Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infections Trojans Help needed - Logs provided


  • This topic is locked This topic is locked
36 replies to this topic

#1 durgama

durgama

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 12 September 2015 - 12:32 AM

I have had some unusual mouse activity, and system shutting down. 

When I performed a few scans a few different trojans came up. 

I think I cleaned some of them, but not sure if it worked. 

I have attached the log files below. 

Any assistance will be greatly appreciated!  

 

 

 

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2015-09-12 00:46:35
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000039  rev. 238.47GB
Running: wirjegkt.exe; Driver: C:\Users\Suzanne\AppData\Local\Temp\pwloikoc.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Windows\system32\csrss.exe [592:616]                                                                                                                                                                                   fffff960008f22d0
---- Processes - GMER 2.1 ----
 
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5260]       00000000035e0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5260]       0000000067ea0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [5260]  0000000072570000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                        0000000002bd0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                   0000000067800000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                     00000000676e0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                        0000000067ea0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                   0000000072570000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                    0000000067c10000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1033\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                               00000000725c0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                      0000000067b70000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                   0000000072520000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                     0000000071920000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [5628]                                                     0000000071910000
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                     unknown MBR code
 
---- EOF - GMER 2.1 ----
 
 
 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-09-2015 01
Ran by Suzanne (2015-09-12 00:36:16)
Running from C:\Users\Suzanne\Downloads
Windows 8.1 (X64) (2015-05-19 02:00:39)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2562107190-387453576-934030773-500 - Administrator - Disabled)
Guest (S-1-5-21-2562107190-387453576-934030773-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2562107190-387453576-934030773-1003 - Limited - Enabled)
Suzanne (S-1-5-21-2562107190-387453576-934030773-1001 - Administrator - Enabled) => C:\Users\Suzanne
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Webroot SecureAnywhere (Disabled - Up to date) {66A6FE14-08CB-F415-3742-517201416109}
AV: UnThreat AntiVirus (Enabled - Up to date) {F8368DCB-A421-E485-9F63-76DC70EAD126}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: UnThreat AntiSpyware (Enabled - Up to date) {43576C2F-821B-EB0B-A5D3-4DAE0B6D9B9B}
AS: Webroot SecureAnywhere (Disabled - Up to date) {DDC71FF0-2EF1-FB9B-0DF2-6A007AC62BB4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: UnThreat Firewall (Enabled) {C00D0CEE-EE4E-E5DD-B43C-DFE98E39965D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.05 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite HL-2280DW (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
CyberLink PowerDirector 13 (HKLM-x32\...\{BA385AFC-00B1-417C-8C20-74B996EF3AF0}) (Version: 13.0.2307.0 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.5.4807 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.2.95 - Nuance Communications, Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.2.95 - Nuance Communications, Inc.)
Dropbox (HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\Dropbox) (Version: 3.8.8 - Dropbox, Inc.)
emWave Pro (HKLM-x32\...\emWave Pro3.3.0.7385) (Version: 3.3.0.7385 - Heartmath Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Epic Privacy Browser (HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\Epic) (Version: 40.0.2214.91 - Epic)
f.lux (HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\Flux) (Version:  - )
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.3.76.410 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.1.5.425 - Foxit Software Inc.)
FW LiveUpdate (HKLM-x32\...\{159BC833-0C48-482C-94C4-2DAC8886B142}) (Version: 3.1.1.2 - TSST Korea)
GlassWire 1.1 (remove only) (HKLM-x32\...\GlassWire 1.1) (Version: 1.1.15 - SecureMix LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
HitmanPro.Alert (HKLM\...\HitmanPro.Alert) (Version: 3.0.48.196 - SurfRight B.V.)
HP Documentation (HKLM-x32\...\{D5B6575D-7A3C-4DEC-9CB7-F2156C9E09B7}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{3EDAF5B5-0CA9-4967-B103-FBFF1162C336}) (Version: 1.2.10 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Intel WiDi Media Share (HKLM-x32\...\{275CD120-A23B-47C7-944A-9B6D9CDA583F}) (Version: 1.2.0.0 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.22 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.31.1000 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{021da516-b5d9-40cd-9ade-6427d40fe1e4}) (Version: 17.13.4011.2118 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4139 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.5.0.1056 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.226.0 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.17 - Intel Corporation)
Intel® WiDi (HKLM\...\{2F97FBC6-7992-4DF7-A7C7-B68455E307F7}) (Version: 5.1.20.0 - Intel Corporation)
Intel® Wireless Bluetooth® (HKLM-x32\...\{915DDCDE-7767-4B4A-9256-8729B265BDAC}) (Version: 17.1.1440.02 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\OneDriveSetup.exe) (Version: 17.3.5951.0827 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{2DFD8316-9EF1-3210-908C-4CB61961C1AC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NewBlue Video Essentials for Windows (HKLM-x32\...\NewBlue Video Essentials for Windows) (Version: 3.0 - NewBlue)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
Pantum P2500W Series (HKLM\...\Pantum P2500W Series) (Version: 5.1.1.23 - Zhuhai Seine Technology Co., Ltd.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.21263 - Realtek Semiconductor Corp.)
Realtek I2S Audio (HKLM-x32\...\{89A448AA-3301-46AA-AFC3-34F2D7C670E8}) (Version: 6.3.9600.116 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.7.0 - Reason Software Company Inc.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.30.16 - Synaptics Incorporated)
UnThreat Free AntiVirus 2014 (HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\UnThreat AntiVirus) (Version: 6.2.37.323 - Scandium Security Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.3.37 - Webroot)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)
WinRAR 5.30 beta 1 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.30.1 - win.rar GmbH)
WinRAR 5.30 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.1 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Suzanne\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2562107190-387453576-934030773-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
24-08-2015 21:09:13 Windows Update
31-08-2015 15:04:43 Windows Update
11-09-2015 01:33:54 Scheduled Checkpoint
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-07-30 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03DC811D-1FB4-42ED-A664-F44530F8F212} - \Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500 -> No File <==== ATTENTION
Task: {181F7334-268D-4801-A4C1-1F4F4F92FE91} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {260BD344-BE18-44DB-983B-DDAAB350D5AA} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {34C0DFEA-9248-4B7F-BF92-7722470C8C6F} - System32\Tasks\ReasonSecurityScheduledScan => C:\Program Files\Reason\Security\rsUI.exe [2015-05-18] (Reason Software Company Inc.)
Task: {41730777-BA4C-4259-BED0-CDD91547ADA0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {41F9C2A1-1CDA-44A7-B620-8A86A49A4871} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {441521C8-D75C-4C53-8DBE-6EB8D75226D4} - System32\Tasks\ReasonSecurityStart => C:\Program Files\Reason\Security\rsUI.exe [2015-05-18] (Reason Software Company Inc.)
Task: {51D99EEA-B8B2-4D70-A056-719B405267B8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-07-14] (Microsoft Corporation)
Task: {55CB74A3-1B5D-44E3-B9D6-0B42BEBC0302} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
Task: {5D01EE8A-0D46-4012-8A4D-5E87C66ACCF9} - System32\Tasks\Opera scheduled Autoupdate 1433291751 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-17] (Opera Software)
Task: {60289EF3-FD99-401E-8886-D7FCF07295F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-22] (Hewlett-Packard Company)
Task: {B377D52E-0274-4901-A51C-388BC88A477A} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B69A3A31-EA51-4E1B-A998-FEC363CAD5D2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {DEB21301-2576-4936-B673-1DDF1D7CA114} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {E58F8B7F-1B03-4948-B2DF-CE7B8B825B5D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-11] (Google Inc.)
Task: {E804E1E7-407F-4F94-9ECF-11EE0B8AB131} - System32\Tasks\YCMServiceAgent => c:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-12-07] (CyberLink Corp.)
Task: {E8B8C37A-D030-49F1-A18B-01F8CFDE2048} - \Driver Booster SkipUAC (Suzanne) -> No File <==== ATTENTION
Task: {F4BE4865-6C81-4084-8C1D-ABD903E2AB66} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2562107190-387453576-934030773-1001 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {F64FA339-91EE-4ADC-80FC-8B338663476A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2015-08-27] (Hewlett-Packard)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-25 03:35 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-05-22 10:33 - 2005-04-22 00:36 - 00143360 _____ () C:\Windows\system32\BrSNMP64.dll
2015-05-21 18:35 - 2015-05-21 18:35 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-09-12 00:21 - 2015-09-12 00:21 - 22727240 _____ () C:\Users\Suzanne\Downloads\RogueKillerX64.exe
2015-09-12 00:24 - 2015-09-12 00:24 - 00852704 _____ () C:\Users\Suzanne\Downloads\SecurityCheck.exe
2015-05-29 00:34 - 2015-05-29 00:34 - 00246272 _____ () C:\Program Files (x86)\GlassWire\GeoIP.dll
2015-05-18 23:35 - 2014-10-16 10:26 - 00622880 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-09-11 22:16 - 2015-06-26 03:13 - 00184184 _____ () C:\ProgramData\UnThreat\data\libBase64.dll
2015-09-11 22:16 - 2015-06-26 03:13 - 00175992 _____ () C:\ProgramData\UnThreat\data\libMachoUniv.dll
2015-05-21 18:35 - 2015-05-21 18:35 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-05-21 18:33 - 2015-05-21 18:33 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-11-10 15:12 - 2014-11-10 15:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-09-11 22:07 - 2015-08-27 20:17 - 01501512 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libglesv2.dll
2015-09-11 22:07 - 2015-08-27 20:17 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\libegl.dll
2015-09-11 22:07 - 2015-08-27 20:17 - 16393032 _____ () C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.85\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
AlternateDataStreams: C:\Users\Suzanne\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\str => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\100sexlinks.com -> 100sexlinks.com
 
There are 4608 more restricted sites.
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2562107190-387453576-934030773-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is disabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "ControlCenter4"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\StartupApproved\StartupFolder: => "Dropbox.lnk"
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\StartupApproved\Run: => "Advanced SystemCare Ultimate"
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\StartupApproved\Run: => "AppleIEDAV"
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\StartupApproved\Run: => "iCloudDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{6F31F7C8-70D5-4182-9955-F71B8855767C}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{7A47C72D-530E-40CD-BCEB-F7680690385A}] => (Allow) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
FirewallRules: [{1E271788-2992-401C-946D-D1EC0C658BDC}] => (Allow) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
FirewallRules: [{1791959D-D30D-4ABA-99B2-BF7EB461DA3A}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2D42E831-AAD6-4624-B1FB-0D0DD1C0A9F7}] => (Allow) C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe
FirewallRules: [{204526F7-C03F-4160-BEAE-1A5A43A4ED2B}] => (Allow) C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe
FirewallRules: [{C395F0DA-CA02-4298-B3F0-35BBBBC87F20}] => (Allow) C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe
FirewallRules: [{72E45D4C-0A58-4035-9B46-4284CFEB6DE5}] => (Allow) C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe
FirewallRules: [{8A7962F2-ED18-439F-BC0E-961429A0F186}] => (Allow) C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe
FirewallRules: [{3074AE10-6422-427E-A0D2-0454EC8626DF}] => (Allow) C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe
FirewallRules: [{F183E7C6-8B8B-46FB-A841-DA0673FC62D2}] => (Allow) C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe
 
==================== Faulty Device Manager Devices =============
 
Name: HID Sensor Collection
Description: HID Sensor Collection
Class Guid: {5175d334-c371-4806-b3ba-71fd53c9258d}
Manufacturer: Microsoft
Service: SensorsHIDClassDriver
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. 
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/12/2015 12:20:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x62c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/12/2015 12:19:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x1dd4
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/12/2015 12:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0xb54
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/12/2015 12:15:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x1fe0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/12/2015 12:15:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x1d2c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/12/2015 12:13:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x1924
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/12/2015 12:13:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x1e28
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/12/2015 12:12:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x197c
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/11/2015 11:56:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x1a90
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
Error: (09/11/2015 11:50:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 45.0.2454.85, time stamp: 0x55df881b
Faulting module name: ntdll.dll, version: 6.3.9600.17936, time stamp: 0x55a68dd1
Exception code: 0xc0000005
Fault offset: 0x0003c6f5
Faulting process id: 0x1700
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5
 
 
System errors:
=============
Error: (09/12/2015 12:02:51 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0xc1900107: Upgrade to Windows 10 Home.
 
Error: (09/11/2015 11:06:36 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Device Setup Manager service hung on starting.
 
Error: (09/11/2015 11:05:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rscp service failed to start due to the following error: 
%%2
 
Error: (09/11/2015 11:02:56 PM) (Source: DCOM) (EventID: 10010) (User: SUZI-ULTRABOOK)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (09/11/2015 11:00:40 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80242fff: Update for Windows 8.1 for x64-based Systems (KB3092627).
 
Error: (09/11/2015 10:40:40 PM) (Source: TPM) (EventID: 15) (User: NT AUTHORITY)
Description: The device driver for the Trusted Platform Module (TPM) encountered a non-recoverable error in the TPM hardware, which prevents TPM services (such as data encryption) from being used. For further help, please contact the computer manufacturer.
 
Error: (09/11/2015 10:40:24 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Device Setup Manager service hung on starting.
 
Error: (09/11/2015 10:39:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The rscp service failed to start due to the following error: 
%%2
 
Error: (09/11/2015 10:37:43 PM) (Source: DCOM) (EventID: 10010) (User: SUZI-ULTRABOOK)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}
 
Error: (09/11/2015 10:24:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SASDIFSV service failed to start due to the following error: 
%%183
 
 
Microsoft Office:
=========================
Error: (09/12/2015 12:20:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f562c01d0ed1253197760C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll90dd6f2f-5905-11e5-827d-6057189f0a8c
 
Error: (09/12/2015 12:19:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f51dd401d0ed1246f252e7C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll84c20c8e-5905-11e5-827d-6057189f0a8c
 
Error: (09/12/2015 12:16:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f5b5401d0ed11d5a1c038C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll1372d9bd-5905-11e5-827d-6057189f0a8c
 
Error: (09/12/2015 12:15:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f51fe001d0ed11a9f34b11C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dlle7c9bcb1-5904-11e5-827d-6057189f0a8c
 
Error: (09/12/2015 12:15:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f51d2c01d0ed119d9b4d5aC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dlldb69802d-5904-11e5-827d-6057189f0a8c
 
Error: (09/12/2015 12:13:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f5192401d0ed116bb51d6bC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dlla99f1ab5-5904-11e5-827d-6057189f0a8c
 
Error: (09/12/2015 12:13:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f51e2801d0ed115740498bC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll951b770a-5904-11e5-827d-6057189f0a8c
 
Error: (09/12/2015 12:12:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f5197c01d0ed11494a3731C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll8717585d-5904-11e5-827d-6057189f0a8c
 
Error: (09/11/2015 11:56:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f51a9001d0ed0f08de81bcC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll47c4c014-5902-11e5-827d-6057189f0a8c
 
Error: (09/11/2015 11:50:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: chrome.exe45.0.2454.8555df881bntdll.dll6.3.9600.1793655a68dd1c00000050003c6f5170001d0ed0e1d7fe5f4C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SYSTEM32\ntdll.dll5b805570-5901-11e5-827d-6057189f0a8c
 
 
CodeIntegrity:
===================================
  Date: 2015-07-30 23:12:18.766
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Windows\System32\services.exe) attempted to load \Device\HarddiskVolume4\Program Files\Windows Defender\NisSrv.exe that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-5200U CPU @ 2.20GHz
Percentage of memory in use: 52%
Total physical RAM: 8099.62 MB
Available physical RAM: 3857.48 MB
Total Virtual: 9379.62 MB
Available Virtual: 6244.57 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:221.36 GB) (Free:115.21 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:16.09 GB) (Free:1.84 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================
 
 
 
 
 
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-09-2015 01
Ran by Suzanne (administrator) on SUZI-ULTRABOOK (12-09-2015 00:35:14)
Running from C:\Users\Suzanne\Downloads
Loaded Profiles: Suzanne (Available Profiles: Suzanne)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Users\Suzanne\AppData\Local\Epic Privacy Browser\Application\epic.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsEngineSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\IIS\RtI2SBgProc64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Scandium Security Inc.) C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(SurfRight B.V.) C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
(Scandium Security Inc.) C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
(Flux Software LLC) C:\Users\Suzanne\AppData\Local\FluxSoftware\Flux\flux.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(AVSoftware) C:\Program Files (x86)\UnThreat AntiVirus\drv\utwsc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AVSoftware) C:\Program Files (x86)\UnThreat AntiVirus\drv\utwsc.exe
(AVSoftware) C:\Program Files (x86)\UnThreat AntiVirus\drv\utwsc.exe
() C:\Users\Suzanne\Downloads\RogueKillerX64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Users\Suzanne\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Adlice Software) C:\Users\Suzanne\Downloads\WhyIGotInfected.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtkNGui] => C:\Program Files\Realtek\Audio\AP\RtkNGui64.exe [8651480 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtI2SBgProc] => C:\Program Files\Realtek\Audio\AP\RtI2SBgProc64.exe [2707672 2014-12-23] (Realtek Semiconductor)
HKLM\...\Run: [CxAgent] => C:\Program Files\Realtek\Audio\AP\CXAPOAgent64.exe [742592 2014-12-23] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2858664 2015-03-24] (Synaptics Incorporated)
HKLM\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)
HKLM\...\Run: [UnThreat] => C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe [14911280 2014-01-22] (Scandium Security Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-22] (Malwarebytes Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [827896 2015-09-11] (Webroot)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [UnThreat] => C:\Program Files (x86)\UnThreat AntiVirus\UnThreat.exe [14911280 2014-01-22] (Scandium Security Inc.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-21-2562107190-387453576-934030773-1001\...\Run: [f.lux] => C:\Users\Suzanne\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-14] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-19] ()
Startup: C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-07-30]
ShortcutTarget: Dropbox.lnk -> C:\Users\Suzanne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{01557606-B6AB-46B5-8B36-709AF0D9CE27}: [DhcpNameServer] 40.25.1.201 40.25.1.202
Tcpip\..\Interfaces\{3D0EB99E-F626-488E-A305-A002AC741B57}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
HKU\S-1-5-21-2562107190-387453576-934030773-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://hp13.msn.com
HKU\S-1-5-21-2562107190-387453576-934030773-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp13.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax64\wrflt.dll [2015-09-08] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-09-08] (Webroot)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-21] (Microsoft Corporation)
Filter: AutorunsDisabled - No CLSID Value
 
FireFox:
========
FF ProfilePath: C:\Users\Suzanne\AppData\Roaming\Mozilla\Firefox\Profiles\v9af9tzt.default-1432495221840
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-05-19] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-09-11] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-2562107190-387453576-934030773-1001: @updates.epicbrowser.com/Epic Privacy Browser Installer;version=9 -> C:\Users\Suzanne\AppData\Local\Epic Privacy Browser\Installer\1.3.27.13\npEpicUpdate3.dll [2015-09-02] (Epic Privacy Browser)
FF HKLM-x32\...\Firefox\Extensions: [webrootsecure@webroot.com] - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer
FF Extension: Webroot Filtering Extension - C:\ProgramData\WRData\PKG\FIREFOX\WebrootSecure_SocketServer [2015-05-18]
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.google.com"
CHR Profile: C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-11]
CHR Extension: (No Name) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-11]
CHR Extension: (No Name) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-11]
CHR Extension: (No Name) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-11]
CHR Extension: (No Name) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-11]
CHR Extension: (Google Docs Offline) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-11]
CHR Extension: (No Name) - C:\Users\Suzanne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-11]
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4259808 2015-03-09] (Nuance Communications, Inc.)
S3 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-04-10] (Foxit Software Inc.)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [7152128 2015-05-29] (SecureMix LLC)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-08-31] (SurfRight B.V.)
R2 hmpalertsvc; C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe [4079264 2015-07-07] (SurfRight B.V.)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [573704 2014-12-01] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18584 2014-10-09] (Intel Corporation)
S2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [125168 2014-11-04] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-04] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 IntelUSBoverIP; C:\Program Files\Intel Corporation\USB over IP\bin\UoipService.exe [394184 2014-10-15] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-08-31] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-22] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; c:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2014-12-04] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-11-06] (CyberLink)
R2 rsEngineSvc; C:\Program Files\Reason\Security\rsEngineSvc.exe [80144 2015-05-18] (Reason Software Company Inc.)
R2 RtkI2SCodec; C:\Program Files\Realtek\Audio\IIS\RtkI2SAudioService64.exe [150544 2015-05-12] (Realtek Semiconductor)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [220840 2015-03-24] (Synaptics Incorporated)
R2 UTSvcManager3; C:\Program Files (x86)\UnThreat AntiVirus\utsvc.exe [2808112 2014-01-22] (Scandium Security Inc.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2015-04-03] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [827896 2015-09-11] (Webroot)
R2 ZeroConfigService; c:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3820960 2014-12-04] (Intel® Corporation)
S2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-11-21] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 epp64; C:\EmisoftEmergencyKit\bin\epp64.sys [136456 2015-09-12] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-22] ()
R3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-29] (SecureMix LLC)
R3 hmpalert; C:\Windows\system32\drivers\hmpalert.sys [198216 2015-07-07] (SurfRight B.V.)
R3 hmpnet; C:\Windows\system32\drivers\hmpnet.sys [69448 2015-07-07] (SurfRight B.V.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-05-18] (REALiX™)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [120312 2014-06-10] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [225008 2014-11-04] (Intel Corporation)
R3 IntcADSP; C:\Windows\system32\DRIVERS\IntcADSP.sys [724720 2014-12-23] (Intel® Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3497240 2015-05-18] (Intel Corporation)
R3 RTKI2SAC; C:\Windows\system32\DRIVERS\RTKI2SAC.sys [217104 2015-05-12] (Realtek Semiconductor Corp.)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [788696 2015-05-19] (Realsil Semiconductor Corporation)
S3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-11-21] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-12-08] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-12-08] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-09-12] ()
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [213296 2014-10-15] (Windows ® Win 7 DDK provider)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [31512 2014-11-03] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116224 2015-09-11] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-09-08] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-12 00:35 - 2015-09-12 00:35 - 00022404 _____ C:\Users\Suzanne\Downloads\FRST.txt
2015-09-12 00:34 - 2015-09-12 00:35 - 00000000 ____D C:\FRST
2015-09-12 00:34 - 2015-09-12 00:34 - 02190848 _____ (Farbar) C:\Users\Suzanne\Downloads\FRST64.exe
2015-09-12 00:31 - 2015-09-12 00:31 - 00182344 _____ (Adlice Software) C:\Users\Suzanne\Downloads\WhyIGotInfected.exe
2015-09-12 00:28 - 2015-09-12 00:29 - 00891392 _____ (Farbar) C:\Users\Suzanne\Downloads\MiniToolBox.exe
2015-09-12 00:26 - 2015-09-12 00:26 - 00372800 _____ (Kaspersky Lab.) C:\Users\Suzanne\Downloads\Kabasiji.exe
2015-09-12 00:24 - 2015-09-12 00:24 - 00852704 _____ C:\Users\Suzanne\Downloads\SecurityCheck.exe
2015-09-12 00:21 - 2015-09-12 00:21 - 22727240 _____ C:\Users\Suzanne\Downloads\RogueKillerX64.exe
2015-09-12 00:21 - 2015-09-12 00:21 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys
2015-09-12 00:21 - 2015-09-12 00:21 - 00000000 ____D C:\ProgramData\RogueKiller
2015-09-12 00:13 - 2015-09-12 00:13 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Suzanne\Downloads\tdsskiller (1).exe
2015-09-11 23:11 - 2015-09-11 23:11 - 00000000 _____ C:\Windows\SysWOW64\SBRC.dat
2015-09-11 22:24 - 2015-09-11 22:24 - 00000000 ____D C:\ProgramData\SUPERSetup
2015-09-11 22:16 - 2015-09-11 22:16 - 00000000 ____D C:\ProgramData\VIPRE
2015-09-11 22:16 - 2013-05-23 08:39 - 00041032 _____ (ThreatTrack Security) C:\Windows\system32\Drivers\gfiark.sys
2015-09-11 22:14 - 2015-09-11 22:14 - 00001132 _____ C:\Users\Suzanne\Desktop\UnThreat AntiVirus.lnk
2015-09-11 22:14 - 2015-09-11 22:14 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnThreat AntiVirus
2015-09-11 22:13 - 2015-09-11 23:11 - 00000000 ____D C:\ProgramData\UnThreat
2015-09-11 22:13 - 2015-09-11 23:07 - 00000000 ____D C:\Program Files (x86)\UnThreat AntiVirus
2015-09-11 22:13 - 2015-09-11 22:13 - 00971184 _____ (Scandium Security Inc.) C:\Users\Suzanne\Downloads\UnThreatFreeSetup.exe
2015-09-11 22:13 - 2014-01-22 10:34 - 00082872 _____ (GFI Software) C:\Windows\system32\Drivers\sbapifs.sys
2015-09-11 22:13 - 2014-01-22 10:34 - 00047496 _____ (GFI Software) C:\Windows\SysWOW64\sbbd.exe
2015-09-11 22:12 - 2015-09-12 00:17 - 00000936 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-11 22:12 - 2015-09-11 23:07 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-11 22:10 - 2015-09-11 23:12 - 00000000 ____D C:\EEK
2015-09-11 22:09 - 2015-09-11 22:10 - 166308880 _____ C:\Users\Suzanne\Downloads\EmsisoftEmergencyKit (1).exe
2015-09-11 22:08 - 2015-09-11 22:41 - 00000000 ____D C:\EmisoftEmergencyKit
2015-09-11 22:08 - 2015-09-11 22:11 - 00000768 _____ C:\Users\Suzanne\Desktop\Start Emsisoft Emergency Kit.lnk
2015-09-11 22:07 - 2015-09-11 22:12 - 00002212 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-09-11 22:07 - 2015-09-11 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-11 22:05 - 2015-09-11 22:06 - 166308880 _____ C:\Users\Suzanne\Downloads\EmsisoftEmergencyKit.exe
2015-09-11 22:01 - 2015-09-11 22:01 - 23312376 _____ (SUPERAntiSpyware) C:\Users\Suzanne\Downloads\SUPERAntiSpyware.exe
2015-09-11 21:52 - 2015-09-11 21:52 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\ProductData
2015-09-11 21:50 - 2015-09-11 21:50 - 00167152 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-09-11 21:50 - 2015-09-11 21:50 - 00105376 _____ (Webroot) C:\Windows\system32\WRusr.dll
2015-09-11 21:41 - 2015-09-11 21:41 - 04527056 _____ (VoodooSoft, LLC ) C:\Users\Suzanne\Downloads\InstallVoodooShield.exe
2015-09-11 21:35 - 2015-09-11 21:36 - 00015781 _____ C:\HijackPatrol.log
2015-09-11 21:34 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-09-11 21:34 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-09-11 21:34 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-09-11 21:34 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-11 21:34 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-11 21:34 - 2015-08-26 22:48 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-09-11 21:34 - 2015-08-26 14:00 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-11 21:34 - 2015-08-26 14:00 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-11 21:34 - 2015-08-26 14:00 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-11 21:34 - 2015-08-26 14:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-11 21:34 - 2015-08-26 10:46 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-09-11 21:34 - 2015-08-26 10:29 - 02240512 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-09-11 21:34 - 2015-08-26 10:27 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-09-11 21:34 - 2015-08-26 10:27 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-09-11 21:34 - 2015-08-26 10:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-09-11 21:34 - 2015-08-26 10:26 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-09-11 21:34 - 2015-08-26 10:26 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-09-11 21:34 - 2015-08-22 14:19 - 25188352 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-09-11 21:34 - 2015-08-22 13:35 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-09-11 21:34 - 2015-08-22 13:34 - 00585216 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-09-11 21:34 - 2015-08-22 13:22 - 19856384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-11 21:34 - 2015-08-22 13:21 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-09-11 21:34 - 2015-08-22 13:20 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-09-11 21:34 - 2015-08-22 12:55 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-11 21:34 - 2015-08-22 12:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-11 21:34 - 2015-08-22 12:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-09-11 21:34 - 2015-08-22 12:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-11 21:34 - 2015-08-22 12:44 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-09-11 21:34 - 2015-08-22 12:41 - 14451712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-09-11 21:34 - 2015-08-22 12:41 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-09-11 21:34 - 2015-08-22 12:41 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-09-11 21:34 - 2015-08-22 12:41 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-09-11 21:34 - 2015-08-22 12:39 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-09-11 21:34 - 2015-08-22 12:28 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-11 21:34 - 2015-08-22 12:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-09-11 21:34 - 2015-08-22 12:23 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-09-11 21:34 - 2015-08-22 12:22 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-11 21:34 - 2015-08-22 12:20 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-09-11 21:34 - 2015-08-22 12:18 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-11 21:34 - 2015-08-22 12:18 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-11 21:34 - 2015-08-22 12:18 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-11 21:34 - 2015-08-22 12:14 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-09-11 21:34 - 2015-08-22 12:01 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-09-11 21:34 - 2015-08-22 12:00 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-11 21:34 - 2015-08-22 11:56 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-11 21:34 - 2015-08-22 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-11 21:34 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-09-11 21:34 - 2015-08-03 17:15 - 00065600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-11 21:34 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-09-11 21:34 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\schtasks.exe
2015-09-11 21:34 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
2015-09-11 21:34 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2015-09-11 21:34 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-09-11 21:34 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-09-11 21:34 - 2015-07-30 13:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-09-11 21:34 - 2015-07-30 12:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-11 21:34 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-09-11 21:34 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-09-11 21:34 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-11 21:34 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-09-11 21:34 - 2015-07-22 10:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-09-11 21:34 - 2015-07-22 09:52 - 01633792 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-09-11 21:34 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2015-09-11 21:34 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-09-11 21:34 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2015-09-11 21:34 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-09-11 21:34 - 2015-07-17 10:15 - 00951296 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-09-11 21:34 - 2015-07-17 10:10 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-11 21:34 - 2015-07-13 23:27 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\tzsync.exe
2015-09-11 21:34 - 2015-07-13 15:10 - 00411455 _____ C:\Windows\system32\ApnDatabase.xml
2015-09-11 21:34 - 2015-07-10 15:06 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthpan.sys
2015-09-11 21:34 - 2015-07-09 12:14 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-09-11 21:34 - 2015-07-03 17:51 - 01380056 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-09-11 21:34 - 2015-07-03 10:00 - 01097216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-09-11 21:34 - 2015-06-27 07:47 - 00118616 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-09-11 21:34 - 2015-06-19 13:07 - 02819072 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-09-11 21:32 - 2015-09-11 21:33 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\WinPatrol
2015-09-11 21:32 - 2015-09-11 21:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-09-11 21:32 - 2015-09-11 21:32 - 00000000 ____D C:\ProgramData\InstallMate
2015-09-11 21:32 - 2015-09-11 21:32 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-09-11 21:30 - 2015-09-11 21:30 - 00680600 _____ (Sysinternals - www.sysinternals.com) C:\Users\Suzanne\Downloads\autoruns.exe
2015-09-11 21:29 - 2015-09-11 21:29 - 05635119 _____ (Swearware) C:\Users\Suzanne\Downloads\ComboFix.exe
2015-09-11 21:29 - 2015-09-11 21:29 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Suzanne\Downloads\tdsskiller.exe
2015-09-11 21:29 - 2015-09-11 21:29 - 01187840 _____ (Ruiware) C:\Users\Suzanne\Downloads\wpsetup(1).exe
2015-09-11 21:28 - 2015-09-11 21:28 - 01187840 _____ (Ruiware) C:\Users\Suzanne\Downloads\wpsetup.exe
2015-09-11 21:18 - 2015-09-11 21:18 - 00000683 _____ C:\Users\Suzanne\Desktop\JRT.txt
2015-09-11 20:38 - 2015-09-11 20:38 - 00040448 _____ C:\Users\Suzanne\Downloads\Hyaluronic_acid_gel.xls
2015-09-11 20:38 - 2015-09-11 20:38 - 00037376 _____ C:\Users\Suzanne\Downloads\Glucosamine_and_Niacinamide_gel_lotion (1).xls
2015-09-11 20:37 - 2015-09-11 20:37 - 00037376 _____ C:\Users\Suzanne\Downloads\Glucosamine_and_Niacinamide_gel_lotion.xls
2015-09-10 19:14 - 2015-09-10 19:14 - 00003112 _____ C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2562107190-387453576-934030773-1001
2015-09-08 03:08 - 2015-09-08 03:08 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-09-02 23:37 - 2015-09-02 23:37 - 00002453 _____ C:\Users\Suzanne\Desktop\Epic Privacy Browser.lnk
2015-09-02 23:37 - 2015-09-02 23:37 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Epic Privacy Browser
2015-09-02 23:37 - 2015-09-02 23:37 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Epic Privacy Browser
2015-09-02 23:37 - 2015-09-02 23:37 - 00000000 ____D C:\ProgramData\Epic Privacy Browser
2015-09-02 23:36 - 2015-09-02 23:36 - 01832744 _____ (Epic Privacy Browser) C:\Users\Suzanne\Downloads\EpicSetup.exe
2015-09-02 12:20 - 2015-08-08 09:55 - 00794088 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-09-02 12:20 - 2015-08-08 09:55 - 00179688 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-01 22:50 - 2015-09-01 22:50 - 00597304 _____ C:\Users\Suzanne\Downloads\flux-setup.exe
2015-09-01 22:50 - 2015-09-01 22:50 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-09-01 22:50 - 2015-09-01 22:50 - 00000000 ____D C:\Users\Suzanne\AppData\Local\FluxSoftware
2015-08-31 15:39 - 2015-08-31 15:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-24 21:14 - 2015-07-07 05:40 - 00270168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-08-24 21:14 - 2015-07-07 05:40 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-08-24 21:14 - 2015-07-07 05:40 - 00044560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-08-24 21:14 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-08-24 21:14 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-08-24 21:13 - 2015-08-24 21:13 - 00003842 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1433291751
2015-08-24 21:13 - 2015-08-24 21:13 - 00001070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-24 21:13 - 2015-07-28 19:24 - 00025776 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-24 21:13 - 2015-07-28 10:24 - 01148416 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-24 21:13 - 2015-07-28 10:24 - 01116160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-24 21:13 - 2015-07-28 10:24 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-24 21:13 - 2015-07-28 10:24 - 00743424 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-24 21:13 - 2015-07-28 10:24 - 00437248 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-24 21:13 - 2015-07-28 10:24 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-24 21:13 - 2015-07-14 17:59 - 01113944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-08-24 21:13 - 2015-07-14 17:59 - 00487256 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-08-24 21:13 - 2015-07-14 17:59 - 00393560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-08-24 21:13 - 2015-06-11 16:12 - 02476376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-08-24 21:13 - 2015-06-11 16:12 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-08-24 21:12 - 2015-07-30 10:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-24 21:12 - 2015-07-30 09:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 03:18 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-13 03:18 - 2015-07-16 16:23 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-13 03:18 - 2015-07-16 15:53 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-08-13 03:18 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-13 03:18 - 2015-07-16 15:41 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-13 03:18 - 2015-07-16 15:14 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-08-13 03:18 - 2015-07-16 14:52 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-08-13 03:17 - 2015-07-29 10:37 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-13 03:17 - 2015-07-29 10:30 - 01381888 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-13 03:17 - 2015-07-29 10:23 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-13 03:17 - 2015-07-15 20:29 - 07458648 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-13 03:17 - 2015-07-15 20:29 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-13 03:17 - 2015-07-15 20:29 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-13 03:17 - 2015-07-15 20:28 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-13 03:17 - 2015-07-13 23:22 - 02529880 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-08-13 03:17 - 2015-07-13 23:21 - 01901776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-08-13 03:17 - 2015-07-13 15:46 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-13 03:17 - 2015-07-13 15:45 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2015-08-13 03:17 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-13 03:17 - 2015-07-10 13:54 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-08-13 03:17 - 2015-07-10 13:42 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-13 03:17 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-13 03:17 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-13 03:17 - 2015-07-10 12:47 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-13 03:17 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-13 03:17 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\notepad.exe
2015-08-13 03:17 - 2015-07-09 13:13 - 00221184 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-13 03:17 - 2015-07-09 12:30 - 00212992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-13 03:17 - 2015-07-01 18:19 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-08-13 03:17 - 2015-07-01 18:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-08-13 03:17 - 2015-07-01 17:37 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-13 03:17 - 2015-07-01 17:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-12 00:28 - 2015-05-18 23:54 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Google
2015-09-12 00:26 - 2015-05-18 22:00 - 00000000 ____D C:\Users\Suzanne\AppData\Local\VirtualStore
2015-09-12 00:23 - 2015-05-18 22:06 - 00000000 ___DO C:\Users\Suzanne\OneDrive
2015-09-12 00:21 - 2015-05-18 22:30 - 00000000 ____D C:\ProgramData\WRData
2015-09-12 00:20 - 2015-05-18 21:57 - 01859963 _____ C:\Windows\WindowsUpdate.log
2015-09-12 00:09 - 2015-05-21 20:28 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-1001
2015-09-12 00:03 - 2015-07-10 09:39 - 00000000 ____D C:\$Windows.~BT
2015-09-12 00:02 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\sru
2015-09-12 00:01 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2015-09-11 23:49 - 2015-04-03 04:02 - 00022234 _____ C:\Windows\SysWOW64\Gms.log
2015-09-11 23:11 - 2014-11-21 00:42 - 00980220 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-11 23:08 - 2015-05-18 22:01 - 00000000 ____D C:\Users\Suzanne\Documents\Youcam
2015-09-11 23:07 - 2015-05-19 04:40 - 00003724 _____ C:\Users\Public\CAFADEBUG.log
2015-09-11 23:05 - 2015-06-20 17:09 - 00061812 _____ C:\Windows\PFRO.log
2015-09-11 23:05 - 2015-06-20 17:09 - 00002041 _____ C:\Windows\setupact.log
2015-09-11 23:05 - 2015-06-16 08:02 - 00000000 ____D C:\ProgramData\HitmanPro.Alert
2015-09-11 23:05 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-11 23:05 - 2013-08-22 10:44 - 00497176 _____ C:\Windows\system32\FNTCACHE.DAT
2015-09-11 23:04 - 2014-11-21 00:20 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-11 23:04 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-09-11 23:04 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\system32\inetsrv
2015-09-11 23:04 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-11 22:57 - 2015-05-21 12:53 - 00000000 ____D C:\Windows\system32\MRT
2015-09-11 22:46 - 2015-05-19 00:43 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-09-11 22:38 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2015-09-11 22:12 - 2015-05-18 23:54 - 00003908 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-11 22:12 - 2015-05-18 23:54 - 00003672 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-11 22:11 - 2015-05-19 00:41 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-11 22:07 - 2015-05-18 23:54 - 00000000 ____D C:\Program Files (x86)\Google
2015-09-11 22:06 - 2015-06-16 09:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-09-11 21:50 - 2015-05-18 22:32 - 00116224 _____ (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-09-11 21:42 - 2014-12-10 00:00 - 00000000 ____D C:\Windows\Panther
2015-09-11 21:14 - 2015-05-18 22:00 - 00000000 ____D C:\Users\Suzanne\AppData\Local\Packages
2015-09-11 21:13 - 2015-06-16 09:22 - 00002368 _____ C:\Users\Suzanne\Desktop\Rkill.txt
2015-09-11 20:55 - 2015-05-21 15:23 - 00000000 ____D C:\Users\Suzanne\Documents\Outlook Files
2015-09-11 19:30 - 2015-06-02 19:39 - 00000000 ____D C:\Users\Suzanne\Documents\Boston University EMT course
2015-09-10 19:36 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2015-09-10 19:15 - 2015-07-30 20:03 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2015-09-08 03:08 - 2015-05-19 06:24 - 00000000 ____D C:\Users\Suzanne\AppData\Roaming\Dropbox
2015-09-08 02:51 - 2015-05-18 22:33 - 00043600 ____T (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-09-01 01:40 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2015-08-31 15:14 - 2015-06-13 12:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-31 15:11 - 2015-05-19 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-08-31 15:11 - 2015-05-19 00:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-08-31 15:10 - 2015-05-19 14:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-31 15:09 - 2015-06-20 17:08 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-31 15:09 - 2014-11-21 08:38 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-31 15:09 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 15:09 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-31 15:09 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-31 15:09 - 2013-08-22 11:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-26 18:37 - 2015-05-21 12:52 - 134753440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-08-24 21:13 - 2015-06-02 20:35 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-24 21:10 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 21:10 - 2013-08-22 11:36 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
 
==================== Files in the root of some directories =======
 
2015-06-11 00:07 - 2015-06-11 00:08 - 401178632 _____ () C:\Program Files\PowerDirector_2307_GM3_Trial_Trial_VDE141205-02.exe
2015-05-18 22:34 - 2015-05-18 22:35 - 10395072 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2015-06-20 18:23 - 2015-06-20 18:23 - 0000202 _____ () C:\Users\Suzanne\AppData\Roaming\TSSTLiveUpdateConfig.ini
 
Some files in TEMP:
====================
C:\Users\Suzanne\AppData\Local\Temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-11 05:09
 
==================== End of FRST.txt ============================
 
 
 

RogueKiller V10.10.4.0 (x64) [Sep  4 2015] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9600) 64 bits version
Started in : Normal mode
User : Suzanne [Administrator]
Started from : C:\Users\Suzanne\Downloads\RogueKillerX64.exe
Mode : Scan -- Date : 09/12/2015 00:35:54
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 16 ¤¤¤
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562107190-387453576-934030773-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562107190-387453576-934030773-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2562107190-387453576-934030773-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2562107190-387453576-934030773-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{01557606-B6AB-46B5-8B36-709AF0D9CE27} | DhcpNameServer : 40.25.1.201 40.25.1.202 ([UNITED STATES (US)][UNITED STATES (US)])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{01557606-B6AB-46B5-8B36-709AF0D9CE27} | DhcpNameServer : 40.25.1.201 40.25.1.202 ([UNITED STATES (US)][UNITED STATES (US)])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: AXNS381E-256GM-B +++++
--- User ---
[MBR] 7fd6263ebdc6d9e80d909bb9c25934bd
[BSP] fad3f19a78c8bbdab6e576ef689c33bb : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 226673 MB
4 - [SYSTEM] Basic data partition | Offset (sectors): 466354176 | Size: 16481 MB
User = LL1 ... OK
User = LL2 ... OK
 
 
 
 
 

 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
Webroot SecureAnywhere   
UnThreat AntiVirus       
Windows Defender         
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 WinPatrol 
 Adobe Flash Player 18.0.0.232  
 Mozilla Firefox (40.0.3) 
 Google Chrome (45.0.2454.85) 
````````Process Check: objlist.exe by Laurent````````  
 WinPatrol winpatrol.exe 
 UnThreat AntiVirus utsvc.exe   
 UnThreat AntiVirus UnThreat.exe   
 UnThreat AntiVirus drv utwsc.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Exploit mbae64.exe   
 Malwarebytes Anti-Exploit mbae.exe   
 Ruiware WinPatrol WinPatrol.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 


BC AdBot (Login to Remove)

 


m

#2 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 12 September 2015 - 12:56 AM

I am also running the online scanner from ESET and it states I have a variant of win32/InstallCore.ACL 

 

Any detailed guidance on these issues would be greatly appreciated.  

 

 



#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 PM

Posted 13 September 2015 - 02:59 PM

Greetings durgama and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. It looks like you have already run a wide variety of tools on your computer however there is still more that needs to be taken care of.

Please consider and do this.

===================================================

Multiple Antivirus Programs

-------------------

I do not recommend that you have more than one anti virus product installed on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please remove all but one of the Antivirus programs currently on your computer, even if only one is running. You can do this via Add/Remove Programs, or Programs and Features in the Control Panel.
 

Webroot SecureAnywhere
UnThreat AntiVirus


===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: AutorunsDisabled - No CLSID Value
S2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {03DC811D-1FB4-42ED-A664-F44530F8F212} - \Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500 -> No File <==== ATTENTION
Task: {E8B8C37A-D030-49F1-A18B-01F8CFDE2048} - \Driver Booster SkipUAC (Suzanne) -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ListParts by Farbar for 64 bit Systems

--------------------
  • Please download ListParts64.exe (for 64 bit systems), or and save it to your desktop
  • Double click the icon to launch the program
  • Select Run
  • Select Scan
  • Select OK and wait for a Result - Notepad document to open on your desktop
  • Please copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Result log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 15 September 2015 - 08:15 PM

Dear Gary,

Thank you so much for your expert assistance and support. I am grateful for your attention to my problem:

 

I did as you requested.... hopefully I did not screw it up.

I had to create a new profile to use the computer, which isn't the admin profile, as my computer stopped functioning.

I put it in airplane mode, which corrected some of the issues, but then when I tried to run the Junkware removal tool, the system started crashing more.

Then it froze, then it rebooted to the system fix screen, and then when I pressed f2, said no operating system installed in the computer.

After that, I just created another account, from which I performed the above actions.

 

I deleted the antivirus as you requested. Here are the logs and file.  I hope I did this right. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Admin (2015-09-15 21:05:47) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Suzanne & Admin (Available Profiles: Suzanne & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: AutorunsDisabled - No CLSID Value
S2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {03DC811D-1FB4-42ED-A664-F44530F8F212} - \Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500 -> No File <==== ATTENTION
Task: {E8B8C37A-D030-49F1-A18B-01F8CFDE2048} - \Driver Booster SkipUAC (Suzanne) -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value not found.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKCR\PROTOCOLS\Filter\Filter: AutorunsDisabled - No CLSID Value => key could not remove. Access Denied.
rscp => service could not remove
SR => service could not remove
srservice => service could not remove
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DC811D-1FB4-42ED-A664-F44530F8F212} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8B8C37A-D030-49F1-A18B-01F8CFDE2048} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Suzanne) => key could not remove. Access Denied.
"C:\ProgramData\TEMP" => ":B3503B59" ADS not found.
HKU\.DEFAULT\Software\Classes\.exe => key could not remove. Access Denied.
HKU\.DEFAULT\Software\Classes\exefile => key could not remove. Access Denied.
HKU\S-1-5-19\Software\Classes\.exe => key could not remove. Access Denied.
HKU\S-1-5-19\Software\Classes\exefile => key could not remove. Access Denied.
HKU\S-1-5-20\Software\Classes\.exe => key could not remove. Access Denied.
HKU\S-1-5-20\Software\Classes\exefile => key could not remove. Access Denied.

==== End of Fixlog 21:05:48 ====

 

ListParts by Farbar Version: 31-07-2014
Ran by Admin on 15-09-2015 at 21:10:41
WIN_81 (X64)
Running From: C:\Users\Admin\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 8099.62 MB
Available physical RAM: 6061.8 MB
Total Pagefile: 9379.62 MB
Available Pagefile: 7158.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.89 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:221.36 GB) (Free:106.89 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.09 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

============================== MBR Partition Table ==================

 

I ran these twice, one before the reboot, the above, after the reboot. 

 

On the new profile I created, I reran the ESET online scanner:

Result below:

C:\Program Files\Reason\Security\Protection\rscp\uninstall.exe    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\Reason\Security\Protection\rscp\bin\collector.dll    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\Reason\Security\Protection\rscp\bin\icuid.dll    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Suzanne\AppData\Local\Temp\nshBF41.tmp\Helper.dll    a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Suzanne\AppData\Local\Temp\nsjD087.tmp\Helper.dll    a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Suzanne\Downloads\UnThreatFreeSetup.exe    a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    deleted - quarantined
C:\Windows\Temp\~un06d3e5cda\i06d54c6af.exe    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
 

 

 


****** End Of Log ******


Dear Gary,

Thank you so much for your expert assistance and support. I am grateful for your attention to my problem:

 

I did as you requested.... hopefully I did not screw it up.

I had to create a new profile to use the computer, which isn't the admin profile, as my computer stopped functioning.

I put it in airplane mode, which corrected some of the issues, but then when I tried to run the Junkware removal tool, the system started crashing more.

Then it froze, then it rebooted to the system fix screen, and then when I pressed f2, said no operating system installed in the computer.

After that, I just created another account, from which I performed the above actions.

 

I deleted the antivirus as you requested. Here are the logs and file.  I hope I did this right. 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Admin (2015-09-15 21:05:47) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Suzanne & Admin (Available Profiles: Suzanne & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: AutorunsDisabled - No CLSID Value
S2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {03DC811D-1FB4-42ED-A664-F44530F8F212} - \Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500 -> No File <==== ATTENTION
Task: {E8B8C37A-D030-49F1-A18B-01F8CFDE2048} - \Driver Booster SkipUAC (Suzanne) -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value could not remove.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value not found.
HKLM\SOFTWARE\Policies\Google => key could not remove. Access Denied.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value could not remove.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value not found.
HKCR\PROTOCOLS\Filter\Filter: AutorunsDisabled - No CLSID Value => key could not remove. Access Denied.
rscp => service could not remove
SR => service could not remove
srservice => service could not remove
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DC811D-1FB4-42ED-A664-F44530F8F212} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500 => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8B8C37A-D030-49F1-A18B-01F8CFDE2048} => key could not remove. Access Denied.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Suzanne) => key could not remove. Access Denied.
"C:\ProgramData\TEMP" => ":B3503B59" ADS not found.
HKU\.DEFAULT\Software\Classes\.exe => key could not remove. Access Denied.
HKU\.DEFAULT\Software\Classes\exefile => key could not remove. Access Denied.
HKU\S-1-5-19\Software\Classes\.exe => key could not remove. Access Denied.
HKU\S-1-5-19\Software\Classes\exefile => key could not remove. Access Denied.
HKU\S-1-5-20\Software\Classes\.exe => key could not remove. Access Denied.
HKU\S-1-5-20\Software\Classes\exefile => key could not remove. Access Denied.

==== End of Fixlog 21:05:48 ====

 

ListParts by Farbar Version: 31-07-2014
Ran by Admin on 15-09-2015 at 21:10:41
WIN_81 (X64)
Running From: C:\Users\Admin\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 25%
Total physical RAM: 8099.62 MB
Available physical RAM: 6061.8 MB
Total Pagefile: 9379.62 MB
Available Pagefile: 7158.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.89 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:221.36 GB) (Free:106.89 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.09 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]

 

============================== MBR Partition Table ==================

 

I ran these twice, one before the reboot, the above, after the reboot. 

 

On the new profile I created, I reran the ESET online scanner:

Result below:

C:\Program Files\Reason\Security\Protection\rscp\uninstall.exe    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\Reason\Security\Protection\rscp\bin\collector.dll    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
C:\Program Files\Reason\Security\Protection\rscp\bin\icuid.dll    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Suzanne\AppData\Local\Temp\nshBF41.tmp\Helper.dll    a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Suzanne\AppData\Local\Temp\nsjD087.tmp\Helper.dll    a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    cleaned by deleting - quarantined
C:\Users\Suzanne\Downloads\UnThreatFreeSetup.exe    a variant of Win32/Toolbar.SearchSuite.W potentially unwanted application    deleted - quarantined
C:\Windows\Temp\~un06d3e5cda\i06d54c6af.exe    a variant of Win32/InstallCore.ACL potentially unwanted application    cleaned by deleting - quarantined
 

 

 


****** End Of Log ******



#5 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 15 September 2015 - 08:20 PM

I am not sure how to upload a file.Attached File  Summary.zip   178.84KB   0 downloads



#6 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 15 September 2015 - 08:21 PM

Sorry for the confusing posting and reposting stuff.  I thought I lost the last posts.  I gratefully appreciate your help! 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 PM

Posted 15 September 2015 - 08:25 PM

Greetings,

Need some clarification please.
 

I had to create a new profile to use the computer, which isn't the admin profile, as my computer stopped functioning.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Admin (2015-09-15 21:05:47) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Suzanne & Admin (Available Profiles: Suzanne & Admin)

 

You ran the Fixlist as "Admin" which I assume is the new User Profile. Did you create that User Profile with Administrator privileges?


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 PM

Posted 15 September 2015 - 08:27 PM

By "Upload" I think you mean Attach? If so, click on the word Attach which is a link showing you instruction on how to do it.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 15 September 2015 - 08:29 PM

I created the account labeled "admin" as a dummy account (guest was taken!)  and had to login to my Administrator level profile "Suzanne" to approve program accesses in order to run and download the programs. 



#10 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 15 September 2015 - 08:36 PM

Just figured it out and changed the admin acct to "Administrator" level access. 



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 PM

Posted 15 September 2015 - 08:36 PM

Please do this.

===================================================

Creating a New User Profile With Administrative Privileges

--------------
  • Log in as Suzanne
  • Press the windows key Windows_Logo_key.gif + R on your keyboard at the same time
  • For Windows 8 press the Windows Key + X
  • Type cmd and press Enter
  • Type the following after the command prompt, pressing Enter after each line

net user BC /add
net localgroup administrators BC /add

  • Reboot your computer and log in to the BC User Profile
  • If you are not given the option to log into BC, simply sign out then sign into BC
  • Stop and let me know if that was successful
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • New User Profile created?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 PM

Posted 15 September 2015 - 08:40 PM

OK we posted at the same time. Nice job.

Please the FRST fix and Listparts again while in the new User Profile.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 15 September 2015 - 09:31 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Admin (2015-09-15 22:28:29) Run:3
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Suzanne & Admin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: AutorunsDisabled - No CLSID Value
S2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath
Task: {03DC811D-1FB4-42ED-A664-F44530F8F212} - \Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500 -> No File <==== ATTENTION
Task: {E8B8C37A-D030-49F1-A18B-01F8CFDE2048} - \Driver Booster SkipUAC (Suzanne) -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:B3503B59
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value not found.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKCR\PROTOCOLS\Filter\Filter: AutorunsDisabled - No CLSID Value => key not found.
rscp => service removed successfully
SR => service removed successfully
srservice => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03DC811D-1FB4-42ED-A664-F44530F8F212}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03DC811D-1FB4-42ED-A664-F44530F8F212}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimize Start Menu Cache Files-S-1-5-21-2562107190-387453576-934030773-500" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E8B8C37A-D030-49F1-A18B-01F8CFDE2048}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8B8C37A-D030-49F1-A18B-01F8CFDE2048}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Suzanne)" => key removed successfully
C:\ProgramData\TEMP => ":B3503B59" ADS removed successfully.
HKU\.DEFAULT\Software\Classes\.exe => key not found.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
HKU\S-1-5-19\Software\Classes\.exe => key not found.
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
HKU\S-1-5-20\Software\Classes\.exe => key not found.
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully

==== End of Fixlog 22:28:31 ====

 

ListParts by Farbar Version: 31-07-2014
Ran by Admin (administrator) on 15-09-2015 at 22:30:16
WIN_81 (X64)
Running From: C:\Users\Admin\Desktop
Language: English (United States)
************************************************************

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 8099.62 MB
Available physical RAM: 6348.39 MB
Total Pagefile: 9379.62 MB
Available Pagefile: 7430.36 MB
Total Virtual: 131072 MB
Available Virtual: 131071.89 MB

======================= Partitions =========================

1 Drive c: (Windows) (Fixed) (Total:221.36 GB) (Free:107.92 GB) NTFS
2 Drive d: (RECOVERY) (Fixed) (Total:16.09 GB) (Free:1.82 GB) NTFS ==>[System with boot components (obtained from reading drive)]


  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          238 GB  5120 KB        *

Partitions of Disk 0:
===============


Disk ID: {9E758E58-051D-4B16-9EB0-793C2BB6DE5E}

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Recovery           650 MB  1024 KB
  Partition 2    System (partition with boot components)             260 MB   651 MB
  Partition 3    Reserved           128 MB   911 MB
  Partition 4    Primary            221 GB  1039 MB
  Partition 5    Primary             16 GB   222 GB

======================================================================================================

Disk: 0
Partition 1
Type    : de94bba4-06d1-4d40-a16a-bfd50179d6ac
Hidden  : Yes
Required: Yes
Attrib  : 0X8000000000000001

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2         WINRE        NTFS   Partition    650 MB  Healthy    Hidden  

======================================================================================================

Disk: 0
Partition 2
Type    : c12a7328-f81f-11d2-ba4b-00a0c93ec93b
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3                      FAT32  Partition    260 MB  Healthy    System (partition with boot components)  

======================================================================================================

Disk: 0
Partition 3
Type    : e3c9e316-0b5c-4db8-817d-f92df00215ae
Hidden  : Yes
Required: No
Attrib  : 0X8000000000000000

There is no volume associated with this partition.

======================================================================================================

Disk: 0
Partition 4
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: No
Attrib  : 0000000000000000

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 0     C   Windows      NTFS   Partition    221 GB  Healthy    Boot    

======================================================================================================

Disk: 0
Partition 5
Type    : ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Hidden  : No
Required: Yes
Attrib  : 0X0000000000000001

There is no volume associated with this partition.

======================================================================================================
============================== MBR Partition Table ==================

==============================
Partitions of Disk 0:
===============
Disk ID: 6C58BE6D

Partition : GPT Partition Type

Firmware Boot Manager
---------------------
identifier              {fwbootmgr}
displayorder            {bootmgr}
                        {12219385-d9d3-11e4-8a60-a610029f4246}
                        {1221938a-d9d3-11e4-8a60-a610029f4246}
timeout                 0

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\bootmgfw.efi
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
integrityservices       Enable
default                 {current}
resumeobject            {1221938b-d9d3-11e4-8a60-a610029f4246}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Firmware Application (101fffff)
-------------------------------
identifier              {12219385-d9d3-11e4-8a60-a610029f4246}
device                  partition=\Device\HarddiskVolume2
description             Solid State Disk

Firmware Application (101fffff)
-------------------------------
identifier              {1221938a-d9d3-11e4-8a60-a610029f4246}
description             USB Drive (UEFI)

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.efi
description             Windows 8.1
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {1221938f-d9d3-11e4-8a60-a610029f4246}
integrityservices       Enable
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \Windows
resumeobject            {1221938b-d9d3-11e4-8a60-a610029f4246}
nx                      OptIn
bootmenupolicy          Standard

Windows Boot Loader
-------------------
identifier              {1221938f-d9d3-11e4-8a60-a610029f4246}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12219390-d9d3-11e4-8a60-a610029f4246}
path                    \windows\system32\winload.efi
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
displaymessageoverride  Recovery
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{12219390-d9d3-11e4-8a60-a610029f4246}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {1221938b-d9d3-11e4-8a60-a610029f4246}
device                  partition=C:
path                    \Windows\system32\winresume.efi
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {1221938f-d9d3-11e4-8a60-a610029f4246}
recoveryenabled         Yes
isolatedcontext         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \EFI\Microsoft\Boot\memtest.efi
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {12219390-d9d3-11e4-8a60-a610029f4246}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


****** End Of Log ******

 

 

Here it is! Thanks again, Gary!



#14 durgama

durgama
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Providence, RI
  • Local time:10:38 PM

Posted 15 September 2015 - 10:12 PM

Hi Gary, I went to the event log, and the files in quarantine for Real Security - the trojan - seem to be generating a lot of event logs. Even Emisoft Emergency Scanner stalls out and the system and task bar freezes.  I also saw some lines in emisoft emergency scan for disabling the task bar (before the old Suzanne profile froze again). 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 35,590 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:38 PM

Posted 16 September 2015 - 09:34 AM

Greetings,

Are these errors being generated after running the Fixlist?

When you log into the new User Profile with Administrator privileges are you experiencing the same symptoms or are things running well (i.e. running Emsisoft)?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users