Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

C:\ProgramData\productdata will not delete


  • This topic is locked This topic is locked
23 replies to this topic

#1 dumbgeek

dumbgeek

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 21 September 2015 - 12:29 PM

I run Adwarecleaner and reboot the machine for it to remove C:\ProgramData\productdata and it provides me notepad file that says it removed it; however, when I check to see if it is gone it returned on reboot.

 

Here is the Adware txt file:

 

# AdwCleaner v5.000 - Logfile created 21/09/2015 at 12:32:53
# Updated 14/08/2015 by Xplode
# Database : 2015-09-20.1 [Server]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : Patricia - PATRICIA-NTBK
# Running from : C:\Users\Patricia\Downloads\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\ProgramData\productdata
[-] Folder Deleted : C:\Users\Patricia\AppData\Roaming\productdata
 
***** [ Files ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Proxy settings cleared
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner[C32].txt - [1644 octets] - [22/08/2015 12:41:59]
C:\AdwCleaner[C33].txt - [2628 octets] - [08/09/2015 12:28:52]
C:\AdwCleaner[C34].txt - [3703 octets] - [18/09/2015 13:13:33]
C:\AdwCleaner[C35].txt - [3458 octets] - [19/09/2015 11:17:56]
C:\AdwCleaner[C36].txt - [3588 octets] - [20/09/2015 11:51:28]
C:\AdwCleaner[C37].txt - [1087 octets] - [21/09/2015 12:32:53]
C:\AdwCleaner[S100].txt - [2993 octets] - [17/09/2015 11:12:32]
C:\AdwCleaner[S101].txt - [3513 octets] - [18/09/2015 12:01:00]
C:\AdwCleaner[S102].txt - [3292 octets] - [19/09/2015 11:15:08]
C:\AdwCleaner[S103].txt - [3422 octets] - [20/09/2015 11:42:00]
C:\AdwCleaner[S104].txt - [3551 octets] - [21/09/2015 12:06:04]
C:\AdwCleaner[S63].txt - [691 octets] - [15/08/2015 12:38:39]
C:\AdwCleaner[S64].txt - [754 octets] - [16/08/2015 12:28:34]
C:\AdwCleaner[S65].txt - [817 octets] - [17/08/2015 12:32:59]
C:\AdwCleaner[S66].txt - [880 octets] - [18/08/2015 12:07:22]
C:\AdwCleaner[S67].txt - [943 octets] - [19/08/2015 12:04:59]
C:\AdwCleaner[S68].txt - [1006 octets] - [20/08/2015 12:19:03]
C:\AdwCleaner[S69].txt - [1071 octets] - [21/08/2015 12:17:27]
C:\AdwCleaner[S70].txt - [1471 octets] - [22/08/2015 12:29:06]
C:\AdwCleaner[S71].txt - [1264 octets] - [23/08/2015 11:45:12]
C:\AdwCleaner[S72].txt - [1328 octets] - [24/08/2015 12:24:25]
C:\AdwCleaner[S73].txt - [1392 octets] - [25/08/2015 12:31:48]
C:\AdwCleaner[S74].txt - [1456 octets] - [26/08/2015 12:07:50]
C:\AdwCleaner[S76].txt - [1520 octets] - [27/08/2015 12:14:20]
C:\AdwCleaner[S77].txt - [1584 octets] - [28/08/2015 12:32:29]
C:\AdwCleaner[S78].txt - [1648 octets] - [29/08/2015 12:46:51]
C:\AdwCleaner[S79].txt - [1712 octets] - [30/08/2015 12:32:00]
C:\AdwCleaner[S80].txt - [1776 octets] - [31/08/2015 12:30:36]
C:\AdwCleaner[S81].txt - [1840 octets] - [01/09/2015 12:22:29]
C:\AdwCleaner[S82].txt - [1904 octets] - [02/09/2015 12:13:51]
C:\AdwCleaner[S84].txt - [1968 octets] - [03/09/2015 12:14:37]
C:\AdwCleaner[S85].txt - [2032 octets] - [04/09/2015 12:30:28]
C:\AdwCleaner[S86].txt - [2096 octets] - [04/09/2015 12:32:14]
C:\AdwCleaner[S87].txt - [2160 octets] - [05/09/2015 12:23:23]
C:\AdwCleaner[S88].txt - [2224 octets] - [06/09/2015 12:01:04]
C:\AdwCleaner[S89].txt - [2288 octets] - [07/09/2015 11:59:58]
C:\AdwCleaner[S91].txt - [2468 octets] - [08/09/2015 12:15:35]
C:\AdwCleaner[S92].txt - [2480 octets] - [09/09/2015 12:19:10]
C:\AdwCleaner[S93].txt - [2544 octets] - [10/09/2015 12:13:50]
C:\AdwCleaner[S94].txt - [2608 octets] - [11/09/2015 12:12:22]
C:\AdwCleaner[S95].txt - [2672 octets] - [12/09/2015 11:27:30]
C:\AdwCleaner[S96].txt - [2736 octets] - [13/09/2015 11:58:36]
C:\AdwCleaner[S97].txt - [2800 octets] - [14/09/2015 11:45:00]
C:\AdwCleaner[S98].txt - [2864 octets] - [15/09/2015 09:41:06]
C:\AdwCleaner[S99].txt - [2928 octets] - [16/09/2015 11:28:35]
 
########## EOF - C:\AdwCleaner[C37].txt - [3647 octets] ##########
 
 
I ran FRST and this is it's results:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Patricia (administrator) on PATRICIA-NTBK (21-09-2015 12:48:29)
Running from C:\Users\Patricia\Downloads
Loaded Profiles: Patricia (Available Profiles: Patricia)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(IObit) C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(© 2015 Microsoft Corporation) C:\Users\Patricia\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-19] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-27] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iFreeUp] => C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe [470304 2015-08-12] (IObit)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5889824 2015-08-04] (IObit)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-28] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-08-21] (IObit)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-05-02] (Apple Inc.)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [BingSvc] => C:\Users\Patricia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-08-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-07-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * SmartDefragBootTime.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{036678AB-F773-44F7-9182-2D725640E4E1}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{c692a1a4-08e0-4c1c-8c51-1ccb7982aa13}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://us.yahoo.com?fr=fp-comodo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll [2014-06-11] (Adblock)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://us.yahoo.com?fr=fpc-comodo
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Coupons Inc., Coupon Printer Manager) - C:\Users\Patricia\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (RealDownloader) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-05-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-21] (IObit)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-19] (Apple Inc.)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-09-04] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
R3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-30] (NVIDIA Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [882464 2015-08-04] (IObit)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-27] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-30] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-30] (NVIDIA Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-09-14] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2015-01-05] (Qualcomm Atheros Communications, Inc.)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-01-15] (Broadcom Corporation.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2013-05-07] (Windows ® Win 7 DDK provider)
R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-04] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-04] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 esgiguard; no ImagePath
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-27] ()
R3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2015-08-04] (IObit)
S0 gqbhjg; no ImagePath
S0 hqmpym; no ImagePath
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-05] (REALiX™)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-12-18] (NVIDIA Corporation)
S0 ofvpmj; no ImagePath
S0 qhpbzs; no ImagePath
S0 qozysh; no ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sjzgxw; no ImagePath
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2015-08-05] (IObit)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-07-13] (Synaptics Incorporated)
S0 tcoifh; no ImagePath
S0 uotote; no ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S0 wayuia; no ImagePath
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
S0 zedltn; no ImagePath
R3 cpuz137; \??\C:\Users\Patricia\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-21 12:48 - 2015-09-21 12:48 - 00021771 _____ C:\Users\Patricia\Downloads\FRST.txt
2015-09-21 12:47 - 2015-09-21 12:47 - 02191360 _____ (Farbar) C:\Users\Patricia\Downloads\FRST64.exe
2015-09-21 12:36 - 2015-09-21 12:36 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\ProductData
2015-09-21 12:35 - 2015-09-21 12:35 - 00000000 ____D C:\ProgramData\ProductData
2015-09-21 12:34 - 2015-09-21 12:34 - 00000077 _____ C:\WINDOWS\setupact.log
2015-09-21 12:34 - 2015-09-21 12:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-21 12:33 - 2015-09-21 12:33 - 00000540 _____ C:\WINDOWS\PFRO.log
2015-09-21 12:32 - 2015-09-21 12:32 - 00003717 _____ C:\AdwCleaner[C37].txt
2015-09-21 12:26 - 2015-09-21 12:26 - 05012880 _____ (Adobe Systems Inc.) C:\Users\Patricia\Downloads\Shockwave_Installer_Slim.exe
2015-09-21 12:06 - 2015-09-21 12:07 - 00003551 _____ C:\AdwCleaner[S104].txt
2015-09-20 11:54 - 2015-09-20 13:00 - 00000312 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Patricia.job
2015-09-20 11:54 - 2015-09-20 11:54 - 00002418 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Patricia
2015-09-20 11:51 - 2015-09-20 11:51 - 00003588 _____ C:\AdwCleaner[C36].txt
2015-09-20 11:42 - 2015-09-20 11:43 - 00003422 _____ C:\AdwCleaner[S103].txt
2015-09-19 23:50 - 2015-09-19 23:50 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-19 23:50 - 2015-09-19 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-19 23:49 - 2015-09-19 23:50 - 00000000 ____D C:\Program Files\iTunes
2015-09-19 23:49 - 2015-09-19 23:49 - 00000000 ____D C:\Program Files\iPod
2015-09-19 23:49 - 2015-09-19 23:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-19 23:46 - 2015-09-19 23:46 - 00000000 ____D C:\Program Files\Bonjour
2015-09-19 23:46 - 2015-09-19 23:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-19 23:45 - 2015-09-19 23:45 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-19 23:45 - 2015-09-19 23:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-19 23:45 - 2015-09-19 23:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-19 11:17 - 2015-09-19 11:18 - 00003458 _____ C:\AdwCleaner[C35].txt
2015-09-19 11:15 - 2015-09-19 11:16 - 00003292 _____ C:\AdwCleaner[S102].txt
2015-09-18 13:13 - 2015-09-18 13:13 - 00003703 _____ C:\AdwCleaner[C34].txt
2015-09-18 12:01 - 2015-09-18 12:02 - 00003513 _____ C:\AdwCleaner[S101].txt
2015-09-18 11:46 - 2015-09-18 11:46 - 00001404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller.lnk
2015-09-18 11:46 - 2015-09-18 11:46 - 00001392 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-09-17 16:57 - 2015-09-21 12:35 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 16:57 - 2015-09-17 16:57 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 11:18 - 2015-09-17 11:18 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-09-17 11:18 - 2015-09-17 11:18 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-09-17 11:18 - 2015-09-17 11:18 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-09-17 11:18 - 2015-09-17 11:18 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-09-17 11:18 - 2015-09-17 11:18 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-09-17 11:18 - 2015-09-17 11:18 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-09-17 11:18 - 2015-09-17 11:18 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-09-17 11:18 - 2015-09-17 11:18 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-09-17 11:17 - 2015-09-17 11:17 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-09-17 11:17 - 2015-09-17 11:17 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 07460168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-17 11:15 - 2015-09-17 11:15 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 01658544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-17 11:15 - 2015-09-17 11:15 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-17 11:15 - 2015-09-17 11:15 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-17 11:15 - 2015-09-17 11:15 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-17 11:15 - 2015-09-17 11:15 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-09-17 11:14 - 2015-09-17 11:14 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-09-17 11:12 - 2015-09-17 11:13 - 00002993 _____ C:\AdwCleaner[S100].txt
2015-09-17 11:12 - 2015-09-17 11:12 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 11:28 - 2015-09-16 11:29 - 00002928 _____ C:\AdwCleaner[S99].txt
2015-09-15 09:41 - 2015-09-15 09:42 - 00002864 _____ C:\AdwCleaner[S98].txt
2015-09-14 12:17 - 2015-09-14 12:17 - 00001305 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2015-09-14 12:16 - 2015-09-14 12:16 - 09470040 _____ (IObit ) C:\Users\Patricia\Downloads\sm8-setup.exe
2015-09-14 11:45 - 2015-09-14 11:46 - 00002800 _____ C:\AdwCleaner[S97].txt
2015-09-13 11:58 - 2015-09-13 11:59 - 00002736 _____ C:\AdwCleaner[S96].txt
2015-09-12 11:27 - 2015-09-12 11:29 - 00002672 _____ C:\AdwCleaner[S95].txt
2015-09-11 14:38 - 2015-09-11 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-09-11 14:38 - 2015-09-11 14:38 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2015-09-11 12:12 - 2015-09-11 12:13 - 00002608 _____ C:\AdwCleaner[S94].txt
2015-09-10 12:13 - 2015-09-10 12:14 - 00002544 _____ C:\AdwCleaner[S93].txt
2015-09-09 13:11 - 2015-09-09 13:11 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 13:10 - 2015-09-09 13:10 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:06 - 2015-09-09 13:07 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:06 - 2015-09-09 13:06 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:06 - 2015-09-09 13:06 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:06 - 2015-09-09 13:06 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:05 - 2015-09-09 13:06 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:05 - 2015-09-09 13:05 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:05 - 2015-09-09 13:05 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:04 - 2015-09-09 13:04 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:04 - 2015-09-09 13:04 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:04 - 2015-09-09 13:04 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 12:54 - 2015-09-09 12:54 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 12:54 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 12:54 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 12:54 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 12:54 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 12:54 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 12:54 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 12:54 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 12:54 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 12:54 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 12:54 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 12:54 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 12:54 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 12:54 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 12:54 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 12:54 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 12:54 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 12:54 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 12:54 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 12:54 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 12:54 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 12:19 - 2015-09-09 12:20 - 00002480 _____ C:\AdwCleaner[S92].txt
2015-09-08 12:28 - 2015-09-08 12:28 - 00002628 _____ C:\AdwCleaner[C33].txt
2015-09-08 12:15 - 2015-09-08 12:17 - 00002468 _____ C:\AdwCleaner[S91].txt
2015-09-07 18:21 - 2015-09-03 07:52 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-07 18:21 - 2015-09-03 07:52 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-09-07 11:59 - 2015-09-07 12:01 - 00002288 _____ C:\AdwCleaner[S89].txt
2015-09-06 12:01 - 2015-09-06 12:01 - 00002224 _____ C:\AdwCleaner[S88].txt
2015-09-05 12:23 - 2015-09-05 12:24 - 00002160 _____ C:\AdwCleaner[S87].txt
2015-09-04 13:56 - 2015-09-04 13:56 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-04 13:56 - 2015-09-04 13:56 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-04 13:56 - 2015-09-04 13:56 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-04 12:32 - 2015-09-04 12:33 - 00002096 _____ C:\AdwCleaner[S86].txt
2015-09-04 12:30 - 2015-09-04 12:31 - 00002032 _____ C:\AdwCleaner[S85].txt
2015-09-03 12:14 - 2015-09-03 12:15 - 00001968 _____ C:\AdwCleaner[S84].txt
2015-09-02 12:13 - 2015-09-02 12:14 - 00001904 _____ C:\AdwCleaner[S82].txt
2015-09-01 12:22 - 2015-09-01 12:23 - 00001840 _____ C:\AdwCleaner[S81].txt
2015-08-31 12:30 - 2015-08-31 12:31 - 00001776 _____ C:\AdwCleaner[S80].txt
2015-08-30 12:32 - 2015-08-30 12:33 - 00001712 _____ C:\AdwCleaner[S79].txt
2015-08-29 17:24 - 2015-08-29 17:25 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Patricia\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-29 12:46 - 2015-08-29 12:48 - 00001648 _____ C:\AdwCleaner[S78].txt
2015-08-28 13:01 - 2015-08-28 12:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-28 13:00 - 2015-08-28 13:00 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\Sun
2015-08-28 13:00 - 2015-08-28 13:00 - 00000000 ____D C:\Users\Patricia\.oracle_jre_usage
2015-08-28 12:32 - 2015-08-28 12:33 - 00001584 _____ C:\AdwCleaner[S77].txt
2015-08-27 17:53 - 2015-08-27 17:53 - 00000000 ____D C:\$WINDOWS.~BT
2015-08-27 17:17 - 2015-08-27 17:17 - 00000000 ___HD C:\$Windows.~WS
2015-08-27 12:14 - 2015-08-27 12:15 - 00001520 _____ C:\AdwCleaner[S76].txt
2015-08-26 12:07 - 2015-08-26 12:09 - 00001456 _____ C:\AdwCleaner[S74].txt
2015-08-25 12:31 - 2015-08-25 12:33 - 00001392 _____ C:\AdwCleaner[S73].txt
2015-08-24 12:24 - 2015-08-24 12:25 - 00001328 _____ C:\AdwCleaner[S72].txt
2015-08-23 11:45 - 2015-08-23 11:46 - 00001264 _____ C:\AdwCleaner[S71].txt
2015-08-22 20:33 - 2015-08-22 20:35 - 3333357568 _____ C:\Users\Patricia\Downloads\Windows10Pro.iso
2015-08-22 19:51 - 2015-08-22 19:51 - 00001863 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-22 19:51 - 2015-08-22 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-22 19:50 - 2015-08-22 19:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-22 18:57 - 2015-08-22 18:57 - 19648448 _____ (Microsoft Corporation) C:\Users\Patricia\Downloads\MediaCreationToolx64.exe
2015-08-22 12:41 - 2015-08-22 12:42 - 00001644 _____ C:\AdwCleaner[C32].txt
2015-08-22 12:29 - 2015-08-22 12:30 - 00001471 _____ C:\AdwCleaner[S70].txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-21 12:48 - 2014-07-16 15:26 - 00000000 ____D C:\FRST
2015-09-21 12:47 - 2014-04-02 12:19 - 00075316 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-21 12:43 - 2013-11-24 08:14 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-21 12:38 - 2013-05-21 17:00 - 00000000 ___DO C:\Users\Patricia\SkyDrive
2015-09-21 12:34 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-21 12:33 - 2013-10-30 15:19 - 01462987 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-21 12:33 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-09-21 12:01 - 2014-07-16 19:26 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-21 12:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-21 11:52 - 2013-11-04 17:51 - 00000000 ____D C:\ProgramData\firebird
2015-09-20 15:48 - 2013-10-31 13:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F775F81-E168-4AA5-A419-945C9D30B7A7}
2015-09-20 12:11 - 2012-11-05 16:50 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3195494261-1546193897-3199345644-1001
2015-09-19 23:49 - 2012-11-05 18:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-19 23:46 - 2015-08-12 16:03 - 00096528 _____ (Apple Inc.) C:\WINDOWS\system32\dns-sd.exe
2015-09-19 23:46 - 2015-08-12 16:03 - 00084240 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\dns-sd.exe
2015-09-19 11:38 - 2013-10-30 16:43 - 164167680 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2015-09-19 11:38 - 2013-10-30 16:43 - 06107136 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2015-09-19 11:38 - 2013-10-30 16:43 - 00069632 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-09-19 11:38 - 2013-10-30 16:43 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-09-18 11:46 - 2012-11-05 17:06 - 00000000 ____D C:\ProgramData\IObit
2015-09-17 16:57 - 2015-05-16 14:40 - 00003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 16:57 - 2012-11-05 17:15 - 00003906 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 13:28 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-17 13:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-17 11:34 - 2013-09-30 00:15 - 01172596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-17 11:18 - 2015-08-21 13:24 - 00002213 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2015-09-17 11:18 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-14 19:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-14 12:17 - 2015-01-05 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-09-11 14:38 - 2015-07-06 16:24 - 00000000 ____D C:\ProgramData\FitbitConnect
2015-09-11 14:38 - 2015-06-13 17:34 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-11 14:38 - 2015-05-29 11:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-09-10 16:17 - 2012-08-29 04:51 - 00000000 ____D C:\Users\Patricia\AppData\Local\Google
2015-09-10 12:03 - 2013-08-22 10:44 - 00414824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 00:05 - 2013-09-29 23:55 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 00:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 13:56 - 2012-11-05 18:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 13:35 - 2013-07-12 03:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 13:21 - 2012-12-13 23:47 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-09-09 12:05 - 2015-03-16 13:50 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-08-29 22:01 - 2013-12-03 13:25 - 00000000 ____D C:\CCE_Quarantine
2015-08-28 13:05 - 2013-10-25 15:21 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 13:00 - 2014-11-04 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 13:00 - 2013-10-30 15:24 - 00000000 ____D C:\Users\Patricia
2015-08-28 12:58 - 2013-02-15 11:15 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 17:53 - 2013-10-30 19:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-22 20:10 - 2013-10-30 15:24 - 00030483 _____ C:\WINDOWS\diagwrn.xml
2015-08-22 20:10 - 2013-10-30 15:24 - 00030483 _____ C:\WINDOWS\diagerr.xml
2015-08-22 12:41 - 2015-03-23 23:15 - 00000000 ____D C:\AdwCleaner
 
==================== Files in the root of some directories =======
 
2013-05-21 17:33 - 2013-05-21 17:33 - 0000288 _____ () C:\Users\Patricia\AppData\Roaming\.backup.dm
2012-11-07 15:29 - 2012-11-07 15:31 - 0007680 _____ () C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-25 13:33 - 2015-03-25 13:33 - 0000017 _____ () C:\Users\Patricia\AppData\Local\resmon.resmoncfg
2015-03-23 13:37 - 2015-03-23 13:37 - 0000000 _____ () C:\Users\Patricia\AppData\Local\{E02C31DC-6DAB-4DAC-AECA-2463B01A6EA1}
2015-05-11 12:39 - 2015-05-16 15:06 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-01-14 08:21 - 2014-01-14 08:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-20 12:11
 
==================== End of FRST.txt ============================
 
I run malwarebytes weekly; Antispyware every day; Maware Fighter about twice an week; and Comdo runs 3 times a week and all of them have not detected anything.
 
 
 


BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 21 September 2015 - 02:45 PM

Hello dumbgeek and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
================================================================================================
 
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:

if they are still present,

IObit\Advanced SystemCare 8
IObit Malware Fighter
IObit Uninstaller
Smart Defrag 4

 
And PC  restart.
------------------------------------------------------------------------------------------

 

Step1:

Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search, then Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3:

Please download Malwarebytes Anti-Malware and save it to your desktop.

  • Double-click mbam-setup-2.1.4.1018.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Already installed:
Threat Scan

  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export.
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.

Step 4:

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

 
Ashampoo_Snap_20140927_13h17m38s_001_Far
 
Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 dumbgeek

dumbgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 21 September 2015 - 05:45 PM

1. AdwCleaner:

 

# AdwCleaner v5.008 - Logfile created 21/09/2015 at 16:51:03
# Updated 18/09/2015 by Xplode
# Database : 2015-09-20.1 [Server]
# Operating system : Windows 8.1 Pro with Media Center  (x64)
# Username : Patricia - PATRICIA-NTBK
# Running from : C:\Users\Patricia\Downloads\adwcleaner_5.008.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
Folder Found : C:\ProgramData\productdata
Folder Found : C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
Folder Found : C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
Folder Found : C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A}
Folder Found : C:\Users\Patricia\AppData\Local\Comodo\Chromodo\User Data\Default\Extensions\legfbknehkadhidofibiegmipjkipdpe
Folder Found : C:\Users\Patricia\AppData\Roaming\productdata
 
***** [ Files ] *****
 
File Found : C:\Users\Patricia\AppData\Local\Comodo\Chromodo\User Data\Default\Local Storage\chrome-extension_legfbknehkadhidofibiegmipjkipdpe_0.localstorage
File Found : C:\Users\Patricia\AppData\Local\Comodo\Chromodo\User Data\Default\Local Storage\chrome-extension_legfbknehkadhidofibiegmipjkipdpe_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
[C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : bbmegnmpleoagolcnjnejdacakedpcgd
[C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : cmaiofennmphjldldcpphcechfnnohja
[C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : fopdddcinljmpmioaklghcalngfhbaen
[C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : gkcefkcdkepgkpbgncjchhbjgoanleod
[C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Found : nfengeggddojhakldhlpjdlddgkkjkdd
[C:\Users\Patricia\AppData\Local\Comodo\Chromodo\User Data\Default\Secure Preferences] [Extension] Found : legfbknehkadhidofibiegmipjkipdpe
 
*************************
 
C:\AdwCleaner[C32].txt - [1644 bytes] - [22/08/2015 12:41:59]
C:\AdwCleaner[C33].txt - [2628 bytes] - [08/09/2015 12:28:52]
C:\AdwCleaner[C34].txt - [3703 bytes] - [18/09/2015 13:13:33]
C:\AdwCleaner[C35].txt - [3458 bytes] - [19/09/2015 11:17:56]
C:\AdwCleaner[C36].txt - [3588 bytes] - [20/09/2015 11:51:28]
C:\AdwCleaner[C37].txt - [3717 bytes] - [21/09/2015 12:32:53]
C:\AdwCleaner[S100].txt - [2993 bytes] - [17/09/2015 11:12:32]
C:\AdwCleaner[S101].txt - [3513 bytes] - [18/09/2015 12:01:00]
C:\AdwCleaner[S102].txt - [3292 bytes] - [19/09/2015 11:15:08]
C:\AdwCleaner[S103].txt - [3422 bytes] - [20/09/2015 11:42:00]
C:\AdwCleaner[S104].txt - [3551 bytes] - [21/09/2015 12:06:04]
C:\AdwCleaner[S63].txt - [691 bytes] - [15/08/2015 12:38:39]
C:\AdwCleaner[S64].txt - [754 bytes] - [16/08/2015 12:28:34]
C:\AdwCleaner[S65].txt - [817 bytes] - [17/08/2015 12:32:59]
C:\AdwCleaner[S66].txt - [880 bytes] - [18/08/2015 12:07:22]
C:\AdwCleaner[S67].txt - [943 bytes] - [19/08/2015 12:04:59]
C:\AdwCleaner[S68].txt - [1006 bytes] - [20/08/2015 12:19:03]
C:\AdwCleaner[S69].txt - [1071 bytes] - [21/08/2015 12:17:27]
C:\AdwCleaner[S70].txt - [1471 bytes] - [22/08/2015 12:29:06]
C:\AdwCleaner[S71].txt - [1264 bytes] - [23/08/2015 11:45:12]
C:\AdwCleaner[S72].txt - [1328 bytes] - [24/08/2015 12:24:25]
C:\AdwCleaner[S73].txt - [1392 bytes] - [25/08/2015 12:31:48]
C:\AdwCleaner[S74].txt - [1456 bytes] - [26/08/2015 12:07:50]
C:\AdwCleaner[S76].txt - [1520 bytes] - [27/08/2015 12:14:20]
C:\AdwCleaner[S77].txt - [1584 bytes] - [28/08/2015 12:32:29]
C:\AdwCleaner[S78].txt - [1648 bytes] - [29/08/2015 12:46:51]
C:\AdwCleaner[S79].txt - [1712 bytes] - [30/08/2015 12:32:00]
C:\AdwCleaner[S80].txt - [1776 bytes] - [31/08/2015 12:30:36]
C:\AdwCleaner[S81].txt - [1840 bytes] - [01/09/2015 12:22:29]
C:\AdwCleaner[S82].txt - [1904 bytes] - [02/09/2015 12:13:51]
C:\AdwCleaner[S84].txt - [1968 bytes] - [03/09/2015 12:14:37]
C:\AdwCleaner[S85].txt - [2032 bytes] - [04/09/2015 12:30:28]
C:\AdwCleaner[S86].txt - [2096 bytes] - [04/09/2015 12:32:14]
C:\AdwCleaner[S87].txt - [2160 bytes] - [05/09/2015 12:23:23]
C:\AdwCleaner[S88].txt - [2224 bytes] - [06/09/2015 12:01:04]
C:\AdwCleaner[S89].txt - [2288 bytes] - [07/09/2015 11:59:58]
C:\AdwCleaner[S91].txt - [2468 bytes] - [08/09/2015 12:15:35]
C:\AdwCleaner[S92].txt - [2480 bytes] - [09/09/2015 12:19:10]
C:\AdwCleaner[S93].txt - [2544 bytes] - [10/09/2015 12:13:50]
C:\AdwCleaner[S94].txt - [2608 bytes] - [11/09/2015 12:12:22]
C:\AdwCleaner[S95].txt - [2672 bytes] - [12/09/2015 11:27:30]
C:\AdwCleaner[S96].txt - [2736 bytes] - [13/09/2015 11:58:36]
C:\AdwCleaner[S97].txt - [2800 bytes] - [14/09/2015 11:45:00]
C:\AdwCleaner[S98].txt - [2864 bytes] - [15/09/2015 09:41:06]
C:\AdwCleaner[S99].txt - [2928 bytes] - [16/09/2015 11:28:35]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S105].txt - [5042 bytes] ##########
 
2. JRT.txt:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.2 (09.14.2015:1)
OS: Windows 8.1 Pro with Media Center x64
Ran by Patricia on Mon 09/21/2015 at 17:02:51.15
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (Patricia)
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster SkipUAC (SYSTEM)
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Uninstaller_SkipUac_Administrator
Successfully deleted: [Task] C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] C:\Program Files (x86)\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\iobit\driver booster
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\Users\Patricia\AppData\Roaming\iobit\driver booster
Successfully deleted: [Folder] C:\Users\Patricia\AppData\Roaming\productdata
Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers
 
 
 
~~~ Chrome
 
 
[C:\Users\Patricia\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
 
[C:\Users\Patricia\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
fopdddcinljmpmioaklghcalngfhbaen
 
[C:\Users\Patricia\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
 
[C:\Users\Patricia\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/21/2015 at 17:23:28.21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
3. Mbam log:
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 9/21/2015
Scan Time: 5:25 PM
Logfile: mbam-log-2015-09-21(17-25-19).txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.09.21.07
Rootkit Database: v2015.09.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Patricia
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 425569
Time Elapsed: 41 min, 53 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
4.  a. FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by Patricia (administrator) on PATRICIA-NTBK (21-09-2015 18:15:16)
Running from C:\Users\Patricia\Downloads
Loaded Profiles: Patricia (Available Profiles: Patricia)
Platform: Windows 8.1 Pro with Media Center (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: "C:\Program Files (x86)\Comodo\Chromodo\chromodo.exe" -- "%1")
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Comodo) C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
(Comodo) C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(IObit) C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(IObit) C:\Program Files (x86)\IObit\Start Menu 8\InstallServices.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(© 2015 Microsoft Corporation) C:\Users\Patricia\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17709_none_fa7932f59afc2e40\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-08-06] (COMODO)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-19] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2620728 2015-07-27] (Malwarebytes Corporation)
HKLM-x32\...\Run: [iFreeUp] => C:\Program Files (x86)\IObit\iFreeUp\iFreeUpMini.exe [470304 2015-08-12] (IObit)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-22] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-28] (Oracle Corporation)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7930136 2015-07-31] (SUPERAntiSpyware)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-05-02] (Apple Inc.)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [BingSvc] => C:\Users\Patricia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-08-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-07-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{036678AB-F773-44F7-9182-2D725640E4E1}: [NameServer] 208.67.222.222,208.67.220.220
Tcpip\..\Interfaces\{c692a1a4-08e0-4c1c-8c51-1ccb7982aa13}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.msn.com/
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://us.yahoo.com?fr=fp-comodo
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://us.yahoo.com?fr=fp-comodo
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = hxxp://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2012-11-29] (RealDownloader)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-28] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-04-30] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-28] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1220162.dll [2015-08-31] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-28] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.0 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll [2012-11-29] (RealNetworks, Inc.)
FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll [2012-11-29] (RealDownloader)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://us.yahoo.com?fr=fpc-comodo
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Plugin: (Coupons Inc., Coupon Printer Manager) - C:\Users\Patricia\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Profile: C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Bookmark Manager) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (RealDownloader) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-02-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Users\Patricia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-06]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2012-11-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2015-05-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-09-28] (ArcSoft Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-19] (Apple Inc.)
R2 ChromodoUpdater; C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe [1998520 2015-09-04] (Comodo)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5542472 2015-09-07] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-08-06] (COMODO)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1994936 2015-06-26] (Comodo)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
S3 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-03-30] (NVIDIA Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-30] (IObit)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [713016 2015-07-27] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-03-30] (NVIDIA Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-03-30] (NVIDIA Corporation)
S3 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [38608 2012-11-29] ()
R2 StartMenuService; C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe [1055008 2015-09-14] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-08-12] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-08-12] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3855872 2015-01-05] (Qualcomm Atheros Communications, Inc.)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2015-01-15] (Broadcom Corporation.)
R1 CFRMD; C:\Windows\System32\DRIVERS\CFRMD.sys [40224 2013-05-07] (Windows ® Win 7 DDK provider)
R1 CFRMD; C:\Windows\SysWOW64\DRIVERS\CFRMD.sys [40224 2012-09-21] (Windows ® Win 7 DDK provider)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [21720 2015-08-04] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [827632 2015-08-04] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-08-04] (COMODO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 esgiguard; no ImagePath
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-07-27] ()
S0 gqbhjg; no ImagePath
S0 hqmpym; no ImagePath
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-05] (REALiX™)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [127232 2015-08-04] (COMODO)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-03-27] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2014-12-18] (NVIDIA Corporation)
S0 ofvpmj; no ImagePath
S0 qhpbzs; no ImagePath
S0 qozysh; no ImagePath
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sjzgxw; no ImagePath
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33448 2015-07-13] (Synaptics Incorporated)
S0 tcoifh; no ImagePath
S0 uotote; no ImagePath
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
S0 wayuia; no ImagePath
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-08-12] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-08-12] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-08-12] (Microsoft Corporation)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295216 2013-06-18] (Marvell)
S0 zedltn; no ImagePath
S3 cpuz137; \??\C:\Users\Patricia\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-21 18:15 - 2015-09-21 18:15 - 00019142 _____ C:\Users\Patricia\Downloads\FRST.txt
2015-09-21 18:13 - 2015-09-21 18:14 - 00000000 ____D C:\ProgramData\ProductData
2015-09-21 17:23 - 2015-09-21 17:23 - 00002116 _____ C:\Users\Patricia\Desktop\JRT.txt
2015-09-21 16:52 - 2015-09-21 16:52 - 01798976 _____ (Malwarebytes) C:\Users\Patricia\Downloads\JRT.exe
2015-09-21 16:48 - 2015-09-21 16:48 - 01662976 _____ C:\Users\Patricia\Downloads\adwcleaner_5.008.exe
2015-09-21 12:47 - 2015-09-21 12:47 - 02191360 _____ (Farbar) C:\Users\Patricia\Downloads\FRST64.exe
2015-09-21 12:34 - 2015-09-21 18:13 - 00000308 _____ C:\WINDOWS\setupact.log
2015-09-21 12:34 - 2015-09-21 12:34 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-09-21 12:33 - 2015-09-21 16:39 - 00001764 _____ C:\WINDOWS\PFRO.log
2015-09-21 12:32 - 2015-09-21 12:32 - 00003717 _____ C:\AdwCleaner[C37].txt
2015-09-21 12:26 - 2015-09-21 12:26 - 05012880 _____ (Adobe Systems Inc.) C:\Users\Patricia\Downloads\Shockwave_Installer_Slim.exe
2015-09-21 12:06 - 2015-09-21 12:07 - 00003551 _____ C:\AdwCleaner[S104].txt
2015-09-20 11:51 - 2015-09-20 11:51 - 00003588 _____ C:\AdwCleaner[C36].txt
2015-09-20 11:42 - 2015-09-20 11:43 - 00003422 _____ C:\AdwCleaner[S103].txt
2015-09-19 23:50 - 2015-09-19 23:50 - 00001765 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-09-19 23:50 - 2015-09-19 23:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-09-19 23:49 - 2015-09-19 23:50 - 00000000 ____D C:\Program Files\iTunes
2015-09-19 23:49 - 2015-09-19 23:49 - 00000000 ____D C:\Program Files\iPod
2015-09-19 23:49 - 2015-09-19 23:49 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-09-19 23:46 - 2015-09-19 23:46 - 00000000 ____D C:\Program Files\Bonjour
2015-09-19 23:46 - 2015-09-19 23:46 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-09-19 23:45 - 2015-09-19 23:45 - 00002579 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-09-19 23:45 - 2015-09-19 23:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-09-19 23:45 - 2015-09-19 23:45 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-09-19 11:17 - 2015-09-19 11:18 - 00003458 _____ C:\AdwCleaner[C35].txt
2015-09-19 11:15 - 2015-09-19 11:16 - 00003292 _____ C:\AdwCleaner[S102].txt
2015-09-18 13:13 - 2015-09-18 13:13 - 00003703 _____ C:\AdwCleaner[C34].txt
2015-09-18 12:01 - 2015-09-18 12:02 - 00003513 _____ C:\AdwCleaner[S101].txt
2015-09-17 16:57 - 2015-09-21 18:13 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-17 16:57 - 2015-09-17 16:57 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-17 11:18 - 2015-09-17 11:18 - 01084928 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-09-17 11:18 - 2015-09-17 11:18 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-09-17 11:18 - 2015-09-17 11:18 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-09-17 11:18 - 2015-09-17 11:18 - 00669184 _____ (Microsoft Corporation) C:\WINDOWS\system32\hhctrl.ocx
2015-09-17 11:18 - 2015-09-17 11:18 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-09-17 11:18 - 2015-09-17 11:18 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hhctrl.ocx
2015-09-17 11:18 - 2015-09-17 11:18 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-09-17 11:18 - 2015-09-17 11:18 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-09-17 11:17 - 2015-09-17 11:17 - 04710400 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-09-17 11:17 - 2015-09-17 11:17 - 04068352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 07460168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-09-17 11:15 - 2015-09-17 11:15 - 01736520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 01658544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-09-17 11:15 - 2015-09-17 11:15 - 01519592 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-09-17 11:15 - 2015-09-17 11:15 - 01499920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 01487008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-09-17 11:15 - 2015-09-17 11:15 - 01355848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-09-17 11:15 - 2015-09-17 11:15 - 01134752 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 00686960 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2015-09-17 11:15 - 2015-09-17 11:15 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2015-09-17 11:14 - 2015-09-17 11:14 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdAutoSetup.dll
2015-09-17 11:12 - 2015-09-17 11:13 - 00002993 _____ C:\AdwCleaner[S100].txt
2015-09-17 11:12 - 2015-09-17 11:12 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-17 11:12 - 2015-09-17 11:12 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-16 11:28 - 2015-09-16 11:29 - 00002928 _____ C:\AdwCleaner[S99].txt
2015-09-15 09:41 - 2015-09-15 09:42 - 00002864 _____ C:\AdwCleaner[S98].txt
2015-09-14 12:17 - 2015-09-14 12:17 - 00001305 _____ C:\Users\Public\Desktop\Start Menu 8.lnk
2015-09-14 12:16 - 2015-09-14 12:16 - 09470040 _____ (IObit ) C:\Users\Patricia\Downloads\sm8-setup.exe
2015-09-14 11:45 - 2015-09-14 11:46 - 00002800 _____ C:\AdwCleaner[S97].txt
2015-09-13 11:58 - 2015-09-13 11:59 - 00002736 _____ C:\AdwCleaner[S96].txt
2015-09-12 11:27 - 2015-09-12 11:29 - 00002672 _____ C:\AdwCleaner[S95].txt
2015-09-11 14:38 - 2015-09-11 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-09-11 14:38 - 2015-09-11 14:38 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2015-09-11 12:12 - 2015-09-11 12:13 - 00002608 _____ C:\AdwCleaner[S94].txt
2015-09-10 12:13 - 2015-09-10 12:14 - 00002544 _____ C:\AdwCleaner[S93].txt
2015-09-09 13:11 - 2015-09-09 13:11 - 02531400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 01903848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-09-09 13:11 - 2015-09-09 13:11 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll
2015-09-09 13:10 - 2015-09-09 13:10 - 25188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 13:06 - 2015-09-09 13:07 - 19856384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 13:06 - 2015-09-09 13:06 - 14451712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 13:06 - 2015-09-09 13:06 - 12857344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 13:06 - 2015-09-09 13:06 - 05923840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-09-09 13:05 - 2015-09-09 13:06 - 04520448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-09-09 13:05 - 2015-09-09 13:05 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 13:05 - 2015-09-09 13:05 - 02427392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 02279424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 02126336 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-09-09 13:04 - 2015-09-09 13:04 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-09-09 13:04 - 2015-09-09 13:04 - 01951232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 01545728 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 01310720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-09-09 13:04 - 2015-09-09 13:04 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00504832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-09-09 13:04 - 2015-09-09 13:04 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-09-09 13:03 - 2015-09-09 13:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-09-09 12:54 - 2015-09-09 12:54 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2015-09-09 12:54 - 2015-09-01 22:56 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-09-09 12:54 - 2015-09-01 22:55 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 12:54 - 2015-09-01 22:50 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 12:54 - 2015-09-01 22:17 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 12:54 - 2015-09-01 22:13 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-09 12:54 - 2015-08-03 17:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2015-09-09 12:54 - 2015-08-01 10:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2015-09-09 12:54 - 2015-07-31 23:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe
2015-09-09 12:54 - 2015-07-31 23:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe
2015-09-09 12:54 - 2015-07-31 23:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 12:54 - 2015-07-31 23:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-09-09 12:54 - 2015-07-31 23:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-09-09 12:54 - 2015-07-22 10:34 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 12:54 - 2015-07-22 10:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 12:54 - 2015-07-22 10:25 - 02461184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 12:54 - 2015-07-22 10:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 12:54 - 2015-07-18 14:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 12:54 - 2015-07-18 14:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 12:54 - 2015-07-18 14:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 12:54 - 2015-07-18 14:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 12:19 - 2015-09-09 12:20 - 00002480 _____ C:\AdwCleaner[S92].txt
2015-09-08 12:28 - 2015-09-08 12:28 - 00002628 _____ C:\AdwCleaner[C33].txt
2015-09-08 12:15 - 2015-09-08 12:17 - 00002468 _____ C:\AdwCleaner[S91].txt
2015-09-07 18:21 - 2015-09-03 07:52 - 00579408 _____ (COMODO) C:\WINDOWS\system32\guard64.dll
2015-09-07 18:21 - 2015-09-03 07:52 - 00445472 _____ (COMODO) C:\WINDOWS\SysWOW64\guard32.dll
2015-09-07 11:59 - 2015-09-07 12:01 - 00002288 _____ C:\AdwCleaner[S89].txt
2015-09-06 12:01 - 2015-09-06 12:01 - 00002224 _____ C:\AdwCleaner[S88].txt
2015-09-05 12:23 - 2015-09-05 12:24 - 00002160 _____ C:\AdwCleaner[S87].txt
2015-09-04 13:56 - 2015-09-04 13:56 - 03705344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 02240512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00721920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-09-04 13:56 - 2015-09-04 13:56 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-09-04 13:56 - 2015-09-04 13:56 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-09-04 13:56 - 2015-09-04 13:56 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-09-04 12:32 - 2015-09-04 12:33 - 00002096 _____ C:\AdwCleaner[S86].txt
2015-09-04 12:30 - 2015-09-04 12:31 - 00002032 _____ C:\AdwCleaner[S85].txt
2015-09-03 12:14 - 2015-09-03 12:15 - 00001968 _____ C:\AdwCleaner[S84].txt
2015-09-02 12:13 - 2015-09-02 12:14 - 00001904 _____ C:\AdwCleaner[S82].txt
2015-09-01 12:22 - 2015-09-01 12:23 - 00001840 _____ C:\AdwCleaner[S81].txt
2015-08-31 12:30 - 2015-08-31 12:31 - 00001776 _____ C:\AdwCleaner[S80].txt
2015-08-30 12:32 - 2015-08-30 12:33 - 00001712 _____ C:\AdwCleaner[S79].txt
2015-08-29 17:24 - 2015-08-29 17:25 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Patricia\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-29 12:46 - 2015-08-29 12:48 - 00001648 _____ C:\AdwCleaner[S78].txt
2015-08-28 13:01 - 2015-08-28 12:59 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-08-28 13:00 - 2015-08-28 13:00 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\Sun
2015-08-28 13:00 - 2015-08-28 13:00 - 00000000 ____D C:\Users\Patricia\.oracle_jre_usage
2015-08-28 12:32 - 2015-08-28 12:33 - 00001584 _____ C:\AdwCleaner[S77].txt
2015-08-27 17:53 - 2015-08-27 17:53 - 00000000 ____D C:\$WINDOWS.~BT
2015-08-27 17:17 - 2015-08-27 17:17 - 00000000 ___HD C:\$Windows.~WS
2015-08-27 12:14 - 2015-08-27 12:15 - 00001520 _____ C:\AdwCleaner[S76].txt
2015-08-26 12:07 - 2015-08-26 12:09 - 00001456 _____ C:\AdwCleaner[S74].txt
2015-08-25 12:31 - 2015-08-25 12:33 - 00001392 _____ C:\AdwCleaner[S73].txt
2015-08-24 12:24 - 2015-08-24 12:25 - 00001328 _____ C:\AdwCleaner[S72].txt
2015-08-23 11:45 - 2015-08-23 11:46 - 00001264 _____ C:\AdwCleaner[S71].txt
2015-08-22 20:33 - 2015-08-22 20:35 - 3333357568 _____ C:\Users\Patricia\Downloads\Windows10Pro.iso
2015-08-22 19:51 - 2015-08-22 19:51 - 00001863 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2015-08-22 19:51 - 2015-08-22 19:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-08-22 19:50 - 2015-08-22 19:51 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-08-22 18:57 - 2015-08-22 18:57 - 19648448 _____ (Microsoft Corporation) C:\Users\Patricia\Downloads\MediaCreationToolx64.exe
2015-08-22 12:41 - 2015-08-22 12:42 - 00001644 _____ C:\AdwCleaner[C32].txt
2015-08-22 12:29 - 2015-08-22 12:30 - 00001471 _____ C:\AdwCleaner[S70].txt
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-21 18:15 - 2014-07-16 15:26 - 00000000 ____D C:\FRST
2015-09-21 18:14 - 2013-05-21 17:00 - 00000000 __RDO C:\Users\Patricia\SkyDrive
2015-09-21 18:14 - 2012-11-05 16:50 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3195494261-1546193897-3199345644-1001
2015-09-21 18:13 - 2013-10-30 15:24 - 00000000 ____D C:\Users\Patricia
2015-09-21 18:13 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-21 18:12 - 2014-07-16 15:28 - 00022130 _____ C:\Users\Patricia\Downloads\Addition.txt
2015-09-21 18:00 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-21 17:25 - 2014-07-16 19:26 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-21 17:19 - 2013-10-30 15:19 - 01513023 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-21 17:10 - 2012-11-05 17:06 - 00000000 ____D C:\Users\Patricia\AppData\Roaming\IObit
2015-09-21 17:10 - 2012-11-05 17:06 - 00000000 ____D C:\ProgramData\IObit
2015-09-21 17:10 - 2012-11-05 17:06 - 00000000 ____D C:\Program Files (x86)\IObit
2015-09-21 16:56 - 2013-08-22 09:25 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-09-21 16:55 - 2015-03-23 23:15 - 00000000 ____D C:\AdwCleaner
2015-09-21 16:50 - 2015-08-09 13:43 - 00001254 _____ C:\Users\Patricia\Desktop\AdwCleaner.lnk
2015-09-21 16:38 - 2014-04-02 12:19 - 00075690 _____ C:\WINDOWS\system32\Drivers\fvstore.dat
2015-09-21 16:33 - 2013-11-24 08:14 - 01474832 _____ C:\WINDOWS\system32\Drivers\sfi.dat
2015-09-21 16:29 - 2013-10-31 13:42 - 00003958 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8F775F81-E168-4AA5-A419-945C9D30B7A7}
2015-09-21 11:52 - 2013-11-04 17:51 - 00000000 ____D C:\ProgramData\firebird
2015-09-19 23:49 - 2012-11-05 18:18 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-09-19 23:46 - 2015-08-12 16:03 - 00096528 _____ (Apple Inc.) C:\WINDOWS\system32\dns-sd.exe
2015-09-19 23:46 - 2015-08-12 16:03 - 00084240 _____ (Apple Inc.) C:\WINDOWS\SysWOW64\dns-sd.exe
2015-09-19 11:38 - 2013-10-30 16:43 - 164167680 _____ C:\WINDOWS\system32\config\SOFTWARE.iodefrag.bak
2015-09-19 11:38 - 2013-10-30 16:43 - 06107136 _____ C:\WINDOWS\system32\config\DEFAULT.iodefrag.bak
2015-09-19 11:38 - 2013-10-30 16:43 - 00069632 _____ C:\WINDOWS\system32\config\SAM.iodefrag.bak
2015-09-19 11:38 - 2013-10-30 16:43 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iodefrag.bak
2015-09-17 16:57 - 2015-05-16 14:40 - 00003670 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-17 16:57 - 2012-11-05 17:15 - 00003906 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-17 13:28 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2015-09-17 13:08 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-17 11:34 - 2013-09-30 00:15 - 01172596 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-09-17 11:18 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-14 19:17 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-14 12:17 - 2015-01-05 13:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
2015-09-11 14:38 - 2015-07-06 16:24 - 00000000 ____D C:\ProgramData\FitbitConnect
2015-09-11 14:38 - 2015-06-13 17:34 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-09-11 14:38 - 2015-05-29 11:59 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-09-10 16:17 - 2012-08-29 04:51 - 00000000 ____D C:\Users\Patricia\AppData\Local\Google
2015-09-10 12:03 - 2013-08-22 10:44 - 00414824 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 00:05 - 2013-09-29 23:55 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 00:05 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-09-09 13:56 - 2012-11-05 18:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-09 13:35 - 2013-07-12 03:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 13:21 - 2012-12-13 23:47 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-09-09 12:05 - 2015-03-16 13:50 - 00000000 ____D C:\Program Files (x86)\Comodo
2015-08-29 22:01 - 2013-12-03 13:25 - 00000000 ____D C:\CCE_Quarantine
2015-08-28 13:05 - 2013-10-25 15:21 - 00000000 ____D C:\ProgramData\Oracle
2015-08-28 13:00 - 2014-11-04 13:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-08-28 12:58 - 2013-02-15 11:15 - 00000000 ____D C:\Program Files (x86)\Java
2015-08-27 17:53 - 2013-10-30 19:16 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-22 20:10 - 2013-10-30 15:24 - 00030483 _____ C:\WINDOWS\diagwrn.xml
2015-08-22 20:10 - 2013-10-30 15:24 - 00030483 _____ C:\WINDOWS\diagerr.xml
 
==================== Files in the root of some directories =======
 
2013-05-21 17:33 - 2013-05-21 17:33 - 0000288 _____ () C:\Users\Patricia\AppData\Roaming\.backup.dm
2012-11-07 15:29 - 2012-11-07 15:31 - 0007680 _____ () C:\Users\Patricia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-25 13:33 - 2015-03-25 13:33 - 0000017 _____ () C:\Users\Patricia\AppData\Local\resmon.resmoncfg
2015-03-23 13:37 - 2015-03-23 13:37 - 0000000 _____ () C:\Users\Patricia\AppData\Local\{E02C31DC-6DAB-4DAC-AECA-2463B01A6EA1}
2015-05-11 12:39 - 2015-05-16 15:06 - 0000040 ___SH () C:\ProgramData\.zreglib
2014-01-14 08:21 - 2014-01-14 08:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Patricia\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
b. Addition.txt:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Patricia (2015-09-21 18:18:54)
Running from C:\Users\Patricia\Downloads
Windows 8.1 Pro with Media Center (X64) (2013-10-30 19:47:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3195494261-1546193897-3199345644-500 - Administrator - Disabled)
Guest (S-1-5-21-3195494261-1546193897-3199345644-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3195494261-1546193897-3199345644-1006 - Limited - Enabled)
Patricia (S-1-5-21-3195494261-1546193897-3199345644-1001 - Administrator - Enabled) => C:\Users\Patricia
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: COMODO Antivirus (Disabled - Up to date) {F25D0092-CDBE-B303-ADB7-88DE8CDECCF5}
AS: Comodo Defense+ (Enabled - Up to date) {493CE176-EB84-BC8D-9707-B3ACF7598648}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: COMODO Firewall (Disabled) {CA6681B7-87D1-B25B-86E8-21EB720D8B8E}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version:  - )
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Digital Editions 3.0 (HKLM-x32\...\Adobe Digital Editions 3.0) (Version: 3.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.0.162 - Adobe Systems, Inc.)
AlphaTRAKer (HKLM-x32\...\{2A06E873-A90E-42C1-AA6B-36D1446DD988}) (Version: 1.0.0.50 - Abbott Animal Health)
Apple Application Support (32-bit) (HKLM-x32\...\{3540ADD5-822B-47FB-B1C2-CD7B2C8E9FEC}) (Version: 4.0.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.278 - ArcSoft)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Chromodo (HKLM-x32\...\Chromodo) (Version: 44.5.7.269 - Comodo)
Codecs for Windows 7 Pack 4.0.5 (HKLM-x32\...\Codecs for Windows 7 Pack) (Version: 4.0.5 - Codecs for Windows 7 Pack)
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 43.3.3.185 - Comodo)
COMODO Internet Security Premium (HKLM\...\{73830292-868E-4C82-9AF5-CCFE2047B6A3}) (Version: 8.2.0.4508 - COMODO Security Solutions Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 2.4 (HKLM-x32\...\Driver Booster_is1) (Version: 2.4 - IObit)
EPSON NX430 Series Printer Uninstall (HKLM\...\EPSON NX430 Series) (Version:  - SEIKO EPSON Corporation)
Evernote v. 5.8.6 (HKLM-x32\...\{FEDC7C10-EF67-11E4-9B07-00505695D7B0}) (Version: 5.8.6.7519 - Evernote Corp.)
Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.93 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
iFreeUp 1.0 (HKLM-x32\...\iFreeUp_is1) (Version: 1.0.11 - IObit)
iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
LAV Filters 0.65 (HKLM-x32\...\lavfilters_is1) (Version: 0.65 - Hendrik Leppkes)
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft - 1.6.2 Packages (HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Minecraft - 1.6.2 Packages) (Version:  - ) <==== ATTENTION
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Netflix in Windows Media Center (HKLM-x32\...\{0CA72D12-F6C6-4D43-A2A0-41F5AA17E2B6}) (Version: 3.3.101.0 - Microsoft Corporation)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.6.9575 - Barnesandnoble.com)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA GeForce Experience 2.4.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.1.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OLYMPUS Digital Camera Updater (HKLM-x32\...\{2A9E8F56-C31B-4DBB-BFE2-0F4EC8192355}) (Version: 1.0.3 - OLYMPUS IMAGING CORP.)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
RealDownloader (x32 Version: 1.3.0 - RealNetworks, Inc.) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7512 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
SanDiskSecureAccess_Manager.exe (HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\@@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe) (Version: 1.1.19755 - Gemalto N.V.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
SHIELD Streaming (Version: 4.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.1.21 - NVIDIA Corporation) Hidden
Start Menu 8 (HKLM-x32\...\IObit_StartMenu8_is1) (Version: 2.3.0.200 - IObit)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0) (HKLM\...\2C1C2F29FADF39F533CEEE67B90F07A5306A4BDB) (Version: 09/09/2009 1.0.0.0 - OLYMPUS IMAGING CORP.)
Windows Driver Package - Ricoh Company (risdsnpe) hdc  (12/25/2009 6.13.03.02) (HKLM\...\181DCE8F6E8325736063FE20BB12023D439F671C) (Version: 12/25/2009 6.13.03.02 - Ricoh Company)
Windows Driver Package - Ricoh Company MS Host Controller (12/21/2009 6.13.03.02) (HKLM\...\398F0BAAFBB5C68EB2C413A98F8C385C3E0897D6) (Version: 12/21/2009 6.13.03.02 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Woookao (HKLM-x32\...\Woookao_is1) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
11-09-2015 13:41:54 Installed Fitbit Connect
17-09-2015 11:11:05 Windows Modules Installer
17-09-2015 11:13:43 Windows Modules Installer
21-09-2015 17:03:03 JRT Pre-Junkware Removal
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2014-12-21 01:00 - 2014-12-21 01:00 - 00497209 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
 
 


#4 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 21 September 2015 - 06:34 PM

Additional.txt Log seems to be missing. Note full.  Please check.


Edited by olgun52, 21 September 2015 - 06:34 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 dumbgeek

dumbgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 21 September 2015 - 07:36 PM

I guess that is as far as FRST gets because it is automatically shutting down the computer. The additional.txt file that I posted above was all that the computer has completed.  After running it numerous times now it seams to shut the computer down at the same point in the program, when scanning restore points.


Edited by dumbgeek, 22 September 2015 - 11:15 AM.


#6 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 22 September 2015 - 12:10 PM

Please, FRST run the software again and send the additional report.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 dumbgeek

dumbgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 22 September 2015 - 12:40 PM

I have numerous times and you have the same results that has occurred over the last 18 hours.



#8 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 22 September 2015 - 01:00 PM

well,
 
Please do the following,

 

Reset Chrome...
Click on "Customize and control Google Chrome":
 
p22003758.gif
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====
Restart the computer normally.


Step 1:
FRST Script:
Please download this attached txt.gif  Fixlist.txt   5.45KB   0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.
 
Step 2:

 

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

 

How is it now PC ?

 

Good work.

 

 

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 dumbgeek

dumbgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 22 September 2015 - 04:35 PM

Here is the Fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:15-09-2015
Ran by Patricia (2015-09-22 14:27:48) Run:1
Running from C:\Users\Patricia\Downloads
Loaded Profiles: Patricia (Available Profiles: Patricia)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
 
start
CreateRestorePoint:
CloseProcesses:
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
C:\Users\Patricia\AppData\Local\Microsoft\BingSvc\BingSvc.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Run: [BingSvc] => C:\Users\Patricia\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-08-12] (© 2015 Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3195494261-1546193897-3199345644-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
CHR Plugin: (Coupons Inc., Coupon Printer Manager) - C:\Users\Patricia\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
S0 gqbhjg; no ImagePath
S0 hqmpym; no ImagePath
S0 ofvpmj; no ImagePath
S0 qhpbzs; no ImagePath
S0 qozysh; no ImagePath
S0 sjzgxw; no ImagePath
S0 tcoifh; no ImagePath
S0 uotote; no ImagePath
S0 wayuia; no ImagePath
S0 zedltn; no ImagePath
S3 cpuz137; \??\C:\Users\Patricia\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
C:\ProgramData\ProductData
C:\AdwCleaner[C37].txt
2015-09-21 12:06 - 2015-09-21 12:07 - 00003551 _____ C:\AdwCleaner[S104].txt
2015-09-20 11:51 - 2015-09-20 11:51 - 00003588 _____ C:\AdwCleaner[C36].txt
2015-09-20 11:42 - 2015-09-20 11:43 - 00003422 _____ C:\AdwCleaner[S103].txt
2015-09-19 11:17 - 2015-09-19 11:18 - 00003458 _____ C:\AdwCleaner[C35].txt
2015-09-19 11:15 - 2015-09-19 11:16 - 00003292 _____ C:\AdwCleaner[S102].txt
2015-09-18 13:13 - 2015-09-18 13:13 - 00003703 _____ C:\AdwCleaner[C34].txt
2015-09-18 12:01 - 2015-09-18 12:02 - 00003513 _____ C:\AdwCleaner[S101].txt
2015-09-17 11:12 - 2015-09-17 11:13 - 00002993 _____ C:\AdwCleaner[S100].txt
2015-09-16 11:28 - 2015-09-16 11:29 - 00002928 _____ C:\AdwCleaner[S99].txt
2015-09-15 09:41 - 2015-09-15 09:42 - 00002864 _____ C:\AdwCleaner[S98].txt
2015-09-14 11:45 - 2015-09-14 11:46 - 00002800 _____ C:\AdwCleaner[S97].txt
2015-09-13 11:58 - 2015-09-13 11:59 - 00002736 _____ C:\AdwCleaner[S96].txt
2015-09-12 11:27 - 2015-09-12 11:29 - 00002672 _____ C:\AdwCleaner[S95].txt
2015-09-11 12:12 - 2015-09-11 12:13 - 00002608 _____ C:\AdwCleaner[S94].txt
2015-09-10 12:13 - 2015-09-10 12:14 - 00002544 _____ C:\AdwCleaner[S93].txt
2015-09-09 12:19 - 2015-09-09 12:20 - 00002480 _____ C:\AdwCleaner[S92].txt
2015-09-08 12:28 - 2015-09-08 12:28 - 00002628 _____ C:\AdwCleaner[C33].txt
2015-09-08 12:15 - 2015-09-08 12:17 - 00002468 _____ C:\AdwCleaner[S91].txt
2015-09-07 11:59 - 2015-09-07 12:01 - 00002288 _____ C:\AdwCleaner[S89].txt
2015-09-06 12:01 - 2015-09-06 12:01 - 00002224 _____ C:\AdwCleaner[S88].txt
2015-09-05 12:23 - 2015-09-05 12:24 - 00002160 _____ C:\AdwCleaner[S87].txt
2015-09-04 12:32 - 2015-09-04 12:33 - 00002096 _____ C:\AdwCleaner[S86].txt
2015-09-04 12:30 - 2015-09-04 12:31 - 00002032 _____ C:\AdwCleaner[S85].txt
2015-09-03 12:14 - 2015-09-03 12:15 - 00001968 _____ C:\AdwCleaner[S84].txt
2015-09-02 12:13 - 2015-09-02 12:14 - 00001904 _____ C:\AdwCleaner[S82].txt
2015-09-01 12:22 - 2015-09-01 12:23 - 00001840 _____ C:\AdwCleaner[S81].txt
2015-08-31 12:30 - 2015-08-31 12:31 - 00001776 _____ C:\AdwCleaner[S80].txt
2015-08-30 12:32 - 2015-08-30 12:33 - 00001712 _____ C:\AdwCleaner[S79].txt
2015-08-29 12:46 - 2015-08-29 12:48 - 00001648 _____ C:\AdwCleaner[S78].txt
2015-08-28 12:32 - 2015-08-28 12:33 - 00001584 _____ C:\AdwCleaner[S77].txt
2015-08-27 12:14 - 2015-08-27 12:15 - 00001520 _____ C:\AdwCleaner[S76].txt
2015-08-26 12:07 - 2015-08-26 12:09 - 00001456 _____ C:\AdwCleaner[S74].txt
2015-08-25 12:31 - 2015-08-25 12:33 - 00001392 _____ C:\AdwCleaner[S73].txt
2015-08-24 12:24 - 2015-08-24 12:25 - 00001328 _____ C:\AdwCleaner[S72].txt
2015-08-23 11:45 - 2015-08-23 11:46 - 00001264 _____ C:\AdwCleaner[S71].txt
2015-08-22 12:41 - 2015-08-22 12:42 - 00001644 _____ C:\AdwCleaner[C32].txt
2015-08-22 12:29 - 2015-08-22 12:30 - 00001471 _____ C:\AdwCleaner[S70].txt
C:\ProgramData\boost_interprocess
C:\ProgramData\DP45977C.lfl
Minecraft - 1.6.2 Packages (HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Minecraft - 1.6.2 Packages) (Version:  - ) <==== ATTENTION
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe => moved successfully
C:\Users\Patricia\AppData\Local\Microsoft\BingSvc\BingSvc.exe => moved successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found. 
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found. 
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found. 
C:\Users\Patricia\AppData\Local\Google\Chrome\Application\plugins\npMozCouponPrinter.dll => moved successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji" => key removed successfully
LiveUpdateSvc => service removed successfully
gqbhjg => service removed successfully
hqmpym => service removed successfully
ofvpmj => service removed successfully
qhpbzs => service removed successfully
qozysh => service removed successfully
sjzgxw => service removed successfully
tcoifh => service removed successfully
uotote => service removed successfully
wayuia => service removed successfully
zedltn => service removed successfully
cpuz137 => service removed successfully
C:\ProgramData\ProductData => moved successfully
C:\AdwCleaner[C37].txt => moved successfully
C:\AdwCleaner[S104].txt => moved successfully
C:\AdwCleaner[C36].txt => moved successfully
C:\AdwCleaner[S103].txt => moved successfully
C:\AdwCleaner[C35].txt => moved successfully
C:\AdwCleaner[S102].txt => moved successfully
C:\AdwCleaner[C34].txt => moved successfully
C:\AdwCleaner[S101].txt => moved successfully
C:\AdwCleaner[S100].txt => moved successfully
C:\AdwCleaner[S99].txt => moved successfully
C:\AdwCleaner[S98].txt => moved successfully
C:\AdwCleaner[S97].txt => moved successfully
C:\AdwCleaner[S96].txt => moved successfully
C:\AdwCleaner[S95].txt => moved successfully
C:\AdwCleaner[S94].txt => moved successfully
C:\AdwCleaner[S93].txt => moved successfully
C:\AdwCleaner[S92].txt => moved successfully
C:\AdwCleaner[C33].txt => moved successfully
C:\AdwCleaner[S91].txt => moved successfully
C:\AdwCleaner[S89].txt => moved successfully
C:\AdwCleaner[S88].txt => moved successfully
C:\AdwCleaner[S87].txt => moved successfully
C:\AdwCleaner[S86].txt => moved successfully
C:\AdwCleaner[S85].txt => moved successfully
C:\AdwCleaner[S84].txt => moved successfully
C:\AdwCleaner[S82].txt => moved successfully
C:\AdwCleaner[S81].txt => moved successfully
C:\AdwCleaner[S80].txt => moved successfully
C:\AdwCleaner[S79].txt => moved successfully
C:\AdwCleaner[S78].txt => moved successfully
C:\AdwCleaner[S77].txt => moved successfully
C:\AdwCleaner[S76].txt => moved successfully
C:\AdwCleaner[S74].txt => moved successfully
C:\AdwCleaner[S73].txt => moved successfully
C:\AdwCleaner[S72].txt => moved successfully
C:\AdwCleaner[S71].txt => moved successfully
C:\AdwCleaner[C32].txt => moved successfully
C:\AdwCleaner[S70].txt => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
Minecraft - 1.6.2 Packages (HKU\S-1-5-21-3195494261-1546193897-3199345644-1001\...\Minecraft - 1.6.2 Packages) (Version:  - ) <==== ATTENTION => Error: No automatic fix found for this entry.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => 279 MB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 14:29:22 ====
 
 
I have run the ESET scan numerous times now. The computer shuts down prior to finishing part 3 (scan).

Edited by dumbgeek, 23 September 2015 - 02:52 PM.


#10 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 25 September 2015 - 02:00 PM

Okay.

 

Please do the following,

 

Kaspersky Virus Removal Tool with deep rootkit search.


Download the latest version of Kaspersky Virus Removal Tool

  • Close all other applications and double-click and run the installer.
  • When AVPTool starts, select all the scanable items except for CD-ROM drives.
  • Then please choose Security level: Recommended and perform the following actions.
    6zvqld.gif
  • Click the Start scan button.
  • If malware is detected, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • After the scan finishes, if any threat remains in the Scan window (Red exclamation point), click the Neutralize all button
  • In the window that opens, place a checkmark in the Apply to all box, and click the Delete button (or Disinfect if the button is active).
  • If advised that a special disinfection procedure is required which demands system reboot: click the Ok button to close the window.
  • In the Scan window click the Reports button and select Save to file.
  • Name the report AVPT.txt, and save it to the Desktop.
  • Close AVPTool.
  • You will be prompted if you want to uninstall the program; click Yes.
  • You will then be prompted that to complete the uninstallation, the computer must be restarted. Select Yes to restart the system.
  • Copy and paste the first part of the report (Detected) that you saved in your next reply. Do not include the longer list marked Events.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#11 dumbgeek

dumbgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 25 September 2015 - 07:24 PM

Ran Kaspersky Virus Removal Tool and it found no threats. Results:

 

Duration: 3;18:00

Found: 0 Objects

Neutralized: 0 Objects

Quarntined: 0 Objects



#12 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 25 September 2015 - 08:10 PM

Hi dumbgeek,

 

Please do the following.

 

Dr.Web CureIt run:

Ashampoo_Snap_2015.02.19_17h50m22s_001__

  • Please download Dr.Web CureIt! Free  antivirus and save it to your computer. The file size is in excess of 100MB
  • NOTE: Free usage of Dr.Web CureIt! for business purposes is illegal.
  • Internet Explorer may show a warning when downloading - the file is safe to download from the provided link.
  • Shutdown your antivirus to avoid any conflicts while scanning.
  • Once the scans have completed please re-enable your antivirus.
  • If using Malwarebytes Anti-Malware PRO you can right click over the tray icon and disable the Protection Modules
  • If needed you can also temporarily disable it from starting with Windows
  • Temporarily turn off any other security add-ons or applications you may also have.
  • Once you have downloaded Dr.Web CureIt! you should right click over it and choose Properties and verify it has a Digital Signature.
  • If it does not have a Digital Signature then do not run it.
  • Close all open programs including all Web browsers and then double-click on drweb-cureit.exe to start the installer.
  • You should have your User Account Control (UAC) enabled for improved security and which should then produce a dialog box asking for approval to run the installer.
  • Click on the Yes button to start the installer.
  • Click OK to scan your computer in the Enhanced Protection Mode
  • Click on the check box to agree to participate in their software improvement program.
  • Then if needed choose your Language by clicking on the small globe like icon in the upper right corner by the wrench.
  • Then click on the Continue button and then click on the Select objects for scanning link just below the "Start scanning" button.
  • Place a check mark on all the items except for Temporary files and System restore points - those items should not have a check mark on them.
  • Then click on the Start scanning button.
  • If a threat is found you can click on the Action column in the program.
  • Your options will be Cure or Ignore
  • If you see an item that you are absolutely sure is OK, then un-check the check box for that item, otherwise keep it on Cure.
  • Then click on the Neutralize button.
  • Once completed click on the green Open Report link. It will open the report in NOTEPAD
  • Save the report to your desktop. The report will be called Cureit.log
  • Close Dr.Web Cureit!
  • Reboot your computer to allow files that were in use to be moved/deleted during reboot.
  • After reboot, attach the log Cureit.log you saved previously in your next reply.
  • Re-Enable your antivirus and other security programs when all done.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 olgun52

olgun52

  • Malware Response Team
  • 3,791 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 AM

Posted 27 September 2015 - 05:53 PM

3 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 48 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 dumbgeek

dumbgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 September 2015 - 09:04 PM

i have continued to run Eset scan and the results are below:

 

C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\IObit Malware Fighter.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\All Users\IObit\ASCDownloader\Smart Defrag.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\ProgramData\IObit\ASCDownloader\IObit Malware Fighter.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\ProgramData\IObit\ASCDownloader\Smart Defrag.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
C:\Users\Patricia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.lnk Win32/Adware.ADON potentially unwanted application cleaned by deleting - quarantined
C:\Users\Patricia\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.lnk Win32/Adware.ADON potentially unwanted application cleaned by deleting - quarantined
C:\Users\Patricia\Downloads\codecs.for.windows.7.pack.v4.0.5.setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted - quarantined
C:\Windows\Installer\MSI3760.tmp a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application cleaned by deleting - quarantined
C:\Windows\Installer\MSI73B0.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Windows\Installer\MSICE32.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined
C:\Windows\Installer\MSIFCCD.tmp a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application cleaned by deleting - quarantined


#15 dumbgeek

dumbgeek
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:08:40 PM

Posted 27 September 2015 - 09:08 PM

 
Attached the Cureit.log file:
 
 
Attached File  cureit.log   2.98MB   10 downloads

Edited by dumbgeek, 27 September 2015 - 09:41 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users