache; C:\Windows\System32\DRIVERS\ahcache.sys [215552 2015-07-10] (Microsoft Corporation) [File not signed]
U3 AmdK8; C:\Windows\System32\drivers\amdk8.sys [121344 2015-07-10] (Microsoft Corporation) [File not signed]
U3 AmdPPM; C:\Windows\System32\drivers\amdppm.sys [118272 2015-07-10] (Microsoft Corporation) [File not signed]
U3 AsyncMac; C:\Windows\System32\drivers\asyncmac.sys [28160 2015-07-10] (Microsoft Corporation) [File not signed]
U1 BasicDisplay; C:\Windows\System32\drivers\BasicDisplay.sys [55296 2015-07-10] (Microsoft Corporation) [File not signed]
U1 BasicRender; C:\Windows\System32\drivers\BasicRender.sys [41472 2015-07-10] (Microsoft Corporation) [File not signed]
U3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
U3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [105472 2015-07-10] (Microsoft Corporation) [File not signed]
U3 BthAvrcpTg; C:\Windows\System32\drivers\BthAvrcpTg.sys [42496 2015-07-10] (Microsoft Corporation) [File not signed]
U3 BthEnum; C:\Windows\System32\drivers\BthEnum.sys [105984 2015-07-10] (Microsoft Corporation) [File not signed]
U3 BthHFEnum; C:\Windows\System32\drivers\bthhfenum.sys [65536 2015-08-16] (Microsoft Corporation) [File not signed]
U3 bthhfhid; C:\Windows\System32\drivers\BthHFHid.sys [30720 2015-07-10] (Microsoft Corporation) [File not signed]
U3 BTHMODEM; C:\Windows\System32\drivers\bthmodem.sys [65536 2015-07-10] (Microsoft Corporation) [File not signed]
U3 BthPan; C:\Windows\System32\drivers\bthpan.sys [128512 2015-07-10] (Microsoft Corporation) [File not signed]
U3 BTHPORT; C:\Windows\System32\Drivers\BTHport.sys [929280 2015-08-19] (Microsoft Corporation) [File not signed]
U3 BTHUSB; C:\Windows\System32\Drivers\BTHUSB.sys [84992 2015-07-10] (Microsoft Corporation) [File not signed]
U3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [32256 2015-07-10] (Microsoft Corporation) [File not signed]
U3 CapImg; C:\Windows\System32\drivers\capimg.sys [116736 2015-07-10] (Microsoft Corporation) [File not signed]
U4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92672 2015-07-10] (Microsoft Corporation) [File not signed]
U1 cdrom; C:\Windows\System32\drivers\cdrom.sys [174080 2015-07-10] (Microsoft Corporation) [File not signed]
U3 circlass; C:\Windows\System32\drivers\circlass.sys [48640 2015-07-10] (Microsoft Corporation) [File not signed]
U3 CmBatt; C:\Windows\System32\drivers\CmBatt.sys [29184 2015-07-10] (Microsoft Corporation) [File not signed]
U1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-05] (COMODO)
U1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-05] (COMODO)
U1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-05] (COMODO)
U3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation) [File not signed]
U3 condrv; C:\Windows\System32\drivers\condrv.sys [41984 2015-07-10] (Microsoft Corporation) [File not signed]
U1 Dfsc; C:\Windows\System32\Drivers\dfsc.sys [138240 2015-07-10] (Microsoft Corporation) [File not signed]
U3 dmvsc; C:\Windows\System32\drivers\dmvsc.sys [33792 2015-07-10] (Microsoft Corporation) [File not signed]
U3 ErrDev; C:\Windows\System32\drivers\errdev.sys [11776 2015-07-10] (Microsoft Corporation) [File not signed]
U3 exfat; C:\Windows\System32\Drivers\exfat.sys [313856 2015-07-10] (Microsoft Corporation) [File not signed]
U3 fcvsc; C:\Windows\System32\drivers\fcvsc.sys [31232 2015-07-10] (Microsoft Corporation) [File not signed]
U3 fdc; C:\Windows\System32\drivers\fdc.sys [32256 2015-07-10] (Microsoft Corporation) [File not signed]
U1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [35840 2015-07-10] (Microsoft Corporation) [File not signed]
U3 flpydisk; C:\Windows\System32\drivers\flpydisk.sys [26112 2015-07-10] (Microsoft Corporation) [File not signed]
U3 gencounter; C:\Windows\System32\drivers\vmgencounter.sys [13312 2015-07-10] (Microsoft Corporation) [File not signed]
U3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation) [File not signed]
U0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-29] (GFI Software)
U1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HDAudBus; C:\Windows\System32\drivers\HDAudBus.sys [80896 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HidBatt; C:\Windows\System32\drivers\HidBatt.sys [28160 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HidBth; C:\Windows\System32\drivers\hidbth.sys [107520 2015-07-10] (Microsoft Corporation) [File not signed]
U3 hidi2c; C:\Windows\System32\drivers\hidi2c.sys [51200 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HidIr; C:\Windows\System32\drivers\hidir.sys [46592 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HidUsb; C:\Windows\System32\drivers\hidusb.sys [38400 2015-07-10] (Microsoft Corporation) [File not signed]
U3 hyperkbd; C:\Windows\System32\drivers\hyperkbd.sys [16384 2015-07-10] (Microsoft Corporation) [File not signed]
U3 HyperVideo; C:\Windows\system32\DRIVERS\HyperVideo.sys [26112 2015-07-10] (Microsoft Corporation) [File not signed]
U3 i8042prt; C:\Windows\System32\drivers\i8042prt.sys [114688 2015-07-10] (Microsoft Corporation) [File not signed]
U1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-05] (COMODO)
U3 IntcDAud; C:\Windows\system32\DRIVERS\IntcDAud.sys [317440 2010-10-14] (Intel(R) Corporation) [File not signed]
U3 intelppm; C:\Windows\System32\drivers\intelppm.sys [129536 2015-07-10] (Microsoft Corporation) [File not signed]
U3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation) [File not signed]
U3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [85504 2015-07-10] (Microsoft Corporation) [File not signed]
U3 IPMIDRV; C:\Windows\System32\drivers\IPMIDrv.sys [81408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [143360 2015-07-10] (Microsoft Corporation) [File not signed]
U3 IRENUM; C:\Windows\System32\drivers\irenum.sys [19456 2015-07-10] (Microsoft Corporation) [File not signed]
U3 kbdhid; C:\Windows\System32\drivers\kbdhid.sys [36864 2015-07-10] (Microsoft Corporation) [File not signed]
U3 kdnic; C:\Windows\System32\drivers\kdnic.sys [23040 2015-07-10] (Microsoft Corporation) [File not signed]
U3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [26112 2015-07-10] (Microsoft Corporation) [File not signed]
U2 lltdio; C:\Windows\System32\drivers\lltdio.sys [64000 2015-07-10] (Microsoft Corporation) [File not signed]
U2 luafv; C:\Windows\system32\drivers\luafv.sys [127488 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
U3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
U3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [37960 2015-09-02] (McAfee, Inc.)
U2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [48128 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Modem; C:\Windows\System32\drivers\modem.sys [41984 2015-07-10] (Microsoft Corporation) [File not signed]
U3 monitor; C:\Windows\System32\drivers\monitor.sys [38400 2015-07-10] (Microsoft Corporation) [File not signed]
U3 mouhid; C:\Windows\System32\drivers\mouhid.sys [32256 2015-07-10] (Microsoft Corporation) [File not signed]
U3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [76288 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-08-16] (Microsoft Corporation) [File not signed]
U3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [143872 2015-07-10] (Microsoft Corporation) [File not signed]
U3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [415232 2015-07-10] (Microsoft Corporation) [File not signed]
U2 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [284672 2015-07-10] (Microsoft Corporation) [File not signed]
U3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [217600 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MsBridge; C:\Windows\System32\drivers\bridge.sys [114688 2015-07-10] (Microsoft Corporation) [File not signed]
U3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8704 2015-07-10] (Microsoft Corporation) [File not signed]
U3 mshidumdf; C:\Windows\System32\drivers\mshidumdf.sys [11776 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MSKSSRV; C:\Windows\system32\drivers\MSKSSRV.sys [13824 2015-07-10] (Microsoft Corporation) [File not signed]
U2 MsLldp; C:\Windows\System32\drivers\mslldp.sys [82432 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MSPCLOCK; C:\Windows\system32\drivers\MSPCLOCK.sys [10752 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MSPQM; C:\Windows\system32\drivers\MSPQM.sys [10752 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MSTEE; C:\Windows\system32\drivers\MSTEE.sys [12800 2015-07-10] (Microsoft Corporation) [File not signed]
U3 MTConfig; C:\Windows\System32\drivers\MTConfig.sys [15872 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [529408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NdisCap; C:\Windows\System32\drivers\ndiscap.sys [50176 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NdisImPlatform; C:\Windows\System32\drivers\NdisImPlatform.sys [129024 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [25600 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Ndisuio; C:\Windows\System32\drivers\ndisuio.sys [63488 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [20992 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NdisWan; C:\Windows\System32\drivers\ndiswan.sys [188928 2015-07-10] (Microsoft Corporation) [File not signed]
U3 ndiswanlegacy; C:\Windows\System32\DRIVERS\ndiswan.sys [188928 2015-07-10] (Microsoft Corporation) [File not signed]
U3 ndproxy; C:\Windows\System32\DRIVERS\NDProxy.sys [60928 2015-07-10] (Microsoft Corporation) [File not signed]
U2 Ndu; C:\Windows\System32\drivers\Ndu.sys [124928 2015-07-10] (Microsoft Corporation) [File not signed]
U1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [273408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 netvsc; C:\Windows\System32\drivers\netvsc.sys [94720 2015-07-10] (Microsoft Corporation) [File not signed]
U3 NETwNs64; C:\Windows\System32\drivers\Netwsw00.sys [11518976 2015-07-10] (Intel Corporation) [File not signed]
U1 npsvctrig; C:\Windows\System32\drivers\npsvctrig.sys [26624 2015-07-10] (Microsoft Corporation) [File not signed]
U1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [40448 2015-07-10] (Microsoft Corporation) [File not signed]
U1 Null; C:\Windows\System32\Drivers\Null.sys [7168 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Parport; C:\Windows\System32\drivers\parport.sys [96768 2015-07-10] (Microsoft Corporation) [File not signed]
U2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [721408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 PptpMiniport; C:\Windows\System32\drivers\raspptp.sys [95744 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Processor; C:\Windows\System32\drivers\processr.sys [117248 2015-07-10] (Microsoft Corporation) [File not signed]
U3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [48640 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [17408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RasAgileVpn; C:\Windows\System32\drivers\AgileVpn.sys [105984 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Rasl2tp; C:\Windows\System32\drivers\rasl2tp.sys [104960 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RasPppoe; C:\Windows\System32\drivers\raspppoe.sys [81408 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RasSstp; C:\Windows\System32\drivers\rassstp.sys [78336 2015-07-10] (Microsoft Corporation) [File not signed]
U1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [414720 2015-07-10] (Microsoft Corporation) [File not signed]
U3 rdpbus; C:\Windows\System32\drivers\rdpbus.sys [26112 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RDPDR; C:\Windows\System32\drivers\rdpdr.sys [176128 2015-07-10] (Microsoft Corporation) [File not signed]
U3 RFCOMM; C:\Windows\System32\drivers\rfcomm.sys [167936 2015-07-10] (Microsoft Corporation) [File not signed]
U2 rspndr; C:\Windows\System32\drivers\rspndr.sys [80896 2015-07-10] (Microsoft Corporation) [File not signed]
U3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek ) [File not signed]
U3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410848 2015-08-16] (Realsil Semiconductor Corporation)
U3 s3cap; C:\Windows\System32\drivers\vms3cap.sys [8704 2015-07-10] (Microsoft Corporation) [File not signed]
U3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [3293272 2010-12-23] (Windows (R) Win 7 DDK provider)
U3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [43008 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Serenum; C:\Windows\System32\drivers\serenum.sys [24576 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Serial; C:\Windows\System32\drivers\serial.sys [83968 2015-07-10] (Microsoft Corporation) [File not signed]
U3 sermouse; C:\Windows\System32\drivers\sermouse.sys [27648 2015-07-10] (Microsoft Corporation) [File not signed]
U3 sfloppy; C:\Windows\System32\drivers\sfloppy.sys [18432 2015-07-10] (Microsoft Corporation) [File not signed]
U3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-03] (Synaptics Incorporated)
U2 srv; C:\Windows\System32\DRIVERS\srv.sys [410624 2015-07-10] (Microsoft Corporation) [File not signed]
U3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [674304 2015-07-10] (Microsoft Corporation) [File not signed]
U3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [239616 2015-07-10] (Microsoft Corporation) [File not signed]
U2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation) [File not signed]
U3 Synth3dVsc; C:\Windows\System32\drivers\Synth3dVsc.sys [64000 2015-07-10] (Microsoft Corporation) [File not signed]
U2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [52224 2015-07-10] (Microsoft Corporation) [File not signed]
U3 TsUsbFlt; C:\Windows\System32\drivers\TsUsbFlt.sys [61440 2015-07-10] (Microsoft Corporation) [File not signed]
U3 TsUsbGD; C:\Windows\System32\drivers\TsUsbGD.sys [33280 2015-07-10] (Microsoft Corporation) [File not signed]
U3 tunnel; C:\Windows\System32\drivers\tunnel.sys [155136 2015-08-16] (Microsoft Corporation) [File not signed]
U3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation) [File not signed]
U3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-08-16] (Microsoft Corporation) [File not signed]
U3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] () [File not signed]
U4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [321024 2015-07-10] (Microsoft Corporation) [File not signed]
U3 umbus; C:\Windows\System32\drivers\umbus.sys [57344 2015-07-10] (Microsoft Corporation) [File not signed]
U3 UmPass; C:\Windows\System32\drivers\umpass.sys [12800 2015-07-10] (Microsoft Corporation) [File not signed]
U3 usbcir; C:\Windows\System32\drivers\usbcir.sys [102400 2015-07-10] (Microsoft Corporation) [File not signed]
U3 usbohci; C:\Windows\System32\drivers\usbohci.sys [29184 2015-07-10] (Microsoft Corporation) [File not signed]
U3 usbprint; C:\Windows\System32\drivers\usbprint.sys [27136 2015-07-10] (Microsoft Corporation) [File not signed]
U3 usbser; C:\Windows\System32\drivers\usbser.sys [67072 2015-08-16] (Microsoft Corporation) [File not signed]
U3 usbuhci; C:\Windows\System32\drivers\usbuhci.sys [34816 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vhf; C:\Windows\System32\drivers\vhf.sys [31744 2015-07-10] (Microsoft Corporation) [File not signed]
U3 VMBusHID; C:\Windows\System32\drivers\VMBusHID.sys [25088 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vwifibus; C:\Windows\System32\drivers\vwifibus.sys [26112 2015-07-10] (Microsoft Corporation) [File not signed]
U1 vwififlt; C:\Windows\System32\drivers\vwififlt.sys [72704 2015-07-10] (Microsoft Corporation) [File not signed]
U3 vwifimp; C:\Windows\System32\drivers\vwifimp.sys [39936 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WacomPen; C:\Windows\System32\drivers\wacompen.sys [29696 2015-07-10] (Microsoft Corporation) [File not signed]
U3 wanarp; C:\Windows\System32\DRIVERS\wanarp.sys [80384 2015-07-10] (Microsoft Corporation) [File not signed]
U3 wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [80384 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
U3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
U3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [685568 2015-08-16] (Microsoft Corporation) [File not signed]
U3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 WINUSB; C:\Windows\System32\drivers\WinUSB.SYS [87552 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WmiAcpi; C:\Windows\System32\drivers\wmiacpi.sys [18432 2015-07-10] (Microsoft Corporation) [File not signed]
U4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [22528 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [97280 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WUDFRd; C:\Windows\System32\drivers\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation) [File not signed]
U3 WUDFWpdFs; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation) [File not signed]
U3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation) [File not signed]
U3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation) [File not signed]
U3 idsvc; no ImagePath
U3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


Report •

#30
September 17, 2015 at 21:26:09
==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 21:10 - 2015-09-17 21:11 - 00060318 _____ C:\Users\Sharon\Desktop\FRST.txt
2015-09-17 21:09 - 2015-09-17 21:09 - 00016148 _____ C:\WINDOWS\system32\MCCARTNEY_Sharon_HistoryPrediction.bin
2015-09-17 20:58 - 2015-09-17 21:10 - 00000000 ____D C:\FRST
2015-09-17 20:53 - 2015-09-17 20:53 - 02191360 _____ (Farbar) C:\Users\Sharon\Desktop\FRST64.exe
2015-09-17 20:52 - 2015-09-17 20:52 - 01695232 _____ (Farbar) C:\Users\Sharon\Desktop\FRST.exe
2015-09-17 20:44 - 2015-09-17 20:44 - 05736624 _____ (JAM Software ) C:\Users\Sharon\Downloads\UltraSearch-x64-Setup.exe
2015-09-17 20:44 - 2015-09-17 20:44 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\JAM Software
2015-09-17 20:44 - 2015-09-17 20:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraSearch
2015-09-17 20:44 - 2015-09-17 20:44 - 00000000 ____D C:\Program Files\JAM Software
2015-09-17 20:42 - 2015-09-17 20:42 - 00001716 _____ C:\Users\Sharon\Desktop\JRT.txt
2015-09-17 20:24 - 2015-09-17 20:24 - 01798976 _____ (Malwarebytes) C:\Users\Sharon\Desktop\JRT.exe
2015-09-17 20:08 - 2015-09-17 20:11 - 00000000 ____D C:\AdwCleaner
2015-09-17 20:07 - 2015-09-17 20:57 - 00026722 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-17 20:07 - 2015-09-17 20:07 - 01662976 _____ C:\Users\Sharon\Downloads\AdwCleaner.exe
2015-09-17 20:07 - 2015-09-17 20:07 - 00000000 ___HD C:\VTRoot
2015-09-17 19:42 - 2015-09-17 19:42 - 00900375 _____ C:\Users\Sharon\Desktop\mbam.txt
2015-09-17 16:06 - 2015-09-17 21:06 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-17 16:06 - 2015-09-17 16:06 - 00001904 _____ C:\Users\Public\Desktop\COMODO Internet Security.lnk
2015-09-17 16:06 - 2015-09-17 16:06 - 00001904 _____ C:\ProgramData\Desktop\COMODO Internet Security.lnk
2015-09-17 16:06 - 2015-09-17 16:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\COMODO
2015-09-17 16:06 - 2015-09-17 16:06 - 00000000 ____D C:\ProgramData\Shared Space
2015-09-17 16:06 - 2015-09-17 16:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-09-17 16:06 - 2015-09-17 16:06 - 00000000 ____D C:\Program Files\COMODO
2015-09-17 16:01 - 2015-09-17 16:04 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-09-17 16:01 - 2015-09-17 16:01 - 00001112 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-09-17 16:01 - 2015-09-17 16:01 - 00001100 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-09-17 16:01 - 2015-09-17 16:01 - 00001100 _____ C:\ProgramData\Desktop\TeamViewer 10.lnk
2015-09-17 15:59 - 2015-09-17 16:06 - 00000000 ____D C:\ProgramData\Comodo
2015-09-17 15:59 - 2015-09-17 16:00 - 08159440 _____ (TeamViewer GmbH) C:\Users\Sharon\Downloads\TeamViewer_Setup_en.exe
2015-09-17 15:43 - 2015-09-17 15:43 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Mozilla
2015-09-17 15:43 - 2015-09-17 15:43 - 00000000 ____D C:\Users\Sharon\AppData\Local\Mozilla
2015-09-17 15:42 - 2015-09-17 15:42 - 00000963 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Waterfox.lnk
2015-09-17 15:42 - 2015-09-17 15:42 - 00000951 _____ C:\Users\Public\Desktop\Waterfox.lnk
2015-09-17 15:42 - 2015-09-17 15:42 - 00000951 _____ C:\ProgramData\Desktop\Waterfox.lnk
2015-09-17 15:42 - 2015-09-17 15:42 - 00000000 ____D C:\Program Files\Waterfox
2015-09-17 15:41 - 2015-09-17 15:42 - 72173960 _____ C:\Users\Sharon\Downloads\Waterfox 40.0.3 Setup.exe
2015-09-17 10:37 - 2015-09-17 10:39 - 00001588 _____ C:\WINDOWS\setupact.log
2015-09-17 10:37 - 2015-09-17 10:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-09-17 10:37 - 2015-09-17 10:37 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-09-17 10:37 - 2015-09-17 10:37 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-17 10:22 - 2015-09-17 16:20 - 00189800 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-17 10:22 - 2015-09-17 10:22 - 00001984 _____ C:\WINDOWS\PFRO.log
2015-09-17 09:31 - 2015-09-17 09:31 - 00011010 _____ C:\Users\Sharon\eset.txt
2015-09-17 02:07 - 2015-09-17 02:07 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-17 02:07 - 2015-09-17 02:07 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-17 02:07 - 2015-09-17 02:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-17 02:06 - 2015-09-17 02:06 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-17 02:06 - 2015-09-17 02:06 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-17 02:06 - 2015-09-17 02:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-17 02:06 - 2015-09-17 02:06 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-17 02:06 - 2015-09-17 02:06 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-17 02:06 - 2015-09-17 02:06 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-16 22:43 - 2015-09-16 22:43 - 02870984 _____ (ESET) C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe
2015-09-16 22:43 - 2015-09-16 22:43 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-16 21:44 - 2015-09-16 21:48 - 225688096 _____ (COMODO) C:\Users\Sharon\Downloads\cispremium_installer.exe
2015-09-16 21:25 - 2015-09-17 10:10 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Wise Disk Cleaner
2015-09-16 21:25 - 2015-09-16 21:25 - 00001277 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2015-09-16 21:25 - 2015-09-16 21:25 - 00001277 _____ C:\ProgramData\Desktop\Wise Disk Cleaner.lnk
2015-09-16 21:25 - 2015-09-16 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2015-09-16 21:25 - 2015-09-16 21:25 - 00000000 ____D C:\Program Files (x86)\Wise
2015-09-16 21:24 - 2015-09-16 21:25 - 02980472 _____ (WiseCleaner.com ) C:\Users\Sharon\Downloads\WDCFree.exe
2015-09-16 20:31 - 2015-09-17 19:40 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-16 20:31 - 2015-09-16 20:31 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-16 20:31 - 2015-09-16 20:31 - 00001171 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-16 20:31 - 2015-09-16 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-16 20:30 - 2015-09-16 20:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-16 20:30 - 2015-09-16 20:30 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Sharon\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-16 20:30 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-16 20:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-16 20:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-16 20:12 - 2015-09-16 20:12 - 00000000 ____D C:\Users\Sharon\AppData\Local\NetworkTiles
2015-09-16 20:08 - 2015-09-16 20:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-09-03 18:58 - 2015-09-03 18:58 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-09-03 18:58 - 2015-09-03 18:58 - 00000000 ____D C:\Users\DefaultAppPool
2015-09-03 18:58 - 2015-08-16 16:27 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-03 18:58 - 2015-08-16 16:27 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2015-09-03 18:58 - 2015-08-16 16:27 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-09-03 18:58 - 2015-07-10 04:04 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-09-03 18:58 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-09-03 18:58 - 2015-07-10 04:04 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-09-03 18:58 - 2015-07-10 04:04 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-03 18:58 - 2011-12-02 17:30 - 00002104 _____ C:\Users\DefaultAppPool\Desktop\OneKey Recovery.lnk
2015-09-03 18:58 - 2011-12-02 17:28 - 00001136 _____ C:\Users\DefaultAppPool\Desktop\Cyberlink Power2Go.lnk
2015-09-03 18:58 - 2010-12-18 22:31 - 00000189 _____ C:\Users\DefaultAppPool\Desktop\Lenovo Telephony Start Now.url
2015-09-03 18:35 - 2015-09-03 18:35 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-09-03 18:32 - 2015-09-03 18:32 - 00000000 ____D C:\Users\Sharon\AppData\Roaming\Sun
2015-09-03 18:32 - 2015-09-03 18:32 - 00000000 ____D C:\Users\Sharon\.oracle_jre_usage
2015-09-03 18:28 - 2015-08-19 23:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-09-03 18:27 - 2015-08-19 23:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-03 18:27 - 2015-08-19 23:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-09-03 18:27 - 2015-08-19 22:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-09-03 18:27 - 2015-08-19 22:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-09-03 18:27 - 2015-08-19 22:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-09-03 18:27 - 2015-08-19 22:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-03 18:27 - 2015-08-19 22:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-09-03 18:27 - 2015-08-18 00:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-09-03 18:27 - 2015-08-18 00:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-09-03 18:27 - 2015-08-18 00:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-09-03 18:27 - 2015-08-18 00:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-09-03 18:27 - 2015-08-18 00:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-09-03 18:27 - 2015-08-18 00:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-09-03 18:27 - 2015-08-18 00:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-09-03 18:27 - 2015-08-18 00:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-09-03 18:27 - 2015-08-18 00:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-09-03 18:27 - 2015-08-18 00:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-09-03 18:27 - 2015-08-18 00:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-09-03 18:27 - 2015-08-17 23:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-09-03 18:27 - 2015-08-17 23:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-09-03 18:27 - 2015-08-17 23:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-09-03 18:27 - 2015-08-17 23:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-09-03 18:27 - 2015-08-17 23:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-09-03 18:27 - 2015-08-17 23:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-09-03 18:27 - 2015-08-17 23:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-09-03 18:27 - 2015-08-17 23:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-09-03 18:27 - 2015-08-17 23:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-09-03 18:27 - 2015-08-17 23:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-09-03 18:27 - 2015-08-17 23:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-09-03 18:27 - 2015-08-17 23:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-09-03 18:27 - 2015-08-17 23:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-09-03 18:27 - 2015-08-17 23:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-09-03 18:27 - 2015-08-17 23:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-09-03 18:27 - 2015-08-17 23:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-09-03 18:27 - 2015-08-17 23:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-09-03 18:27 - 2015-08-17 23:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-09-03 18:27 - 2015-08-17 21:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-09-03 18:26 - 2015-08-17 23:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-09-03 18:26 - 2015-08-17 23:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-09-03 18:26 - 2015-08-17 23:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-09-03 18:26 - 2015-08-17 23:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-09-03 18:11 - 2015-08-11 02:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-09-03 18:11 - 2015-08-11 01:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-09-03 18:10 - 2015-08-12 21:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-09-03 18:10 - 2015-08-12 21:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-09-03 18:10 - 2015-08-12 20:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-09-03 18:10 - 2015-08-11 03:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-09-03 18:10 - 2015-08-11 03:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-09-03 18:10 - 2015-08-11 03:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-09-03 18:10 - 2015-08-11 03:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-09-03 18:10 - 2015-08-11 03:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-09-03 18:10 - 2015-08-11 03:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-09-03 18:10 - 2015-08-11 03:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-09-03 18:10 - 2015-08-11 02:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-09-03 18:10 - 2015-08-11 02:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-09-03 18:10 - 2015-08-11 02:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-09-03 18:10 - 2015-08-11 02:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-09-03 18:10 - 2015-08-11 02:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-09-03 18:10 - 2015-08-11 02:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-09-03 18:10 - 2015-08-11 02:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-09-03 18:10 - 2015-08-11 02:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-09-03 18:10 - 2015-08-11 02:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-09-03 18:10 - 2015-08-11 02:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-09-03 18:10 - 2015-08-11 02:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-09-03 18:10 - 2015-08-11 02:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-09-03 18:10 - 2015-08-11 02:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-09-03 18:10 - 2015-08-11 02:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-09-03 18:10 - 2015-08-11 02:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-09-03 18:10 - 2015-08-11 02:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-09-03 18:10 - 2015-08-11 02:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-09-03 18:10 - 2015-08-11 02:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-09-03 18:10 - 2015-08-11 02:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-09-03 18:10 - 2015-08-11 02:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-03 18:10 - 2015-08-11 02:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-09-03 18:10 - 2015-08-11 02:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-09-03 18:10 - 2015-08-11 02:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-09-03 18:10 - 2015-08-11 02:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-09-03 18:10 - 2015-08-11 02:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-09-03 18:10 - 2015-08-11 02:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-09-03 18:10 - 2015-08-11 02:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-09-03 18:10 - 2015-08-11 02:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-09-03 18:10 - 2015-08-11 02:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-09-03 18:10 - 2015-08-11 02:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-09-03 18:10 - 2015-08-11 02:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-09-03 18:10 - 2015-08-11 02:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-09-03 18:10 - 2015-08-11 02:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-09-03 18:10 - 2015-08-11 02:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-09-03 18:10 - 2015-08-11 02:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-09-03 18:10 - 2015-08-11 02:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-09-03 18:10 - 2015-08-11 02:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-09-03 18:10 - 2015-08-11 02:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-09-03 18:10 - 2015-08-11 02:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-09-03 18:10 - 2015-08-11 02:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-09-03 18:10 - 2015-08-11 02:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-09-03 18:10 - 2015-08-11 01:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-09-03 18:10 - 2015-08-11 01:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-09-03 18:10 - 2015-08-11 01:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-09-03 18:10 - 2015-08-11 01:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-09-03 18:10 - 2015-08-11 01:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-09-03 18:10 - 2015-08-11 01:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-09-03 18:10 - 2015-08-11 01:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-09-03 18:10 - 2015-08-11 01:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-09-03 18:10 - 2015-08-11 01:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-09-03 18:10 - 2015-08-11 01:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-09-03 18:10 - 2015-08-11 01:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-09-03 18:10 - 2015-08-11 01:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-09-03 18:10 - 2015-08-11 01:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-09-03 18:10 - 2015-08-11 01:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-09-03 18:10 - 2015-08-11 01:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-09-03 18:10 - 2015-08-11 01:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-09-03 18:10 - 2015-08-11 01:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-09-03 18:10 - 2015-08-11 01:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-09-03 18:10 - 2015-08-11 01:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-09-03 18:10 - 2015-08-11 01:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-09-03 18:10 - 2015-08-11 01:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-09-03 18:10 - 2015-08-11 01:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-09-03 17:39 - 2015-09-03 17:39 - 00000000 ____D C:\Users\Sharon\AppData\Local\MicrosoftEdge
2015-09-03 17:35 - 2015-09-03 17:47 - 00000000 ____D C:\Users\Sharon\AppData\Local\Comms
2015-09-03 12:52 - 2015-09-03 12:52 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-03 12:52 - 2015-09-03 12:52 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll


Report •

#31
September 17, 2015 at 21:26:32
==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-17 21:01 - 2015-08-16 16:21 - 01345410 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-17 20:59 - 2015-07-10 05:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-17 20:59 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-17 20:58 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-17 20:58 - 2011-12-02 17:19 - 00199445 _____ C:\WINDOWS\system32\fastboot.set
2015-09-17 20:58 - 2011-12-02 17:17 - 00000000 ____D C:\ProgramData\VeriFace
2015-09-17 20:57 - 2013-01-30 19:17 - 00000354 _____ C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2015-09-17 20:57 - 2011-12-02 17:28 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 20:57 - 2011-12-02 17:18 - 00586745 _____ C:\FaceProv.log
2015-09-17 20:56 - 2015-07-10 05:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-17 20:56 - 2015-07-10 02:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-17 20:50 - 2011-12-02 17:28 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 20:29 - 2014-03-08 11:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-17 18:32 - 2015-07-10 03:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-17 17:25 - 2012-10-08 09:14 - 00001118 _____ C:\Users\Sharon\Desktop\Cyberlink Power2Go.lnk
2015-09-17 15:45 - 2015-08-16 16:22 - 00000000 ____D C:\Users\Sharon
2015-09-17 13:05 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\rescache
2015-09-17 12:41 - 2015-08-16 16:47 - 00000000 ____D C:\Users\Sharon\AppData\Local\Packages
2015-09-17 09:53 - 2015-07-10 06:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-17 09:53 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-17 09:50 - 2013-08-14 22:39 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-17 09:45 - 2013-02-11 21:04 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-09-16 21:38 - 2015-07-18 08:53 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-09-16 21:38 - 2011-12-02 17:11 - 00000000 ____D C:\ProgramData\McAfee
2015-09-16 21:37 - 2013-02-11 21:15 - 00000000 ____D C:\Program Files\McAfee
2015-09-16 21:37 - 2013-02-11 21:15 - 00000000 ____D C:\Program Files\Common Files\McAfee
2015-09-16 21:36 - 2011-12-02 17:29 - 00000000 ____D C:\Program Files\Google
2015-09-16 21:36 - 2011-12-02 17:28 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-16 21:35 - 2015-07-18 08:29 - 00000570 _____ C:\WINDOWS\wininit.ini
2015-09-16 21:35 - 2015-07-10 04:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-09-16 21:35 - 2015-07-10 02:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-09-16 21:33 - 2009-07-13 20:20 - 00000000 ____D C:\Users\Default.migrated
2015-09-16 21:28 - 2015-08-16 17:15 - 00000000 ___DC C:\WINDOWS\Panther
2015-09-16 21:28 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-09-16 21:21 - 2012-10-08 09:21 - 00000000 ____D C:\Users\Sharon\AppData\Local\Google
2015-09-16 21:21 - 2011-12-02 17:28 - 00000000 ____D C:\ProgramData\Google
2015-09-16 21:10 - 2015-07-10 04:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-09-16 21:00 - 2011-12-02 17:29 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-16 21:00 - 2011-12-02 17:29 - 00002260 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-09-16 20:30 - 2012-12-29 16:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-16 20:26 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-16 20:18 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-16 20:10 - 2015-08-16 16:50 - 00002337 _____ C:\Users\Sharon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-09-16 20:10 - 2015-08-16 16:50 - 00000000 ___RD C:\Users\Sharon\OneDrive
2015-09-16 19:02 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-09-16 19:02 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-15 18:45 - 2011-12-02 17:28 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-15 18:45 - 2011-12-02 17:28 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-03 18:33 - 2014-10-29 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-09-03 18:33 - 2014-10-29 21:46 - 00000000 ____D C:\Program Files (x86)\Java
2015-09-03 18:33 - 2014-04-27 17:15 - 00000000 ____D C:\ProgramData\Oracle
2015-09-03 18:32 - 2014-10-29 21:46 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-09-03 17:28 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-09-03 17:27 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\appcompat

Some files in TEMP:
====================
C:\Users\Sharon\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe
[2015-09-17 02:06] - [2015-09-17 02:06] - 0578560 ____A (Microsoft Corporation) 84B1FE2E4615A89293F1FD4DE52EE26E

C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe
[2015-07-10 04:00] - [2015-07-10 04:00] - 0030720 ____A (Microsoft Corporation) 5F6D4F12EA33BFC0F0F8CEEAC332AB2B

C:\WINDOWS\SysWOW64\userinit.exe
[2015-07-10 04:00] - [2015-07-10 04:00] - 0026112 ____A (Microsoft Corporation) A89C18F5E6D8981D5E937B325290915A

C:\WINDOWS\system32\rpcss.dll
[2015-07-10 03:59] - [2015-07-10 03:59] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-15 18:58

==================== End of FRST.txt ============================


Report •

#32
September 17, 2015 at 21:28:33
Okay... weird stuff happening all over:

1. FRST finally ran as I said... however the files were not saving to the desktop. I saved the two files to the desktop... they are not appearing on the desktop. I can't see them. However, when I go to save again... I see they are actually there.

2. Since I could not find the files... I could not use zippy to send the last large one.

3. I never got to downloading combofix... so no problems there.


Report •

#33
September 17, 2015 at 21:35:18
Oh and Ultra Search is only giving me an error now.

Report •

#34
September 17, 2015 at 21:35:30
Think you missed a couple of posts.

#18 & #28 ( the Comodo part )

message edited by Johnw


Report •

#35
September 17, 2015 at 21:41:19
#18 AdWcleaner

# AdwCleaner v5.008 - Logfile created 17/09/2015 at 20:11:48
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Sharon - MCCARTNEY
# Running from : C:\Users\Sharon\Downloads\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\Users\Sharon\AppData\Local\YSearchUtil
[-] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
[-] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi
[-] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgdphfpmicmcjljihifcbkejmgbnmoc
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****

[-] File Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ffjcmnpnoopgilmnfhloocdcbnimmmea_0.localstorage

***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : askws
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.ask.com_
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask search
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : amogncdhclnhneejdfggljpdgigffhfi
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ffjcmnpnoopgilmnfhloocdcbnimmmea
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jhgdphfpmicmcjljihifcbkejmgbnmoc
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jkmljihjgjdghdhggolmhbjekicljfci
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : pljcgbedjplidkdjahbaalanadmjfgop

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3756 bytes] ##########


Report •

#36
September 17, 2015 at 21:58:27
#28 Rogue Killer

RogueKiller V10.10.5.0 [Sep 14 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/rogu...
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : Sharon [Administrator]
Started from : C:\Users\Sharon\Desktop\RogueKiller.exe
Mode : Delete -- Date : 09/17/2015 21:57:10

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] ec6ec3c8588f5ec933984abebd5a74bc
[BSP] cd176dea2f7100274c4a51e66fac05a1 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 431938 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 MB
3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 MB
User = LL1 ... OK
User = LL2 ... OK


Report •

#37
September 17, 2015 at 22:12:15
There are a huge number of unsigned drivers, have a look in device manager & see if there are any red or yellow exclamation marks or unknown drivers.

Report •

#38
September 17, 2015 at 22:15:11
No yellow or unknown indicators in Device Manager.

Report •

#39
September 17, 2015 at 22:16:01
Are these partitions deliberate?
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)

Report •

#40
September 17, 2015 at 22:20:08
I do not know. I know she says to me that her deceased son's photos are somehow accessible from the computer. She has basic level computer skills and since she hasn't been back since dropping off the computer, I do not know if those files are kept in those places. However, she describes them as being something she links to via emails somehow. I'm puzzled. This PC shows the following:

Local C
Lenovo D
DVD F
Microsoft office click to run 2010 (protected) (Q)

By the way... do you have teamviewer? If so, I can give you the id and pw to connect to her laptop.


Report •

#41
September 17, 2015 at 22:22:27
No Teamviewer, I can fall back on that as a last resort.

Copy & Paste the text below ( starting closeprocesses: ), save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

closeprocesses:
emptytemp:
Task: {02E14F2A-393C-4582-8A54-A002EC4F02E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {220B84AD-FDF8-4863-A1AD-91416CA92F32} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3DFD8604-485E-4E7E-BFED-E2D9B765C4AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5850C4B4-03BC-49B5-8E84-34ADC5E3CD05} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5FBAF6B3-D59B-4D6B-A39A-188194815011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {74ADE221-8B56-494E-A81C-231DB615EDDA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9100320D-DD57-4637-BAEA-84ED41608261} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93DD8434-2B74-4029-8499-C00DD2E40803} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A56BDCE9-0BCE-461B-98FF-6D7124DC7B18} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D9601277-1AFD-4166-B649-01DACAF3AAB1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F4138B4D-5295-46E6-A6D2-35419C239D11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> DefaultScope {856FAA66-A004-4D4D-9904-E017D1508F0F} URL =
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\gcswf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/cr
U3 idsvc; no ImagePath
U3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.


Report •

#42
September 17, 2015 at 22:27:49
Notepad is crashing. I just restarted the computer a little bit ago. It will not allow me to save a new document.

Report •

#43
September 17, 2015 at 22:33:20
Did you uninstall Comodo as per my post & then reboot?

Report •

#44
September 17, 2015 at 22:35:20
Oh wow... I turned it off and forgot about uninstalling it after running RK. I'll do now. Sorry about that.

Report •

#45
September 17, 2015 at 22:49:16
After the reboot (removing comodo) the computer restarted, but icons are not appearing - such as network (but internet is connected when I go to a browser) and notifications, etc. Farbar is stuck checking for update. I'm going to have to try another reboot.

Report •

#46
September 17, 2015 at 22:52:25
If things still will not work, we shall do some repairs in Safe mode.

Report •

#47
September 17, 2015 at 22:56:34
So far it says "Restarting" and the circle is going... waiting awhile already...

Report •

#48
September 17, 2015 at 23:00:40
Removing an AV is a big job, give it 10 mins, if still not finished, hold the power button down, until it shuts off. Wait 2 mins & turn on again.

Report •

#49
September 17, 2015 at 23:30:15
Farbar Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Sharon (2015-09-17 23:16:59) Run:1
Running from C:\Users\Sharon\Desktop
Loaded Profiles: Sharon (Available Profiles: Sharon & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
emptytemp:
Task: {02E14F2A-393C-4582-8A54-A002EC4F02E3} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {220B84AD-FDF8-4863-A1AD-91416CA92F32} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3DFD8604-485E-4E7E-BFED-E2D9B765C4AB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {5850C4B4-03BC-49B5-8E84-34ADC5E3CD05} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {5FBAF6B3-D59B-4D6B-A39A-188194815011} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {74ADE221-8B56-494E-A81C-231DB615EDDA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9100320D-DD57-4637-BAEA-84ED41608261} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {93DD8434-2B74-4029-8499-C00DD2E40803} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {A56BDCE9-0BCE-461B-98FF-6D7124DC7B18} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D9601277-1AFD-4166-B649-01DACAF3AAB1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F4138B4D-5295-46E6-A6D2-35419C239D11} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> DefaultScope {856FAA66-A004-4D4D-9904-E017D1508F0F} URL =
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKU\S-1-5-21-847172801-566133333-2783540900-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN
CHR StartupUrls: Default -> "hxxp://google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\gcswf32.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => No File
CHR Plugin: (Chrome NaCl) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => No File
CHR Plugin: (McAfee SecurityCenter) - c:\progra~2\mcafee\msc\npmcsn~1.dll => No File
CHR HKLM-x32\...\Chrome\Extension: [gihfmmedoddijgnhkgfgnkeohkpbipol] - hxxps://clients2.google.com/service/update2/cr
U3 idsvc; no ImagePath
U3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{02E14F2A-393C-4582-8A54-A002EC4F02E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{02E14F2A-393C-4582-8A54-A002EC4F02E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{220B84AD-FDF8-4863-A1AD-91416CA92F32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{220B84AD-FDF8-4863-A1AD-91416CA92F32}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DFD8604-485E-4E7E-BFED-E2D9B765C4AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DFD8604-485E-4E7E-BFED-E2D9B765C4AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5850C4B4-03BC-49B5-8E84-34ADC5E3CD05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5850C4B4-03BC-49B5-8E84-34ADC5E3CD05}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5FBAF6B3-D59B-4D6B-A39A-188194815011}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5FBAF6B3-D59B-4D6B-A39A-188194815011}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{74ADE221-8B56-494E-A81C-231DB615EDDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{74ADE221-8B56-494E-A81C-231DB615EDDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9100320D-DD57-4637-BAEA-84ED41608261}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9100320D-DD57-4637-BAEA-84ED41608261}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93DD8434-2B74-4029-8499-C00DD2E40803}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93DD8434-2B74-4029-8499-C00DD2E40803}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A56BDCE9-0BCE-461B-98FF-6D7124DC7B18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A56BDCE9-0BCE-461B-98FF-6D7124DC7B18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9601277-1AFD-4166-B649-01DACAF3AAB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9601277-1AFD-4166-B649-01DACAF3AAB1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F4138B4D-5295-46E6-A6D2-35419C239D11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F4138B4D-5295-46E6-A6D2-35419C239D11}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKU\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
HKU\S-1-5-21-847172801-566133333-2783540900-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-847172801-566133333-2783540900-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKU\S-1-5-21-847172801-566133333-2783540900-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
HKU\S-1-5-21-847172801-566133333-2783540900-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
Chrome HomePage removed successfully
Chrome StartupUrls removed successfully
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\gcswf32.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\pdf.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll => not found.
c:\progra~2\mcafee\msc\npmcsn~1.dll => not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\gihfmmedoddijgnhkgfgnkeohkpbipol" => key removed successfully
idsvc => service removed successfully
wfpcapture => service removed successfully
wpcsvc => service removed successfully
EmptyTemp: => 172.6 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 23:17:40 ====


Report •

#50
September 17, 2015 at 23:38:33
Beautiful, lets do this next.

How to Show Hidden Files, Folders, and Drives in Windows 10
http://www.tenforums.com/tutorials/...

Run ESET, AdwCleaner, Junkware & Malwarebytes again, post the logs & let me know if you have any of the issues you had before.


Report •

#51
September 17, 2015 at 23:45:27
Computer froze... powered off... restarting... I'll do the next list, but I think ESET took a couple hours last time (3 hours 20 mins the first time). So, I'll be posting tomorrow at some point... unless I can't sleep which is entirely possible at this point :) At any point, as usual I'll post things that I complete as they happen.

Report •

#52
September 17, 2015 at 23:47:55
"So, I'll be posting tomorrow at some point"
Expected that, catch you again when we are both available.

Report •

#53
September 18, 2015 at 15:40:14
ESET ran with no problems found no log for that. MBAM ran without incident and the log is below:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/18/2015
Scan Time: 1:59 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.18.03
Rootkit Database: v2015.08.16.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Sharon

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 397136
Time Elapsed: 22 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


Report •

#54
September 18, 2015 at 15:48:26
# AdwCleaner v5.008 - Logfile created 18/09/2015 at 15:45:24
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Sharon - MCCARTNEY
# Running from : C:\Users\Sharon\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
[-] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi
[-] Folder Deleted : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgdphfpmicmcjljihifcbkejmgbnmoc
[-] Folder Deleted : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : amogncdhclnhneejdfggljpdgigffhfi
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ffjcmnpnoopgilmnfhloocdcbnimmmea
[-] [C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jhgdphfpmicmcjljihifcbkejmgbnmoc

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2578 bytes] ##########


Report •

#55
September 18, 2015 at 15:49:20
# AdwCleaner v5.008 - Logfile created 18/09/2015 at 15:44:17
# Updated 18/09/2015 by Xplode
# Database : 2015-09-17.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Sharon - MCCARTNEY
# Running from : C:\Users\Sharon\Desktop\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffjcmnpnoopgilmnfhloocdcbnimmmea
Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amogncdhclnhneejdfggljpdgigffhfi
Folder Found : C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhgdphfpmicmcjljihifcbkejmgbnmoc
Folder Found : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil

***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\7AB5857A57A0687786597A857BFFFFFF

***** [ Web browsers ] *****

[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : amogncdhclnhneejdfggljpdgigffhfi
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : ffjcmnpnoopgilmnfhloocdcbnimmmea
[C:\Users\Sharon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : jhgdphfpmicmcjljihifcbkejmgbnmoc

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2400 bytes] ##########


Report •

#56
September 18, 2015 at 15:53:48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 10 Home x64
Ran by Sharon on Fri 09/18/2015 at 15:51:31.76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~~~ Services

~~~ Tasks

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

~~~ Chrome


[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Sharon\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 09/18/2015 at 15:53:44.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Report •

#57
September 18, 2015 at 15:54:34
Thanks, wanted to really make sure we have a malware free comp.

Now moving towards repairing.

Run both of these, in this order.
Run Wise Disk Cleaner ( Run the 1st three tabs, left to right. I use default settings, leave boxes that are unchecked, unchecked ) Reboot when finished.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Wise-D...
http://www.freewarefiles.com/screen...
http://www.wisecleaner.com/download...
http://i.imgur.com/Jecnfvb.gif
http://i.imgur.com/0xHwdom.gif
http://i.imgur.com/JZLYOLf.gif
http://i.imgur.com/4kfaeGW.gif

Run Wise Registry Cleaner ( Only use Registry Cleaner & with default settings. Don't use System Tuneup, that is for Experts, you really have to know what you are doing ) Reboot when finished.
http://www.softpedia.com/get/Tweak/...
http://www.wisecleaner.com/wiseregi...
http://i.imgur.com/Qy7HWcA.gif

message edited by Johnw


Report •

#58
September 18, 2015 at 16:20:19
Ran Wisedisk and rebooted. The computer rebooted, but was missing taskbar notification icons such as network, etc. When I tried to install Wiseregister the computer froze. I used the power button to shutdown and restart. The computer came up okay the second time. I installed and ran Wiseregistry. I rebooted again.

Report •

#59
September 18, 2015 at 16:23:45
Ok, lets start the repairs. They will take at least an hour, so I will be again in about an 1 & 1/4 hours.

Run Tweaking.com - Windows Repair

Disable your antivirus program before running Windows Repair.
How to Temporarily Disable your Anti-virus ( which should now be Windows Defender )
Windows Defender - Turn On or Off in Windows 10
http://www.tenforums.com/tutorials/...

Start at Step 1 ( very important ) do all the steps & when you get to the final step ( Repairs ) check/tick all the boxes. Reboot when finished.
Right click on the exe & click on > Run as administrator.
http://i1-win.softpedia-static.com/...
http://www.softpedia.com/get/Tweak/...
http://www.tweaking.com/
http://www.tweaking.com/content/pag...
http://i.imgur.com/NWSHEUy.gif
http://i.imgur.com/LTVThqF.gif
http://i.imgur.com/tdlbsVH.gif


Report •

#60
September 18, 2015 at 16:26:13
PS: You can skip Step 2 ( Malwarebytes scan )

Report •

#61
September 18, 2015 at 16:32:00
gpedit.msc Is not in the folder where it should be...

Report •

#62
September 18, 2015 at 17:10:46
I did use the registry tool to shutdown Windows Defender. Everything is working well with tweaking. I had it do it in safe mode. On step 4 now for scannow. Step 3 did not show any disk errors, so I didn't have to reboot for that. I'll let you know when all steps completed.

message edited by Bangkokindy


Report •

#63
September 18, 2015 at 17:32:13
After step 4 it showed errors that scannow could not fix. I didn't see any other thing to do except go on to the final steps. Now in repair mode... 45 things to fix.

Report •

#64
September 18, 2015 at 18:11:36
Okay, it finished. Restart was a little slow, but it is up and running.

Report •

#65
September 18, 2015 at 18:12:43
"I had it do it in safe mode"
That is what was recommended.
http://i.imgur.com/NWSHEUy.gif

"I didn't see any other thing to do except go on to the final steps"
I agree, if the the comp behaves itself after the repairs, that should not be necessary to run again.

Run DelFix. Copy & Paste the contents of the log please.
https://toolslib.net/downloads/view...
DelFix is designed to delete all removal tools used during a disinfection.
Indeed, these tools are often updated. It's recommended not to have and use outdated versions on computer.
Run the tool by right click on the DelFix icon and Run as administrator option.
Make sure that these are checked:
Activate UAC (optional; some users prefer to keep it off)
Remove disinfection tools
Create registry backup
Purge system restore
Reset system settings
Click Run and wait until the tool completes it's work.
Tool will create an report for you (C:\DelFix.txt)


Report •

#66
September 18, 2015 at 18:17:12
# DelFix v1.011 - Logfile created 18/09/2015 at 18:16:25
# Updated 18/08/2015 by Xplode
# Username : Sharon - MCCARTNEY
# Operating System : Windows 10 Home (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Sharon\Desktop\AdwCleaner.exe
Deleted : C:\Users\Sharon\Desktop\Fixlog.txt
Deleted : C:\Users\Sharon\Desktop\FRST.exe
Deleted : C:\Users\Sharon\Desktop\FRST64.exe
Deleted : C:\Users\Sharon\Desktop\JRT.exe
Deleted : C:\Users\Sharon\Desktop\JRT.txt
Deleted : C:\Users\Sharon\Desktop\RogueKiller.exe
Deleted : C:\Users\Sharon\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1 [Windows Modules Installer | 09/04/2015 00:28:04]
Deleted : RP #2 [Scheduled Checkpoint | 09/16/2015 02:25:38]
Deleted : RP #3 [Created by Wise Disk Cleaner | 09/17/2015 04:28:51]
Deleted : RP #4 [Installing COMODO Internet Security Premium | 09/17/2015 04:49:33]
Deleted : RP #5 [Removed COMODO Internet Security Premium | 09/17/2015 16:36:42]
Deleted : RP #6 [Installing COMODO Internet Security Premium | 09/17/2015 23:05:50]
Deleted : RP #7 [Removed COMODO Internet Security Premium | 09/18/2015 05:36:32]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########


Report •

#67
September 18, 2015 at 18:20:15
Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://screen317.spywareinfoforum.o...
http://screen317.changelog.fr/Secur...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

Report •

#68
September 18, 2015 at 18:26:55
Results of screen317's Security Check version 1.008
x64 (UAC is enabled)
Internet Explorer 11
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
Windows Firewall Enabled!
Windows Defender
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Wise Disk Cleaner 8.82
Wise Registry Cleaner 8.71
Java 8 Update 60
Google Chrome (45.0.2454.85)
Google Chrome (45.0.2454.93)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
Windows Defender MSMpEng.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: %
[b][u]````````````````````End of Log``````````````````````[/b][/u]

Report •

#69
September 18, 2015 at 18:30:30
✔ Best Answer
Nice & clean.

"Windows Defender"
Turn it on again, reboot, then open it up & see if you can update it.


Report •

#70
September 18, 2015 at 18:40:51
I followed the steps to turn WDefender back on and rebooted. I used the search bar to find WDefender and clicked on it... the program has not come up.

Report •

#71
September 18, 2015 at 18:50:09
It is here > C:\Program Files\Windows Defender

Double click on MSASCui


Report •

#72
September 18, 2015 at 19:00:42
I double clicked... I see a momentary circle above the mouse pointer... then nothing opens.

Report •

#73
September 18, 2015 at 19:10:17
I'll be away from the computer for 30-45 minutes and then I'll be back.

Report •

#74
September 18, 2015 at 19:14:49
My internet provider is having trouble, connection keeps dropping out.
Check these out.

repair Windows Defender windows 10
https://www.google.com.au/search?hl...

http://www.thewindowsclub.com/windo...
http://www.thewindowsclub.com/unabl...
http://answers.microsoft.com/en-us/...

message edited by Johnw


Report •

#75
September 18, 2015 at 20:20:06
I tried the microsoft page and it advised to do a registry edit. I deleted the key listed and restarted. After restart WD came up and then during the update crashed. It would not open again. I restarted. WD will not open.

Report •

#76
September 18, 2015 at 20:28:57
I'm still struggling here, with my internet connection.

Run Tweaking.com again.

Just the SFC & the Repair part, check all the boxes.

message edited by Johnw


Report •

#77
September 18, 2015 at 20:31:41
regsvr32 wuaueng.dll the module was load but the entry point DllRegistryServer was not found make sure is valid dll file or ocx file
regsvr32 wucltui.dll failed to load
regsvr32 softpub.dll
regsvr32 wintrust.dll
regsvr32 initpki.dll
regsvr32 wups.dll
regsvr32 wuweb.dll failed to load
regsvr32 atl.dll
regsvr32 mssip32.dll


Report •

#78
September 18, 2015 at 20:43:29
"regsvr32 wuaueng.dll the module was load but the entry point DllRegistryServer was not found make sure is valid dll file or ocx file"
What were you doing to get all of those messages?

Report •

#79
September 18, 2015 at 20:58:54
typing the command (each line separately) into an elevated cmd window. I was following one of the links you gave me before to look for a way to repair WD. Tweak is running again. I did SFC (same msg as before that it found corrupted files, but couldn't repair them). Tweaking is in repair stage now.

Report •

#80
September 18, 2015 at 21:16:12
"(same msg as before that it found corrupted files, but couldn't repair them)"

If needed.
Run the DISM Command to Fix SFC Problems
http://www.howtogeek.com/222532/how...


Report •

#81
September 18, 2015 at 21:23:59
Doesn't DISM run as part of tweak? I see it on the screen now.

Report •

#82
September 18, 2015 at 21:41:48
Tweaking set services error log

ERROR: Writing Security Info to <AppIDSvc> failed with: Access is denied.
ERROR: Writing Security Info to <AppXSvc> failed with: Access is denied.
ERROR: Writing Security Info to <ClipSVC> failed with: Access is denied.
ERROR: Writing Security Info to <DPS> failed with: Access is denied.
ERROR: Writing Security Info to <EntAppSvc> failed with: Access is denied.
ERROR: Writing Security Info to <msiserver> failed with: Access is denied.
ERROR: Writing Security Info to <sppsvc> failed with: Access is denied.
ERROR: Writing Security Info to <StateRepository> failed with: Access is denied.
ERROR: Writing Security Info to <tiledatamodelsvc> failed with: Access is denied.
ERROR: Writing Security Info to <WdNisSvc> failed with: Access is denied.
ERROR: Writing Security Info to <WinDefend> failed with: Access is denied.
ERROR: Writing Security Info to <WpnService> failed with: Access is denied.
ERROR: Writing Security Info to <WSService> failed with: Access is denied.
ERROR: Writing Security Info to <AppIDSvc> failed with: Access is denied.
ERROR: Writing Security Info to <AppXSvc> failed with: Access is denied.
ERROR: Writing Security Info to <ClipSVC> failed with: Access is denied.
ERROR: Writing Security Info to <EntAppSvc> failed with: Access is denied.
ERROR: Writing Security Info to <msiserver> failed with: Access is denied.
ERROR: Writing Security Info to <sppsvc> failed with: Access is denied.
ERROR: Writing Security Info to <StateRepository> failed with: Access is denied.
ERROR: Writing Security Info to <tiledatamodelsvc> failed with: Access is denied.
ERROR: Writing Security Info to <WdNisSvc> failed with: Access is denied.
ERROR: Writing Security Info to <WinDefend> failed with: Access is denied.
ERROR: Writing Security Info to <WpnService> failed with: Access is denied.
ERROR: Writing Security Info to <WSService> failed with: Access is denied.


Report •

#83
Report •

#84
September 18, 2015 at 21:47:26
Tried WD after Tweaking.... same result. It won't open.

Report •

#85
September 18, 2015 at 21:50:41
I tried right clicking WD and running as Admin. It opened. I did an update it worked. This was like with Comodo. I'd try to open normally and it would not work and then with right click it did... at least once. It should open without running as admin... right?


I tried opening WD on my other computer and (it is turned off due to Comodo) but at least a window comes up telling me that.

message edited by Bangkokindy


Report •

#86
September 18, 2015 at 22:41:52
I'm beginning to think that I should confirm how she finds all of her deceased son's files and if on disk try to find them... if not... save her files and browser settings and just wipe the computer and reload win10... That way I could set her up... image the computer. When she goes on a virus rampage I could just bring her back to the starting gate lol

message edited by Bangkokindy


Report •

#87
September 18, 2015 at 23:37:37
I'm trying to mmount a copy of windows 64 iso, but it requires powershell... when I try to do powershell (via windows+r, type powershell, enter) the computer says there is a windows problem with powershell and shuts it down.

Report •

#88
September 19, 2015 at 01:11:10
Well, I presume your internet connection got the best of you. I'll try again tomorrow.

Report •

#89
September 19, 2015 at 04:22:21
"Well, I presume your internet connection got the best of you"
Unfortunately, yes. Hopefully they fixed the problem & it isn't intermittent. I tried 2 different comps & Routers.

If you do format, make sure you delete all the partitions.

You may like to try these.

Run the ESET Services Repair tool.
Download the ESET Services Repair tool and extract it to your Desktop, run servicesrepair.exe and allow it to make repairs. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://kb.eset.com/library/ESET/KB%...
Please post the content of the log it creates which can be found in the folder the tool will have created on your Desktop.

If that fails.

Malwarebytes Anti-Rootkit ( MBAR )
http://www.softpedia.com/get/Antivi...
http://www.freewarefiles.com/Malwar...
http://www.freewarefiles.com/screen...
http://www.malwarebytes.org/product...
How to use Malwarebytes Anti-Rootkit to remove rootkits from a Computer
http://www.bleepingcomputer.com/vir...
Double-click the icon to start the tool.
It will ask you where to extract it, then it will start.
Note: Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
Click in the introduction screen "next" to continue.
Click in the following screen "Update" to obtain the latest malware definitions.
Once the update is complete select "Next" and click "Scan".
When the scan is finished and no malware has been found select "Exit".
If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
Open the MBAR folder, Copy and Paste the content of the following files in your next reply:
"mbar-log-{date} (xx-xx-xx).txt"
"system-log.txt"
Malwarebytes Anti-Rootkit also includes a program called: Fixdamage.exe
It will attempt to repair damages to Windows services.


Report •

#90
September 19, 2015 at 23:22:35
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 10.0.9200 Windows 10 x64

Account is Administrative

Internet Explorer version: 11.0.10240.16431

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 2.195000 GHz
Memory total: 4204933120, free: 2076360704

Downloaded database version: v2015.09.19.06
Downloaded database version: v2015.09.18.01
Downloaded database version: v2015.09.16.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
09/19/2015 19:11:27
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\gfibto.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStor.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\DRIVERS\LhdX64.sys
\SystemRoot\system32\drivers\fbfmon.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS


Report •

#91
September 19, 2015 at 23:23:34
Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
main: v2015.09.19.06
rootkit: v2015.09.18.01

Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16431
Sharon :: MCCARTNEY [administrator]

9/19/2015 7:11:38 PM
mbar-log-2015-09-19 (19-11-38).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 398149
Time elapsed: 28 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)


Report •

#92
September 19, 2015 at 23:25:34
After running both Eset Services and MBAR, I still cannot load WD and the cursor keeps being interrupted as if the computer is attempting to open the file. The only way to make it stop is to restart.

Report •

#93
September 19, 2015 at 23:34:35
I'm feeling tired tonight.. I think I'm coming down with a cold-sore throat. Heading to bed. Not sure what I'll do about this. She may want the computer back tomorrow. Since it at least works, I might give it back to her as is. Let me know your thoughts. Catch up with you again tomorrow.

Report •

#94
September 20, 2015 at 03:25:23
"I think I'm coming down with a cold-sore throat"
I had the dry cough a month ago, that is going around our patch, woke me up in bed every hour. It then put my back out & pinched a nerve. Have had 4 visits to our local fix it man & I am nearly right, next visit on Tuesday should see me finished. Had my best nights sleep in a month last night.

With Mum's photo's of the son, put his name or .jpg or .jpeg or .png etc into UltraSearch.

You can try giving the comp back to her, but it sounds like it is still a big mess.

We really need to put the hard drive back to like brand new.

To do that, we need the EXACT previous operating system on DVD or Thumb drive. The product number is also required.
Then we will download W10 & put it on either DVD or Thumb drive.
Naturally if you already have both of those, no need to download.
If you dont have either, we shall deal with that issue.
If W10 is the original operating system, that makes things easier.
The product number will be on the case or under the battery or on the manual or on the DVD if you received one.


Report •

#95
September 20, 2015 at 16:04:45
Well, I'm glad you are on the mend. I feel so so today. Very fatigued.

The frustrating thing about the computer is that she contacted Cox cable to get their help first. That person recommended she load Win10. I never would have loaded it on here in such a bad state. The original is Windows Home Premium OA. She has no disks. This is a Lenovo IDeaPad z570.

I tried UltraSearch again and just like before, the program won't run. It says there is some error just like before. I am sure I can get it to work one time like before and reload the program to search for her son's photos - although I believe they are all online somewhere from what she said.

I have some other things to do today. So I probably won't be able to do much until Monday.


Report •

#96
September 20, 2015 at 16:14:40
http://www.howtogeek.com/224342/how... walks through a clean install of Win10. This is what I've been reading about that process. It looks like you can do the upgrade from win7 to win10 and then do a clean install of win10. So that should mean no need to revert back to Win7...right?

message edited by Bangkokindy


Report •

#97
September 20, 2015 at 16:26:28
"I never would have loaded it on here in such a bad state"
That is the my golden rule as well. I have been wondering if it was infected before W10.

"The original is Windows Home Premium OA"
lenovo ideapad z570 specs
https://www.google.com.au/webhp?hl=...
Looks like it was Windows 7
http://www.cnet.com/products/lenovo...

"I tried UltraSearch again and just like before"
Try the built in Windows 10 search.

"So I probably won't be able to do much until Monday"
Ok.


Report •

#98
September 20, 2015 at 16:28:47
Reinstalled UltraSearch... no files including her son's name on the computer (c or d drives). I think the other partitions must be a ghost drive system that lenovo uses.

Report •

#99
September 20, 2015 at 16:54:50
"I think the other partitions must be a ghost drive system that lenovo uses"
Lets have a look.

Please download and run ListParts64 by Farbar (for 64-bit system):
http://download.bleepingcomputer.co...
Click on the Scan button.
The scan results will open in Notepad.
Copy and Paste the contents into your reply.
If Listparts won't run. May get the message > The disk management services could not complete the operation
1: Restart the computer. Any messages after the reboot?
2: Delete your copy of ListParts and download the latest ListParts and this time put in on the root of C drive (start => My Computer => C drive). Run ListParts, Copy & Paste the contents the log in your next reply.


Report •

#100
September 20, 2015 at 18:41:56
Well, she came by and I told her that she had the choice to take it as is with WinDefender/WinFirewall both working (they are working in the back ground... I verified via tasks- both are started when the computer starts) or I keep it and reload a clean windows. She elected to take it with her. I removed all the programs we put on to clean it. I told her that if it starts to act up again (slow or programs not working) she could bring it back and we could reload windows. So we can close this one.

Now though MY LAPTOP arrghhh is showing Win32/NetFilter.A. I've been very careful on this new laptop with what I put on it, but somehow it is infected. ESET is running now and has found 10 instances so far. I'll mark a best answer on this and then open a new case for my laptop. Frustrating. I'll still need to do that tomorrow. Right now I need to do some stuff like I mentioned before.


Report •

#101
September 20, 2015 at 18:54:13
"So we can close this one"
Ok, PM me if it comes back.

"I'll still need to do that tomorrow"
"Win32/NetFilter.A"
Ok, PM me when you are ready to start a new thread.


Report •


Ask Question