Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring rootkit


  • This topic is locked This topic is locked
24 replies to this topic

#1 MD101

MD101

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 22 November 2015 - 01:09 PM

Greetings all and thanks in advance for the help.  Since the beginning of this month I have been getting a recurring rootkit that only webroot will detect but cannot permanently remove.  Here's a scan log from webroot;

 

Automated Cleanup Engine
Starting Cleanup at 07/11/2015 - 16:36:25 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\OneSyncSvc_Session18\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_Session18\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_Session18\
Starting Routine> Removing System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session18\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session18\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session18\
Starting Routine> Removing System\CurrentControlSet\Services\UnistoreSvc_Session18\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_Session18\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_Session18\
Starting Routine> Removing System\CurrentControlSet\Services\UserDataSvc_Session18\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_Session18\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_Session18\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 07/11/2015 - 17:00:12 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\NAL\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 13/11/2015 - 06:39:24 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\OneSyncSvc_Session4\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_Session4\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_Session4\
Starting Routine> Removing System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session4\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session4\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session4\
Starting Routine> Removing System\CurrentControlSet\Services\UnistoreSvc_Session4\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_Session4\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_Session4\
Starting Routine> Removing System\CurrentControlSet\Services\UserDataSvc_Session4\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_Session4\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_Session4\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 13/11/2015 - 07:02:39 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\NAL\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 14/11/2015 - 16:15:26 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\OneSyncSvc_Session3\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_Session3\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_Session3\
Starting Routine> Removing System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session3\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session3\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_Session3\
Starting Routine> Removing System\CurrentControlSet\Services\UnistoreSvc_Session3\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_Session3\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_Session3\
Starting Routine> Removing System\CurrentControlSet\Services\UserDataSvc_Session3\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_Session3\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_Session3\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 14/11/2015 - 16:50:52 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\MozillaMaintenance\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MozillaMaintenance\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MozillaMaintenance\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 21/11/2015 - 17:15:47 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\MessagingService_2b0c096\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MessagingService_2b0c096\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MessagingService_2b0c096\
Starting Routine> Removing System\CurrentControlSet\Services\OneSyncSvc_2b0c096\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_2b0c096\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_2b0c096\
Starting Routine> Removing System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2b0c096\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2b0c096\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_2b0c096\
Starting Routine> Removing System\CurrentControlSet\Services\UnistoreSvc_2b0c096\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_2b0c096\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_2b0c096\
Starting Routine> Removing System\CurrentControlSet\Services\UserDataSvc_2b0c096\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_2b0c096\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_2b0c096\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 21/11/2015 - 23:51:09 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\MessagingService_3d622\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MessagingService_3d622\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MessagingService_3d622\
Starting Routine> Removing System\CurrentControlSet\Services\OneSyncSvc_3d622\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_3d622\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_3d622\
Starting Routine> Removing System\CurrentControlSet\Services\PimIndexMaintenanceSvc_3d622\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_3d622\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_3d622\
Starting Routine> Removing System\CurrentControlSet\Services\UnistoreSvc_3d622\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_3d622\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_3d622\
Starting Routine> Removing System\CurrentControlSet\Services\UserDataSvc_3d622\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_3d622\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_3d622\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 22/11/2015 - 00:41:10 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\NAL\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 22/11/2015 - 16:12:19 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\MessagingService_40eab\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MessagingService_40eab\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\MessagingService_40eab\
Starting Routine> Removing System\CurrentControlSet\Services\OneSyncSvc_40eab\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_40eab\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\OneSyncSvc_40eab\
Starting Routine> Removing System\CurrentControlSet\Services\PimIndexMaintenanceSvc_40eab\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_40eab\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc_40eab\
Starting Routine> Removing System\CurrentControlSet\Services\UnistoreSvc_40eab\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_40eab\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UnistoreSvc_40eab\
Starting Routine> Removing System\CurrentControlSet\Services\UserDataSvc_40eab\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_40eab\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\UserDataSvc_40eab\
Starting Routine> Removing threats - Please wait...#...
 
Automated Cleanup Engine
Starting Cleanup at 22/11/2015 - 16:56:56 GMT
 
Starting Routine> Removing System\CurrentControlSet\Services\NAL\...#(PX5:  - MD5: )...
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Deleting Registry Key> HKLM\System\CurrentControlSet\Services\NAL\
Starting Routine> Removing threats - Please wait...#...
 
 
I am currently running kaspersky as well but it never detects any of the above, even if webroot has yet to remove it.  As previously stated thank you very much in advance for your help.


BC AdBot (Login to Remove)

 


#2 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 22 November 2015 - 01:18 PM

Here are the FRST logs.

Attached Files



#3 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 22 November 2015 - 07:28 PM

Hello MD101 and Welcome to the BleepingComputer. :welcome:  
 My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks

 

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1
Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

===========================================================================

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

===========================================================================

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)

 

:hello:
 
Sincerely


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#4 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 22 November 2015 - 08:11 PM

Thank you for the prompt response.  Steps taken, in order;

 

 

Rkill 2.8.2 by Lawrence Abrams (Grinler)
Copyright 2008-2015 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 11/22/2015 04:55:31 PM in x64 mode.
Windows Version: Windows 10 Pro 
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * fcvsc [Missing Service]
 * HdAudAddService [Missing Service]
 * HyperVideo [Missing Service]
 * netvsc [Missing Service]
 * wfpcapture [Missing Service]
 
 * CompositeBus => \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [Incorrect ImagePath]
 * NgcSvc => %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted [Incorrect ImagePath]
 * swenum => \SystemRoot\System32\drivers\swenum.sys [Incorrect ImagePath]
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 11/22/2015 04:55:36 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
 
 

 Results of screen317's Security Check version 1.009  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Webroot SecureAnywhere   
Kaspersky Anti-Virus     
Windows Defender         
 Antivirus up to date!  (On Access scanning disabled!) 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 45  
 Java version 32-bit out of Date! 
 Adobe Flash Player 19.0.0.245  
 Google Chrome (46.0.2490.80) 
 Google Chrome (46.0.2490.86) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 iolo Common Lib ioloServiceManager.exe 
 iolo System Mechanic iologovernor64.exe  
 iolo System Mechanic LiveBoost.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 

RogueKiller V10.11.6.0 [Nov 16 2015] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Michael [Administrator]
Started from : C:\Users\Michael\Desktop\RogueKiller.exe
Mode : Scan -- Date : 11/22/2015 17:06:14
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 0 ¤¤¤
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  +++++
--- User ---
[MBR] b7e635a17b8d554785cad4371e38c783
[BSP] 21b0288f3816c8b549d4b4f1190f1bcc : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 975946 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1999458304 | Size: 463 MB
User = LL1 ... OK
User = LL2 ... OK
 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 22 November 2015 - 09:14 PM

Hi,

 

RogueKiller Log is clean.

-------------------------------------------

AV: Webroot SecureAnywhere (Enabled - Up to date)
AV: Kaspersky Anti-Virus (Enabled - Up to date)

 

Please Uninstall: Webroot SecureAnywhere

Here Look.

 

And PC restart.

===============================================================================

Uninstall:

iolo

System Mechanic
C:\Program Files (x86)\iolo
C:\Program Files (x86)\iolo\System Mechanic

 

And PC restart.

===========================================

 

Caution: After the system restarts, repair will be made.

 

FRST Script:

  • Please make sure your browsers are closed before continuing.
  • Be sure to temporarily disable all antivirus/anti-spyware softwares

Please download this attached Attached File  Fixlist.txt   16.34KB   12 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

==============================================================

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 22 November 2015 - 10:02 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:22-11-2015
Ran by Michael (2015-11-22 18:45:36) Run:1
Running from C:\Users\Michael\Downloads
Loaded Profiles: Michael (Available Profiles: Michael)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\extensions\adblockpopups@jessehakanen.net.xpi [2015-06-08]
FF Extension: AdBlock for Firefox - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-02-01] [not signed]
FF Extension: Webroot Password Manager - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} [2015-11-12] [not signed]
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => No File
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
CHR Extension: (Webroot Filtering Extension) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2015-11-04]
CHR Extension: (Webroot Password Manager) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-11-12]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - hxxps://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-11-12]
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4682552 2015-08-15] (iolo technologies, LLC)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [840264 2015-11-20] (Webroot)
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-11-04] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [43600 2015-11-03] (Webroot)
U0 SR; no ImagePath
U2 srservice; no ImagePath
2015-11-22 09:56 - 2015-11-22 09:57 - 05639131 _____ (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
 C:\WINDOWS\PFRO.log
2015-11-14 09:19 - 2014-10-14 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2015-11-14 09:19 - 2014-10-09 15:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\...\MountPoints2: {79cb2ffc-91ad-11e4-8274-806e6f6e6963} - "D:\.\Bin\ASSETUP.exe" 
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Task: {01488148-C3F7-45FD-89F3-A3B7E36A0411} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {03802170-BCC3-416C-9466-5F3728173783} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {3975A2EF-D65E-4443-892A-34D34652C189} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {59F2DB8F-3C34-43AE-A982-A57C0A986C24} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5EA5ECC5-5119-4FA9-B440-DFBEA04DADF9} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {6E4C1BDB-26FE-4748-BEDF-BEDA66471F28} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {763AF1E2-A826-4D0F-8234-586C18469B12} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {78FE5FDF-0841-4B4C-8982-D12F441B68B0} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {846215AF-A13A-406A-A85F-0EF6D06C8925} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {CEDD26F1-34C4-4E17-966F-2B2B803B3833} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {E518138A-0ADE-4214-8B0E-B9A04C06DD70} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3174402302-272248445-3545076903-1001Core.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3174402302-272248445-3545076903-1001UA.job => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Office 15:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft SQL Server Compact Edition:Win32App_1
AlternateDataStreams: C:\Program Files\Webroot:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Microsoft SQL Server Compact Edition:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\NVIDIA Corporation:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Origin:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\QuickTime:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Razer Surround Driver Installer:Win32App_1
AlternateDataStreams: C:\ProgramData\regid.1991-06.com.microsoft:Win32App_1
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
C:\Users\Michael\AppData\LocalLow\webroot
RemoveProxy:
EmptyTemp:
cmd: netsh winsock reset
CMD: sfc /scannow
Reboot:
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\extensions\adblockpopups@jessehakanen.net.xpi => moved successfully
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\extensions\adblockpopups@jessehakanen.net.xpi => path removed successfully
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi => moved successfully
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} => not found.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => not found.
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb => not found
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd => not found
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kjeghcllfecehndceplomkocgfbklffd => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => key not found. 
"C:\ProgramData\WRData\pkg\lpchrome.crx" => not found.
ioloSystemService => service not found.
WRSVC => service not found.
WRkrn => service not found.
wrUrlFlt => service not found.
SR => service removed successfully
srservice => service removed successfully
"C:\Users\Michael\Desktop\ComboFix.exe" => not found.
C:\WINDOWS\PFRO.log => moved successfully
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
"HKU\S-1-5-21-3174402302-272248445-3545076903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79cb2ffc-91ad-11e4-8274-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{79cb2ffc-91ad-11e4-8274-806e6f6e6963} => key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01488148-C3F7-45FD-89F3-A3B7E36A0411}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01488148-C3F7-45FD-89F3-A3B7E36A0411}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03802170-BCC3-416C-9466-5F3728173783}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03802170-BCC3-416C-9466-5F3728173783}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3975A2EF-D65E-4443-892A-34D34652C189}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3975A2EF-D65E-4443-892A-34D34652C189}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59F2DB8F-3C34-43AE-A982-A57C0A986C24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F2DB8F-3C34-43AE-A982-A57C0A986C24}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EA5ECC5-5119-4FA9-B440-DFBEA04DADF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EA5ECC5-5119-4FA9-B440-DFBEA04DADF9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6E4C1BDB-26FE-4748-BEDF-BEDA66471F28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E4C1BDB-26FE-4748-BEDF-BEDA66471F28}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{763AF1E2-A826-4D0F-8234-586C18469B12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{763AF1E2-A826-4D0F-8234-586C18469B12}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78FE5FDF-0841-4B4C-8982-D12F441B68B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78FE5FDF-0841-4B4C-8982-D12F441B68B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{846215AF-A13A-406A-A85F-0EF6D06C8925}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846215AF-A13A-406A-A85F-0EF6D06C8925}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CEDD26F1-34C4-4E17-966F-2B2B803B3833}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEDD26F1-34C4-4E17-966F-2B2B803B3833}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E518138A-0ADE-4214-8B0E-B9A04C06DD70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E518138A-0ADE-4214-8B0E-B9A04C06DD70}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3174402302-272248445-3545076903-1001Core.job => moved successfully
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3174402302-272248445-3545076903-1001UA.job => moved successfully
C:\Program Files\Bonjour => ":Win32App_1" ADS removed successfully.
C:\Program Files\iTunes => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Office 15 => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft Silverlight => ":Win32App_1" ADS removed successfully.
C:\Program Files\Microsoft SQL Server Compact Edition => ":Win32App_1" ADS removed successfully.
C:\Program Files\Webroot => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Apple Software Update => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Bonjour => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Microsoft SQL Server Compact Edition => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\NVIDIA Corporation => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Origin => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\QuickTime => ":Win32App_1" ADS removed successfully.
C:\Program Files (x86)\Razer Surround Driver Installer => ":Win32App_1" ADS removed successfully.
C:\ProgramData\regid.1991-06.com.microsoft => ":Win32App_1" ADS removed successfully.
"HKU\.DEFAULT\Software\Classes\exefile" => key removed successfully
"HKU\.DEFAULT\Software\Classes\.exe" => key removed successfully
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
"HKU\S-1-5-19\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-19\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
"HKU\S-1-5-20\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-20\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
"HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Classes\exefile" => key removed successfully
"HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Classes\.exe" => key removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Classes\exefile => key not found. 
"C:\Users\Michael\AppData\LocalLow\webroot" => not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  sfc /scannow =========
 
 
 
 
 B e g i n n i n g   s y s t e m   s c a n .     T h i s   p r o c e s s   w i l l   t a k e   s o m e   t i m e . 
 
 
 
 
 
 B e g i n n i n g   v e r i f i c a t i o n   p h a s e   o f   s y s t e m   s c a n . 
 
 
 V e r i f i c a t i o n   0 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   4 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   8 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 3 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 7 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 3 %   c o m p l e t e . V e r i f i c a t i o n   2 3 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 6 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 5 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 4 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 3 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 7 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 2 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 9 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 4 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 8 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   c o u l d   n o t   p e r f o r m   t h e   r e q u e s t e d   o p e r a t i o n . 
 
 
 Processes closed successfully.
HKLM\SOFTWARE\Policies\Google => key not found. 
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\extensions\adblockpopups@jessehakanen.net.xpi => not found.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi => not found.
C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\sm443609.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} => not found.
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.823\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll => not found.
C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll => not found.
CHR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb => not found
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd => not found
C:\Users\Michael\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => not found
HKLM\SOFTWARE\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kjeghcllfecehndceplomkocgfbklffd => key not found. 
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab => key not found. 
"C:\ProgramData\WRData\pkg\lpchrome.crx" => not found.
ioloSystemService => service not found.
WRSVC => service not found.
WRkrn => service not found.
wrUrlFlt => service not found.
SR => service not found.
srservice => service not found.
"C:\Users\Michael\Desktop\ComboFix.exe" => not found.
"C:\WINDOWS\PFRO.log" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere" => not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
"HKU\S-1-5-21-3174402302-272248445-3545076903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79cb2ffc-91ad-11e4-8274-806e6f6e6963}" => key removed successfully
HKCR\CLSID\{79cb2ffc-91ad-11e4-8274-806e6f6e6963} => key not found. 
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01488148-C3F7-45FD-89F3-A3B7E36A0411} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03802170-BCC3-416C-9466-5F3728173783} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3975A2EF-D65E-4443-892A-34D34652C189} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59F2DB8F-3C34-43AE-A982-A57C0A986C24} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EA5ECC5-5119-4FA9-B440-DFBEA04DADF9} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E4C1BDB-26FE-4748-BEDF-BEDA66471F28} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{763AF1E2-A826-4D0F-8234-586C18469B12} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78FE5FDF-0841-4B4C-8982-D12F441B68B0} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{846215AF-A13A-406A-A85F-0EF6D06C8925} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEDD26F1-34C4-4E17-966F-2B2B803B3833} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E518138A-0ADE-4214-8B0E-B9A04C06DD70} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key not found. 
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3174402302-272248445-3545076903-1001Core.job => not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3174402302-272248445-3545076903-1001UA.job => not found.
"C:\Program Files\Bonjour" => ":Win32App_1" ADS not found.
"C:\Program Files\iTunes" => ":Win32App_1" ADS not found.
"C:\Program Files\Microsoft Office 15" => ":Win32App_1" ADS not found.
"C:\Program Files\Microsoft Silverlight" => ":Win32App_1" ADS not found.
"C:\Program Files\Microsoft SQL Server Compact Edition" => ":Win32App_1" ADS not found.
"C:\Program Files\Webroot" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Apple Software Update" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Bonjour" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Microsoft SQL Server Compact Edition" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\NVIDIA Corporation" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Origin" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\QuickTime" => ":Win32App_1" ADS not found.
"C:\Program Files (x86)\Razer Surround Driver Installer" => ":Win32App_1" ADS not found.
"C:\ProgramData\regid.1991-06.com.microsoft" => ":Win32App_1" ADS not found.
HKU\.DEFAULT\Software\Classes\.exe => key not found. 
HKU\.DEFAULT\Software\Classes\exefile => key not found. 
HKU\S-1-5-19\Software\Classes\.exe => key not found. 
HKU\S-1-5-19\Software\Classes\exefile => key not found. 
HKU\S-1-5-20\Software\Classes\.exe => key not found. 
HKU\S-1-5-20\Software\Classes\exefile => key not found. 
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Classes\.exe => key not found. 
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\Software\Classes\exefile => key not found. 
"C:\Users\Michael\AppData\LocalLow\webroot" => not found.
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3174402302-272248445-3545076903-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
 
=========  netsh winsock reset =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  sfc /scannow =========
 
 
 
 
 B e g i n n i n g   s y s t e m   s c a n .     T h i s   p r o c e s s   w i l l   t a k e   s o m e   t i m e . 
 
 
 
 
 
 B e g i n n i n g   v e r i f i c a t i o n   p h a s e   o f   s y s t e m   s c a n . 
 
 
 V e r i f i c a t i o n   0 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   4 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   8 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 3 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 7 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 3 %   c o m p l e t e . V e r i f i c a t i o n   2 3 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 6 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 5 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 4 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 3 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 7 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 2 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 9 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 4 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 8 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   9 0 %   c o m p l e t e . V e r i f i c a t i o n   9 0 %   c o m p l e t e . V e r i f i c a t i o n   9 1 %   c o m p l e t e . V e r i f i c a t i o n   9 1 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 3 %   c o m p l e t e . V e r i f i c a t i o n   9 4 %   c o m p l e t e . V e r i f i c a t i o n   9 4 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 7 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 0 %   c o m p l e t e . 
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   d i d   n o t   f i n d   a n y   i n t e g r i t y   v i o l a t i o n s . 
 
 
 
========= End of CMD: =========
 
EmptyTemp: => 892.9 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 18:59:04 ====


#7 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 22 November 2015 - 10:09 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 11/22/2015
Scan Time: 7:04 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.22.05
Rootkit Database: v2015.11.22.02
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Michael
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 350453
Time Elapsed: 4 min, 19 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 23 November 2015 - 12:09 PM

Hi,

Did you remove the Webroot software?

-------------------------------------------------------

Please post a fresh FRST Log files. (Frst.txt and Additional.txt)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#9 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 23 November 2015 - 09:09 PM

I'm trying to reply but the website keeps timing out.  I will continue to try and post the logs.



#10 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 24 November 2015 - 10:51 AM

After trying, unsuccessfully, all last night to actually post the scan logs I will attempt to do so from my work PC today.  As an aside my PC is no noticeably more unstable, several websites won't open and there are lags where there previously were none.  I hope this next round of scan logs helps.



#11 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 24 November 2015 - 01:03 PM

OK, I can't even paste the logs from my work PC, so I'm not sure what the problem is.  I know this is not the preferred method but I'm officially out of options so I have attached the scan logs to this post.

Attached Files



#12 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 24 November 2015 - 07:32 PM

did you soon to driver or driver package upload ?
--------------------------------------------------------
Please go to: VirusTotal
On the page you'll find a "Choose File" button.
Click on the Choose File button.
In the Choose File to Upload window which opens, copy and paste this into the File Name box.
C:\Users\Michael\AppData\Local\lptmp1141319866
 
Next, click the Open button.
Then click the "Scan It!" button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the link to the results page in your next reply.


Edited by olgun52, 24 November 2015 - 07:33 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#13 MD101

MD101
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:20 PM

Posted 24 November 2015 - 09:12 PM

I updated my bios about a week ago.  No other driver uploads of note.  I even delayed my VPU driver upgrade once I started this process.



#14 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 25 November 2015 - 11:09 AM

Hi MD101,

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   1.63KB   8 downloads downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 olgun52

olgun52

  • Malware Response Team
  • 3,807 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:20 AM

Posted 28 November 2015 - 12:37 PM

Hello,

 

4 Day Inactivity

This is the third day since my last post. Are you still there?

If you need more time, just let me know.

If you do not post within 24 hours, this thread will be closed due to inactivity.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users