Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Virus makes my 3 screens go dark - help!

This is a discussion on Virus makes my 3 screens go dark - help! within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hello, I posted a detailed description of my problem in Hardware, where the moderator advised me that the problem is


 
 
Thread Tools Search this Thread
Old 03-29-2016, 07:15 PM   #1
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Hello,
I posted a detailed description of my problem in Hardware, where the moderator advised me that the problem is a virus, not the hardware. I have 3 screens and they all went dark. So my first question is, how can I go onto my computer (Windows 10) even to get to Safe Mode if I can't even see the screens?

The other thread (and detailed description of the problem) is here:
https://www.techsupportforum.com/foru...l-1107914.html

(Title is: Screens went blank, now won't come on at all )

If you could take a look at that and tell me how to proceed, I would be eternally grateful (well, almost!). My livelihood depends on my 3 screens working. Next step?
BethD is offline  
Sponsored Links
Advertisement
 
Old 03-30-2016, 11:48 AM   #2
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Update: I am following the instructions given in the Hardware forum. Thank you!! Will let you know how it goes.
BethD is offline  
Old 03-30-2016, 11:49 AM   #3
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Update: I am following the instructions given in the Hardware forum. Will let you know how it goes. Thank you for responding so quickly!
BethD is offline  
Sponsored Links
Advertisement
 
Old 03-30-2016, 05:49 PM   #4
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Meant to post this here, not in Hardware (same thing is in Hardware; I am pasting it here as well.) Sorry for the screwup!

Update:
Here is where I am on this (sorry that last one got double-posted). Here is what I did:

1. Opened up my computer, unplugged all monitors, plugged one (VGA) directly into the motherboard. No success. Plugged second one (HDMI) into mobo, no success.
2. Took out video card. Plugged a monitor into the mobo and it worked (that was a relief to see!).
3. However, at this point I wanted to make an "emergency backup" of my files (I had backed up almost everything pretty recently but wanted to catch some work done in the last week or so). I cannot get past the screens that come up.

Here is what I get on the screen (Win 10):
"Choose an option:" Buttons: "Continue on to Win 10" (When I hit this, I just get back to the password screen and then this same screen), "Turn off your PC" (I did this just to give it a chance; eventually got back to this screen again); "Use a device - USB drive, network connection, or Windows recovery CD"; or "Troubleshoot" (apparently to do a system restore, get the command prompt, some other things).

Advise? Is it possible to make an emergency backup from this point? If so, what do I click on to do that? If not, that is ok. What would be the next step? Many thanks.

Quick addendum: I have an HDMI and a VGA monitor both plugged into the motherboard. Both work, same screen as mentioned above. (Had the videocard since Sept '15 so I could have the third monitor).
BethD is offline  
Old 03-31-2016, 07:14 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello BethD.

Quote:
Is it possible to make an emergency backup from this point?
No. Kinda late for that.

Are you able to get to Startup Repair using Method 2(Use the Shift + Restart combination) here at the login screen:

4 Ways To Boot Into Safe Mode In Windows 10
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-01-2016, 12:35 PM   #6
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Yes, I can get to Startup Repair.
BethD is offline  
Old 04-01-2016, 01:12 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Choose Startup Repair and follow the prompts.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-01-2016, 01:39 PM   #8
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



I got into Safe Mode using the Shift-Restart combination. I am now at the Windows 10 log-in screen. I will wait for further instructions.
BethD is offline  
Old 04-01-2016, 08:33 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



I wanted you to select Startup Repair instead of Startup Settings.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-02-2016, 08:15 AM   #10
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Ok great. I booted in safe mode (Power button/Shift Restart), Troubleshoot, Advanced, Startup Repair. Followed the prompts (logged in as prompted, etc), and then got this message when Start Up repair ran:

"StartUp Repair couldn't repair your PC. Press 'Advanced Options' to try other options to repair your PC or 'Shut down' to turn off your PC."
BethD is offline  
Old 04-03-2016, 12:53 PM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BethD. Sorry you are having trouble.

Are you able to get to Command Prompt under the Advanced Settings?

Do you have a USB(flash) drive?

Is this a 32- or 64-bit machine?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-03-2016, 04:48 PM   #12
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Yes, I can get to a Command Prompt.

Yes, I have a flash drive. I downloaded to it from malwarebytes.com as the initial directions to the Virus forum specified.

It is 64-bit.

Thank you! My livelihood depends on my computer, as I am a commodities trader. I will be using my tiny laptop tomorrow a.m. instead of my wonderful 3 monitors. Sigh.
BethD is offline  
Old 04-03-2016, 06:25 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BethD. You're welcome.

Before we continue, I must warn you there is always the possibility, no matter how small, that something could go wrong.

If you don't feel comfortable proceeding and/or you have data you absolutely cannot live without, you could always remove your hard drive, slave it to another hard drive on another computer, and backup that data.

------------------------------------------------------

Print out these instructions to use while in the Recovery Environment or read off another computer:

You will need a USB drive for these instructions.

Download Farbar Recovery Scan Tool x64 and save it to a USB drive.

Plug the USB drive into the infected PC.

Reboot your computer and go to Command Prompt as you did before.
  • In the command window type in Notepad and press Enter.
  • Notepad opens. Under File menu select Open.
  • Select "Computer" and find your USB drive letter and close Notepad.
  • In the command window type e:\frst64.exe and press Enter
    Note: Replace letter e with the drive letter of your USB drive.
  • The tool will start to run.
  • When the tool opens click 'Yes' to the disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the USB drive.
  • Exit FRST64
  • Type exit then press Enter. Restart your computer.
  • Please copy and paste FRST.txt in your next reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-04-2016, 04:40 PM   #14
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Chemist, thank you for your details. I am going the route of backing up my hard drive to another computer, "just in case." That is taking me a while since I had to buy a USB-to-SATA adapter and could not find it locally. I will be back at this after Wed., when the adapter is supposed to arrive.
BethD is offline  
Old 04-04-2016, 06:22 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Bethd. You're very welcome. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-07-2016, 08:09 PM   #16
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Hello, Chemist,
Here is the txt from FRST:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SYSTEM on MININT-25SJO8I (07-04-2016 23:03:16)
Running from d:\
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-01] (Realtek Semiconductor)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1171088 2013-10-06] (Highresolution Enterprises)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1065024 2014-05-02] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [ospd_us_350] => [X]
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [SnapMyScreen] => C:\Program Files (x86)\Mindspark\SnapMyScreen\SnapMyScreen.exe [172384 2015-04-18] (Mindspark Interactive Network, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1734544 2015-12-04] (APN)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Doriani\...\Run: [EPLTarget\P0000000000000001] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\Doriani\...\Run: [EPLTarget\P0000000000000002] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\Doriani\...\Run: [EPLTarget\P0000000000000003] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATILAE.EXE [297024 2013-01-24] (SEIKO EPSON CORPORATION)
HKU\Doriani\...\Run: [cdloader] => C:\Users\Doriani\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\Doriani\...\Run: [Dropbox Update] => C:\Users\Doriani\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-15] (Dropbox, Inc.)
HKU\Doriani\...\Run: [Zoom] => 0
HKU\Doriani\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\Doriani\...\Run: [Google Update] => C:\Users\Doriani\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-09-15] (Google Inc.)
HKU\Doriani\...\Run: [HP Photosmart 5520 series (NET)] => C:\Program Files\HP\HP Photosmart 5520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\Doriani\...\Run: [GoogleChromeAutoLaunch_34CF8B57FBF1D4B97605F952FEBF2B7B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1003160 2016-03-07] (Google Inc.)
HKU\Doriani\...\RunOnce: [Uninstall C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\Doriani\...\RunOnce: [Uninstall C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\Doriani\...\RunOnce: [Application Restart #0] => C:\Windows\System32\ctfmon.exe ctfmon.exe
HKU\Doriani\...\RunOnce: [Application Restart #1] => C:\Windows\HelpPane.exe [994816 2015-10-29] (Microsoft Corporation)
HKU\Doriani\...\Policies\system: [DisableCMD] 0
HKU\Doriani\...\Policies\system: [NoDispAppearancePage] 0
HKU\Doriani\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Doriani\...\Policies\system: [NoDispSettingsPage] 0
HKU\Doriani\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Doriani\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Doriani\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Doriani\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Doriani\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Doriani\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Doriani\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Doriani\...\Policies\Explorer: [NoFind] 0
HKU\Doriani\...\Policies\Explorer: [NoFile] 0
HKU\Doriani\...\Policies\Explorer: [HideClock] 0
HKU\Doriani\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Doriani\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Doriani\...\Policies\Explorer: [NoSetFolders] 0
HKU\Doriani\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Doriani\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Doriani\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Doriani\...\Policies\Explorer: [NoDFSTab] 0
HKU\Doriani\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Doriani\...\Policies\Explorer: [NoLogoff] 0
HKU\Doriani\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Doriani\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Doriani\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Doriani\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Doriani\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Doriani\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Doriani\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\Doriani\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Bubbles.scr [805888 2015-10-29] (Microsoft Corporation)
Startup: C:\Users\Doriani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-16]
ShortcutTarget: Dropbox.lnk -> C:\windows\system32\config\systemprofile\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
Startup: C:\Users\Doriani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2014-02-04]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Doriani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk [2016-04-01]
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 5520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 5520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198544 2015-12-04] (APN LLC.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
S2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-27] (Microsoft Corporation)
S2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-16] (Seiko Epson Corporation)
S2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-17] (Hewlett-Packard Company)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-07-26] (Nitro PDF Software)
S2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6942480 2016-03-02] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [873072 2016-02-27] (Webroot)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
S1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
S3 IoiUStor; C:\Windows\system32\drivers\IoiUStor.SYS [95744 2012-11-14] (IOI Inc.)
S3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-29] (Realtek )
S2 RtkIOAC60; C:\Windows\system32\DRIVERS\RtkIOAC60.sys [38504 2012-04-16] (Windows (R) Codename Longhorn DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2015-10-19] (Webroot)
S3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [45592 2016-03-03] (Webroot)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 23:03 - 2016-04-07 23:03 - 00000000 ____D C:\FRST
2016-04-02 06:44 - 2016-04-02 06:44 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-01 12:36 - 2016-04-02 06:45 - 00182214 _____ C:\Windows\ntbtlog.txt
2016-03-27 15:15 - 2016-03-27 15:15 - 00000000 ____D C:\Users\Doriani\Documents\HRBlock
2016-03-27 15:15 - 2016-03-27 15:15 - 00000000 ____D C:\Program Files (x86)\HRBlock2015
2016-03-27 14:46 - 2016-03-27 15:17 - 00000000 ____D C:\ProgramData\Protexis
2016-03-27 14:46 - 2016-03-27 14:46 - 00000000 ____D C:\Users\Doriani\AppData\Local\Protexis
2016-03-25 07:01 - 2016-03-25 07:01 - 00000000 ____D C:\Program Files\Common Files\Webroot
2016-03-23 16:55 - 2016-03-23 16:55 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-03-23 16:55 - 2016-03-23 16:55 - 00000000 ____D C:\Program Files (x86)\AMD
2016-03-23 16:53 - 2016-04-01 12:27 - 00000000 ____D C:\Windows\LastGood
2016-03-23 16:53 - 2016-03-23 16:53 - 00000000 ____D C:\ProgramData\ATI
2016-03-23 16:37 - 2016-04-01 16:20 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\Raptr
2016-03-23 16:37 - 2016-04-01 16:20 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\PlaysTV
2016-03-23 16:37 - 2016-03-23 16:37 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\library_dir
2016-03-23 16:37 - 2016-03-23 16:37 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-03-23 16:37 - 2016-03-23 16:37 - 00000000 ____D C:\Program Files (x86)\Raptr
2016-03-23 16:36 - 2016-03-23 16:36 - 00000000 ____D C:\Users\Doriani\AppData\Local\AMD
2016-03-23 16:34 - 2016-04-01 16:20 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-03-14 23:32 - 2015-12-08 19:39 - 00301728 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2016-03-10 14:06 - 2016-03-21 13:55 - 00003256 _____ C:\Windows\System32\Tasks\HPCeeScheduleForDoriani
2016-03-10 14:06 - 2016-03-21 13:55 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForDoriani.job
2016-03-08 13:47 - 2016-02-29 21:31 - 00848168 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2016-03-08 13:47 - 2016-02-29 21:22 - 00709688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-03-08 13:47 - 2016-02-24 01:52 - 01997328 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2016-03-08 13:47 - 2016-02-24 01:51 - 07474528 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2016-03-08 13:47 - 2016-02-24 01:48 - 00713568 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2016-03-08 13:47 - 2016-02-24 01:47 - 01173344 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2016-03-08 13:47 - 2016-02-24 01:40 - 00513888 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2016-03-08 13:47 - 2016-02-24 01:34 - 01613664 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2016-03-08 13:47 - 2016-02-24 01:28 - 03449168 _____ (Microsoft Corporation) C:\Windows\System32\WSService.dll
2016-03-08 13:47 - 2016-02-24 01:15 - 01557768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-03-08 13:47 - 2016-02-24 00:58 - 00794888 _____ (Microsoft Corporation) C:\Windows\System32\mfds.dll
2016-03-08 13:47 - 2016-02-24 00:54 - 00127840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBSTOR.SYS
2016-03-08 13:47 - 2016-02-24 00:51 - 01322248 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2016-03-08 13:47 - 2016-02-24 00:50 - 00808800 _____ (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
2016-03-08 13:47 - 2016-02-24 00:46 - 06607080 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2016-03-08 13:47 - 2016-02-24 00:43 - 00625000 _____ (Microsoft Corporation) C:\Windows\System32\ClipSVC.dll
2016-03-08 13:47 - 2016-02-24 00:39 - 00358752 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2016-03-08 13:47 - 2016-02-24 00:39 - 00141560 _____ (Microsoft Corporation) C:\Windows\System32\AuthHost.exe
2016-03-08 13:47 - 2016-02-24 00:19 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-03-08 13:47 - 2016-02-24 00:14 - 00216416 _____ (Microsoft Corporation) C:\Windows\System32\AppxAllUserStore.dll
2016-03-08 13:47 - 2016-02-24 00:11 - 01997152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2016-03-08 13:47 - 2016-02-24 00:11 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-03-08 13:47 - 2016-02-24 00:11 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-03-08 13:47 - 2016-02-24 00:11 - 00652392 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2016-03-08 13:47 - 2016-02-24 00:11 - 00394080 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2016-03-08 13:47 - 2016-02-24 00:11 - 00258280 _____ (Microsoft Corporation) C:\Windows\System32\sqmapi.dll
2016-03-08 13:47 - 2016-02-24 00:10 - 00630632 _____ (Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
2016-03-08 13:47 - 2016-02-24 00:10 - 00576864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2016-03-08 13:47 - 2016-02-24 00:09 - 00640472 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2016-03-08 13:47 - 2016-02-24 00:09 - 00147808 _____ (Microsoft Corporation) C:\Windows\System32\wermgr.exe
2016-03-08 13:47 - 2016-02-24 00:06 - 05242496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-03-08 13:47 - 2016-02-23 23:59 - 00294752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-03-08 13:47 - 2016-02-23 23:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\System32\UserDataTypeHelperUtil.dll
2016-03-08 13:47 - 2016-02-23 23:39 - 00023552 _____ (Microsoft Corporation) C:\Windows\System32\ExtrasXmlParser.dll
2016-03-08 13:47 - 2016-02-23 23:38 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-03-08 13:47 - 2016-02-23 23:38 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\UserDataTimeUtil.dll
2016-03-08 13:47 - 2016-02-23 23:37 - 00045056 _____ (Microsoft Corporation) C:\Windows\System32\UserDataLanguageUtil.dll
2016-03-08 13:47 - 2016-02-23 23:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\PimIndexMaintenanceClient.dll
2016-03-08 13:47 - 2016-02-23 23:35 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-03-08 13:47 - 2016-02-23 23:35 - 00523752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-03-08 13:47 - 2016-02-23 23:35 - 00220064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-08 13:47 - 2016-02-23 23:35 - 00045568 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2016-03-08 13:47 - 2016-02-23 23:33 - 00538736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-08 13:47 - 2016-02-23 23:33 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-08 13:47 - 2016-02-23 23:31 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2016-03-08 13:47 - 2016-02-23 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\wfapigp.dll
2016-03-08 13:47 - 2016-02-23 23:28 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\POSyncServices.dll
2016-03-08 13:47 - 2016-02-23 23:23 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthenum.sys
2016-03-08 13:47 - 2016-02-23 23:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\System32\asycfilt.dll
2016-03-08 13:47 - 2016-02-23 23:23 - 00068096 _____ (Microsoft Corporation) C:\Windows\System32\UserDataPlatformHelperUtil.dll
2016-03-08 13:47 - 2016-02-23 23:22 - 00196608 _____ (Microsoft Corporation) C:\Windows\System32\fwpolicyiomgr.dll
2016-03-08 13:47 - 2016-02-23 23:20 - 00195072 _____ (Microsoft Corporation) C:\Windows\System32\VCardParser.dll
2016-03-08 13:47 - 2016-02-23 23:20 - 00167936 _____ (Microsoft Corporation) C:\Windows\System32\dafBth.dll
2016-03-08 13:47 - 2016-02-23 23:20 - 00087552 _____ (Microsoft Corporation) C:\Windows\System32\AppxSysprep.dll
2016-03-08 13:47 - 2016-02-23 23:19 - 00145408 _____ (Microsoft Corporation) C:\Windows\System32\dssvc.dll
2016-03-08 13:47 - 2016-02-23 23:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\seclogon.dll
2016-03-08 13:47 - 2016-02-23 23:15 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2016-03-08 13:47 - 2016-02-23 23:14 - 00274944 _____ (Microsoft Corporation) C:\Windows\System32\ExSMime.dll
2016-03-08 13:47 - 2016-02-23 23:13 - 00121856 _____ (Microsoft Corporation) C:\Windows\System32\AppointmentActivation.dll
2016-03-08 13:47 - 2016-02-23 23:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\cemapi.dll
2016-03-08 13:47 - 2016-02-23 23:12 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\PhoneCallHistoryApis.dll
2016-03-08 13:47 - 2016-02-23 23:10 - 00093184 _____ (Microsoft Corporation) C:\Windows\System32\wpninprc.dll
2016-03-08 13:47 - 2016-02-23 23:09 - 00258560 _____ (Microsoft Corporation) C:\Windows\System32\UserDataAccountApis.dll
2016-03-08 13:47 - 2016-02-23 23:09 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\AppxSip.dll
2016-03-08 13:47 - 2016-02-23 23:07 - 00252928 _____ (Microsoft Corporation) C:\Windows\System32\PimIndexMaintenance.dll
2016-03-08 13:47 - 2016-02-23 23:05 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\storewuauth.dll
2016-03-08 13:47 - 2016-02-23 23:03 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-03-08 13:47 - 2016-02-23 23:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\System32\CallHistoryClient.dll
2016-03-08 13:47 - 2016-02-23 23:01 - 00764928 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2016-03-08 13:47 - 2016-02-23 23:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\AuthBroker.dll
2016-03-08 13:47 - 2016-02-23 23:01 - 00067584 _____ (Microsoft Corporation) C:\Windows\System32\profext.dll
2016-03-08 13:47 - 2016-02-23 23:00 - 00214528 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Scanners.dll
2016-03-08 13:47 - 2016-02-23 22:59 - 00450560 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Bluetooth.dll
2016-03-08 13:47 - 2016-02-23 22:59 - 00360448 _____ (Microsoft Corporation) C:\Windows\System32\vaultsvc.dll
2016-03-08 13:47 - 2016-02-23 22:59 - 00318976 _____ (Microsoft Corporation) C:\Windows\System32\domgmt.dll
2016-03-08 13:47 - 2016-02-23 22:58 - 00685568 _____ (Microsoft Corporation) C:\Windows\System32\scapi.dll
2016-03-08 13:47 - 2016-02-23 22:55 - 00790528 _____ (Microsoft Corporation) C:\Windows\System32\EmailApis.dll
2016-03-08 13:47 - 2016-02-23 22:55 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\PackageStateRoaming.dll
2016-03-08 13:47 - 2016-02-23 22:55 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExtrasXmlParser.dll
2016-03-08 13:47 - 2016-02-23 22:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\FirewallAPI.dll
2016-03-08 13:47 - 2016-02-23 22:54 - 00288768 _____ (Microsoft Corporation) C:\Windows\System32\vaultcli.dll
2016-03-08 13:47 - 2016-02-23 22:54 - 00228352 _____ (Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
2016-03-08 13:47 - 2016-02-23 22:54 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-08 13:47 - 2016-02-23 22:53 - 00089088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataTimeUtil.dll
2016-03-08 13:47 - 2016-02-23 22:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataLanguageUtil.dll
2016-03-08 13:47 - 2016-02-23 22:52 - 00451584 _____ (Microsoft Corporation) C:\Windows\System32\werui.dll
2016-03-08 13:47 - 2016-02-23 22:52 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-08 13:47 - 2016-02-23 22:51 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-03-08 13:47 - 2016-02-23 22:49 - 00726528 _____ (Microsoft Corporation) C:\Windows\System32\ChatApis.dll
2016-03-08 13:47 - 2016-02-23 22:47 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-03-08 13:47 - 2016-02-23 22:46 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfapigp.dll
2016-03-08 13:47 - 2016-02-23 22:44 - 01713664 _____ (Microsoft Corporation) C:\Windows\System32\SRHInproc.dll
2016-03-08 13:47 - 2016-02-23 22:44 - 00915456 _____ (Microsoft Corporation) C:\Windows\System32\configurationclient.dll
2016-03-08 13:47 - 2016-02-23 22:44 - 00700416 _____ (Microsoft Corporation) C:\Windows\System32\AppointmentApis.dll
2016-03-08 13:47 - 2016-02-23 22:44 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\POSyncServices.dll
2016-03-08 13:47 - 2016-02-23 22:43 - 00957952 _____ (Microsoft Corporation) C:\Windows\System32\SRH.dll
2016-03-08 13:47 - 2016-02-23 22:43 - 00286720 _____ (Microsoft Corporation) C:\Windows\System32\deviceaccess.dll
2016-03-08 13:47 - 2016-02-23 22:42 - 00954368 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2016-03-08 13:47 - 2016-02-23 22:42 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\BTHUSB.SYS
2016-03-08 13:47 - 2016-02-23 22:41 - 00982016 _____ (Microsoft Corporation) C:\Windows\System32\AppxPackaging.dll
2016-03-08 13:47 - 2016-02-23 22:41 - 00436736 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentClient.dll
2016-03-08 13:47 - 2016-02-23 22:40 - 01224704 _____ (Microsoft Corporation) C:\Windows\System32\Unistore.dll
2016-03-08 13:47 - 2016-02-23 22:40 - 00078848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-03-08 13:47 - 2016-02-23 22:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-08 13:47 - 2016-02-23 22:39 - 01390592 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2016-03-08 13:47 - 2016-02-23 22:39 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwpolicyiomgr.dll
2016-03-08 13:47 - 2016-02-23 22:38 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VCardParser.dll
2016-03-08 13:47 - 2016-02-23 22:36 - 01847808 _____ (Microsoft Corporation) C:\Windows\System32\WMPDMC.exe
2016-03-08 13:47 - 2016-02-23 22:34 - 00938496 _____ (Microsoft Corporation) C:\Windows\System32\ContactApis.dll
2016-03-08 13:47 - 2016-02-23 22:34 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-03-08 13:47 - 2016-02-23 22:32 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExSMime.dll
2016-03-08 13:47 - 2016-02-23 22:32 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentActivation.dll
2016-03-08 13:47 - 2016-02-23 22:31 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cemapi.dll
2016-03-08 13:47 - 2016-02-23 22:31 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-03-08 13:47 - 2016-02-23 22:28 - 00870912 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2016-03-08 13:47 - 2016-02-23 22:28 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-03-08 13:47 - 2016-02-23 22:28 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2016-03-08 13:47 - 2016-02-23 22:25 - 00401408 _____ (Microsoft Corporation) C:\Windows\System32\sharemediacpl.dll
2016-03-08 13:47 - 2016-02-23 22:23 - 00129024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-03-08 13:47 - 2016-02-23 22:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-03-08 13:47 - 2016-02-23 22:21 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-08 13:47 - 2016-02-23 22:21 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2016-03-08 13:47 - 2016-02-23 22:18 - 01490432 _____ (Microsoft Corporation) C:\Windows\System32\UserDataService.dll
2016-03-08 13:47 - 2016-02-23 22:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-03-08 13:47 - 2016-02-23 22:18 - 00184832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-03-08 13:47 - 2016-02-23 22:17 - 00369664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FirewallAPI.dll
2016-03-08 13:47 - 2016-02-23 22:16 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-08 13:47 - 2016-02-23 22:13 - 00540160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-03-08 13:47 - 2016-02-23 22:11 - 03593216 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2016-03-08 13:47 - 2016-02-23 22:09 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-03-08 13:47 - 2016-02-23 22:09 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-03-08 13:47 - 2016-02-23 22:09 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-03-08 13:47 - 2016-02-23 22:09 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-03-08 13:47 - 2016-02-23 22:07 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-03-08 13:47 - 2016-02-23 22:07 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-03-08 13:47 - 2016-02-23 22:07 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-03-08 13:47 - 2016-02-23 22:04 - 01497088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-08 13:47 - 2016-02-23 22:03 - 00769536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-03-08 13:47 - 2016-02-23 22:01 - 01831936 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2016-03-08 13:47 - 2016-02-23 22:00 - 02273792 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2016-03-08 13:47 - 2016-02-23 22:00 - 01098752 _____ (Microsoft Corporation) C:\Windows\System32\dosvc.dll
2016-03-08 13:47 - 2016-02-23 21:57 - 02158592 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2016-03-08 13:47 - 2016-02-23 21:55 - 01996288 _____ (Microsoft Corporation) C:\Windows\System32\ActiveSyncProvider.dll
2016-03-08 13:47 - 2016-02-23 21:43 - 00184320 _____ (Microsoft Corporation) C:\Windows\System32\fwbase.dll
2016-03-08 13:47 - 2016-02-23 21:34 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-03-08 13:47 - 2016-02-23 21:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fwbase.dll
2016-03-08 13:47 - 2016-02-23 21:20 - 22376960 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2016-03-08 13:47 - 2016-02-23 21:18 - 18677760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-08 13:47 - 2016-02-23 21:12 - 19339776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-08 13:47 - 2016-02-23 21:12 - 05321728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-03-08 13:47 - 2016-02-23 21:10 - 24600576 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2016-03-08 13:47 - 2016-02-23 21:09 - 06972416 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Data.Pdf.dll
2016-03-08 13:47 - 2016-02-23 21:05 - 12586496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-08 13:47 - 2016-02-23 21:03 - 14252544 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2016-03-08 13:47 - 2016-02-23 20:59 - 05661696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-03-08 13:47 - 2016-02-23 20:55 - 07835648 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2016-03-08 10:01 - 2016-03-08 12:03 - 00000000 ____D C:\Users\Doriani\Documents\Letter Template
2016-03-08 10:01 - 2016-03-08 10:01 - 00000000 ____D C:\Users\Doriani\Documents\New folder

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-07 18:45 - 2015-12-16 00:10 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 18:45 - 2015-10-29 23:21 - 00000000 ____D C:\Windows\INF
2016-04-02 06:46 - 2015-10-29 22:28 - 00524288 ___SH C:\Windows\System32\config\BBI
2016-04-01 16:21 - 2016-02-17 18:57 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-04-01 16:21 - 2015-11-16 10:10 - 00000000 ____D C:\Program Files\thinkorswim02
2016-04-01 16:21 - 2015-11-09 12:50 - 00000000 ____D C:\Users\Doriani\AppData\Local\Microsoft Help
2016-04-01 16:21 - 2015-10-29 22:28 - 00000000 ____D C:\Windows\servicing
2016-04-01 16:21 - 2015-04-13 20:59 - 00000000 ____D C:\ProgramData\pdf995
2016-04-01 16:21 - 2015-04-13 14:58 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\Telegram Desktop
2016-04-01 16:21 - 2015-03-23 13:50 - 00000000 ____D C:\Program Files (x86)\PDF995
2016-04-01 16:21 - 2013-11-05 17:58 - 00000000 ____D C:\Program Files\Webroot
2016-04-01 16:18 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-01 16:12 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\registration
2016-04-01 16:12 - 2015-10-29 22:28 - 00000000 ____D C:\Windows\System32\Sysprep
2016-04-01 16:11 - 2015-03-23 14:01 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\TaxCut
2016-04-01 16:09 - 2015-12-15 23:50 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-01 16:09 - 2015-12-15 23:50 - 00000000 ____D C:\Program Files\ATI Technologies
2016-04-01 16:09 - 2015-12-15 23:50 - 00000000 ____D C:\Program Files\AMD
2016-04-01 16:09 - 2015-09-26 16:47 - 00000000 ____D C:\Program Files\ATI
2016-04-01 16:09 - 2015-03-23 13:49 - 00000000 ____D C:\ProgramData\TaxCut
2016-04-01 16:09 - 2015-02-14 07:39 - 00000000 ____D C:\Users\Doriani\AppData\Local\Citrix
2016-04-01 16:09 - 2013-11-05 17:58 - 00000000 ____D C:\ProgramData\WRData
2016-04-01 16:07 - 2015-12-15 23:50 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-04-01 16:07 - 2013-04-27 07:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-01 12:40 - 2015-11-10 15:38 - 00879220 _____ C:\Windows\System32\PerfStringBackup.INI
2016-04-01 12:29 - 2015-11-20 06:14 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1893973666-1824473297-52381724-1001UA.job
2016-04-01 12:29 - 2015-05-15 17:12 - 00000000 ___RD C:\Users\Doriani\Dropbox
2016-04-01 12:28 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\AppReadiness
2016-04-01 12:28 - 2015-05-15 17:09 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\Dropbox
2016-04-01 12:27 - 2016-01-15 17:06 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-01 12:26 - 2015-12-15 23:54 - 00000000 ____D C:\users\Doriani
2016-03-28 14:08 - 2013-12-03 10:55 - 00000000 __RDO C:\Users\Doriani\SkyDrive
2016-03-28 12:55 - 2016-02-02 17:56 - 00000000 ____D C:\Program Files (x86)\Citrix
2016-03-27 13:50 - 2016-02-18 12:24 - 00000000 ____D C:\Users\Doriani\Downloads\Telegram Desktop
2016-03-25 14:20 - 2016-02-29 17:53 - 00000000 ____D C:\Users\Doriani\Documents\CHRIS - S Corp
2016-03-25 07:08 - 2015-09-28 15:20 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\Nitro PDF
2016-03-23 15:30 - 2015-10-29 23:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-23 15:20 - 2014-09-29 03:20 - 00000935 _____ C:\Windows\Tasks\EPSON XP-410 Series Update {55CC3832-4D54-4F8C-8649-68BA2E9BECE8}.job
2016-03-23 15:20 - 2014-09-29 03:20 - 00000749 _____ C:\Windows\Tasks\EPSON XP-410 Series Invitation {55CC3832-4D54-4F8C-8649-68BA2E9BECE8}.job
2016-03-23 15:19 - 2015-02-14 07:39 - 00000590 _____ C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-1893973666-1824473297-52381724-1001.job
2016-03-23 12:16 - 2016-01-15 17:06 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-23 12:10 - 2015-06-15 04:00 - 00000942 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1893973666-1824473297-52381724-1001UA.job
2016-03-23 12:03 - 2013-12-04 12:29 - 00004152 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{271DB031-C931-4184-8F60-BDD240E43560}
2016-03-23 10:21 - 2015-05-31 05:06 - 00000686 _____ C:\Windows\Tasks\G2MUploadTask-S-1-5-21-1893973666-1824473297-52381724-1001.job
2016-03-23 09:29 - 2015-11-20 06:14 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1893973666-1824473297-52381724-1001Core.job
2016-03-23 05:58 - 2015-01-13 06:58 - 00000370 _____ C:\Windows\Tasks\SlimCleaner Plus (Scheduled Scan - Doriani).job
2016-03-23 04:21 - 2013-11-22 05:27 - 00000000 ____D C:\Users\Doriani\.thinkorswim
2016-03-23 04:09 - 2014-04-17 03:35 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\Skype
2016-03-22 22:12 - 2015-05-31 05:06 - 00003840 _____ C:\Windows\System32\Tasks\G2MUploadTask-S-1-5-21-1893973666-1824473297-52381724-1001
2016-03-22 22:12 - 2015-02-14 07:39 - 00003744 _____ C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-1893973666-1824473297-52381724-1001
2016-03-22 22:10 - 2015-06-15 04:00 - 00000890 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1893973666-1824473297-52381724-1001Core.job
2016-03-22 04:02 - 2016-02-04 17:14 - 00000000 ____D C:\Users\Doriani\Documents\Joelle - Eastern
2016-03-21 17:26 - 2013-10-29 17:45 - 00000000 ____D C:\Users\Doriani\AppData\Local\Packages
2016-03-21 17:10 - 2016-02-04 17:14 - 00000000 ____D C:\Users\Doriani\Documents\_REV21.BIZ
2016-03-21 14:09 - 2014-04-17 03:35 - 00000000 ____D C:\ProgramData\Skype
2016-03-16 13:46 - 2013-11-23 19:38 - 00000000 ____D C:\Users\Doriani\Documents\KARA
2016-03-15 10:02 - 2016-02-04 17:35 - 00000000 ____D C:\Users\Doriani\Documents\Bonnie
2016-03-15 02:48 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-14 23:30 - 2015-10-29 22:28 - 00032768 ___SH C:\Windows\System32\config\ELAM
2016-03-14 18:54 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\rescache
2016-03-14 17:17 - 2016-01-15 17:06 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-14 14:31 - 2015-04-14 13:25 - 00000000 ____D C:\Users\Doriani\AppData\Roaming\TeamViewer
2016-03-14 11:51 - 2014-04-16 17:48 - 00000000 ____D C:\Users\Doriani\AppData\Local\Windows Live
2016-03-14 05:30 - 2015-09-09 21:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-14 05:28 - 2015-12-15 23:47 - 00380888 _____ C:\Windows\System32\FNTCACHE.DAT
2016-03-14 05:11 - 2015-10-30 01:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 __RSD C:\Windows\Media
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ___SD C:\Windows\System32\F12
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\SystemResetPlatform
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\oobe
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\System32\appraiser
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Windows\bcastdvr
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-14 05:11 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-14 05:11 - 2015-10-29 22:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-14 05:11 - 2015-10-29 22:28 - 00000000 ____D C:\Windows\System32\Dism
2016-03-10 14:06 - 2016-02-17 19:37 - 00000000 ____D C:\Users\Doriani\AppData\Local\Hewlett-Packard
2016-03-10 11:24 - 2016-02-04 17:14 - 00000000 ____D C:\Users\Doriani\Documents\MCAT
2016-03-09 13:16 - 2016-02-04 17:13 - 00000000 ____D C:\Users\Doriani\Documents\Health
2016-03-08 14:01 - 2013-11-05 18:12 - 00000000 ____D C:\Windows\System32\MRT
2016-03-08 13:48 - 2013-11-05 18:12 - 143659408 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe

Files to move or delete:
====================
C:\Users\Doriani\jing (1).exe
C:\Users\Doriani\jing (2).exe
C:\Users\Doriani\jing (3).exe
C:\Users\Doriani\jing.exe
C:\Users\Doriani\jing_setup.exe
C:\Users\Doriani\Setup.X86.en-US_O365HomePremRetail_3794f9bb-a196-4757-b4d5-3af85806d9c9_TX_PR_.exe


Some files in TEMP:
====================
C:\Users\Doriani\AppData\Local\Temp\converter.exe
C:\Users\Doriani\AppData\Local\Temp\i4jdel0.exe


==================== Known DLLs (Whitelisted) =========================

[2015-10-29 23:17] - [2015-10-29 23:17] - 0442720 ____A (Microsoft Corporation) C:\Windows\System32\coml2.dll
[2015-10-29 23:18] - [2015-10-29 23:18] - 0358240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\coml2.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe
[2016-01-12 10:16] - [2016-01-04 17:43] - 0584704 ____A (Microsoft Corporation) 7B24B823404D53DA4748F21AD2BF04C9

C:\Windows\System32\wininit.exe
[2015-10-29 23:17] - [2015-10-29 23:17] - 0290856 ____A (Microsoft Corporation) CAD491DD9EC00BB841EA407D9C498C4A

C:\Windows\explorer.exe
[2016-02-10 02:21] - [2016-01-28 22:57] - 4502352 ____A (Microsoft Corporation) 95D730526EF81792CD6848D8D10FAA1C

C:\Windows\SysWOW64\explorer.exe
[2016-02-10 02:21] - [2016-01-28 22:33] - 4064320 ____A (Microsoft Corporation) FCBCED2A237DCD7EF86CED551B731742

C:\Windows\System32\svchost.exe
[2015-10-29 23:17] - [2015-10-29 23:17] - 0043944 ____A (Microsoft Corporation) 8497852ED44AFF902D502015792D315D

C:\Windows\SysWOW64\svchost.exe
[2015-10-29 23:18] - [2015-10-29 23:18] - 0037256 ____A (Microsoft Corporation) 6A1212077C0559029CDFB9C39580C835

C:\Windows\System32\services.exe
[2016-01-27 18:57] - [2016-01-15 22:08] - 0440152 ____A (Microsoft Corporation) 6FF8248F3A9D69A095C7F3F42BC29CB2

C:\Windows\System32\User32.dll
[2015-12-16 02:42] - [2015-12-16 02:42] - 1399224 ____A (Microsoft Corporation) DD97EF0AE9224B8C1161736E033C03F1

C:\Windows\SysWOW64\User32.dll
[2015-12-16 02:42] - [2015-12-16 02:42] - 1337240 ____A (Microsoft Corporation) B8C4EFAA6AAED98E6B5AB57CAFA489B9

C:\Windows\System32\userinit.exe
[2015-10-29 23:17] - [2015-10-29 23:17] - 0030720 ____A (Microsoft Corporation) 8F3ECCB5DC878FA14887B43CD148CBA9

C:\Windows\SysWOW64\userinit.exe
[2015-10-29 23:18] - [2015-10-29 23:18] - 0026112 ____A (Microsoft Corporation) A878CF325C93723B5017642E6FDB80E8

C:\Windows\System32\rpcss.dll
[2015-10-29 23:17] - [2015-10-29 23:17] - 0904704 ____A (Microsoft Corporation) B339861C6A2A86FBCA67C2006B461473

C:\Windows\System32\dnsapi.dll
[2015-10-29 23:18] - [2015-10-29 23:18] - 0686984 ____A (Microsoft Corporation) E7B524818100B0FDE2B057C74B0C0DCD

C:\Windows\SysWOW64\dnsapi.dll
[2015-10-29 23:18] - [2015-10-29 23:18] - 0535088 ____A (Microsoft Corporation) 2796C0957F6F05A528DD64B8591371B6

C:\Windows\System32\Drivers\volsnap.sys
[2015-10-29 23:17] - [2015-10-29 23:17] - 0414560 ____A (Microsoft Corporation) E1F91A727A04C9F8199D04FF3BBBF63C


==================== EXE Association (Whitelisted) =============


==================== Restore Points =========================

Restore point date: 2016-03-23 15:31
Restore point date: 2016-03-27 15:15
Restore point date: 2016-04-07 18:45

==================== Memory info ===========================

Percentage of memory in use: 10%
Total physical RAM: 8076.47 MB
Available physical RAM: 7202.63 MB
Total Virtual: 8076.47 MB
Available Virtual: 7253.91 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:914.92 GB) (Free:738.15 GB) NTFS
Drive d: (RECOVERY) (Removable) (Total:14.94 GB) (Free:14.47 GB) FAT32
Drive e: (ReadyNAS_OS6) (CDROM) (Total:0.03 GB) (Free:0 GB) CDFS
Drive f: () (Fixed) (Total:0.44 GB) (Free:0.11 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: FF277BAA)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: 00000000)

Partition: GPT.


LastRegBack: 2016-03-22 07:56

==================== End of FRST.txt ============================
BethD is offline  
Old 04-08-2016, 11:53 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BethD. Unfortunately, I'm not seeing anything malicious in your log. And don't see the cause of your current problem.

You might want to consider doing a non-destructive recovery later.

------------------------------------------------------

Please download the attached fixlist.txt and save it to the USB drive where the FRST tool is located.

NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system.

Plug the USB drive into the infected PC.

Reboot your computer and go back to the Command Prompt as before.

Run FRST64 and press the Fix button just once and wait.
The tool will generate a log on the flashdrive (Fixlog.txt) please post it in your reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-08-2016, 12:47 PM   #18
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Chemist, you are terrific. Thanks so much for hanging in there with me. Here is the fixlog.txt:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by SYSTEM (2016-04-08 15:43:12) Run:1
Running from d:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ospd_us_350] => [X]
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Doriani\...\Run: [Zoom] => 0
HKU\Doriani\...\RunOnce: [Uninstall C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\Doriani\...\RunOnce: [Uninstall C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\Doriani\...\Policies\system: [DisableCMD] 0
HKU\Doriani\...\Policies\system: [NoDispAppearancePage] 0
HKU\Doriani\...\Policies\system: [NoDispBackgroundPage] 0
HKU\Doriani\...\Policies\system: [NoDispSettingsPage] 0
HKU\Doriani\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\Doriani\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\Doriani\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\Doriani\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\Doriani\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\Doriani\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\Doriani\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\Doriani\...\Policies\Explorer: [NoFind] 0
HKU\Doriani\...\Policies\Explorer: [NoFile] 0
HKU\Doriani\...\Policies\Explorer: [HideClock] 0
HKU\Doriani\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\Doriani\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\Doriani\...\Policies\Explorer: [NoSetFolders] 0
HKU\Doriani\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\Doriani\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\Doriani\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\Doriani\...\Policies\Explorer: [NoDFSTab] 0
HKU\Doriani\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\Doriani\...\Policies\Explorer: [NoLogoff] 0
HKU\Doriani\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\Doriani\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\Doriani\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\Doriani\...\Policies\Explorer: [NoResolveSearch] 0
HKU\Doriani\...\Policies\Explorer: [NoSaveSettings] 0
HKU\Doriani\...\Policies\Explorer: [NoHardwareTab] 0
HKU\Doriani\...\Policies\Explorer: [NoStartMenuSubFolders] 0
GroupPolicy: Restriction - Chrome <======= ATTENTION
S2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [198544 2015-12-04] (APN LLC.)
C:\Users\Doriani\jing (1).exe
C:\Users\Doriani\jing (2).exe
C:\Users\Doriani\jing (3).exe
C:\Users\Doriani\jing.exe
C:\Users\Doriani\jing_setup.exe
C:\Users\Doriani\Setup.X86.en-US_O365HomePremRetail_3794f9bb-a196-4757-b4d5-3af85806d9c9_TX_PR_.exe
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ospd_us_350 => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDesktop => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Run\\Zoom => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64 => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Doriani\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableCMD => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispAppearancePage => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispBackgroundPage => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\system\\NoDispSettingsPage => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewOnDrive => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRun => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableLocalMachineRunOnce => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRun => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisableCurrentUserRunOnce => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoViewContextMenu => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoShellSearchButton => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFind => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFile => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\HideClock => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayContextMenu => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoTrayItemsDisplay => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetFolders => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDevMgrUpdate => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSetTaskbar => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDeletePrinter => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoDFSTab => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoChangeStartMenu => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoLogoff => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoWindowsUpdate => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoEncryptOnMove => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoRunasInstallPrompt => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoResolveSearch => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoSaveSettings => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoHardwareTab => value removed successfully
HKU\Doriani\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoStartMenuSubFolders => value removed successfully
C:\Windows\System32\GroupPolicy\Machine => moved successfully
C:\Windows\System32\GroupPolicy\GPT.ini => moved successfully
APNMCP => service removed successfully
C:\Users\Doriani\jing (1).exe => moved successfully
C:\Users\Doriani\jing (2).exe => moved successfully
C:\Users\Doriani\jing (3).exe => moved successfully
C:\Users\Doriani\jing.exe => moved successfully
C:\Users\Doriani\jing_setup.exe => moved successfully
C:\Users\Doriani\Setup.X86.en-US_O365HomePremRetail_3794f9bb-a196-4757-b4d5-3af85806d9c9_TX_PR_.exe => moved successfully

==== End of Fixlog 15:43:22 ====
BethD is offline  
Old 04-08-2016, 01:19 PM   #19
Registered Member
 
Join Date: Mar 2016
Posts: 36
OS: Windows 10



Chemist, remember, I have taken out my video card so as to get one of my monitors to work. (I added the vid card so that I could have 3 monitors). Just an FYI. Problem might be with this video card, which is only a few months old.
BethD is offline  
Old 04-09-2016, 12:40 PM   #20
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BethD. Yeah, I remember. Have you tried Normal Mode lately?

If you are still having problems, it would be best to seek help back in your other thread, and let them know you were here first and were cleared of malware.

Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
windows xp virus
Okay so I'm 14 years old. my school gives us a laptop for the year and we have a deposit on it incase it breaks. Details you should know before suggesting anything: I got my virus at home. At school, when the computer starts up it loads certain stuff up, one item is the (h:) drive, which is...
Shard_22 Inactive Malware Help Topics 0 11-03-2011 04:04 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM
Troubleshoot! A Virus. OH, NO!
:wave: Hello, This first time I have ever gotten a virus on my labtop since I've gotten it. Ugh, very fustrating, also, I'm the type of person whose a do it herself person, plus I literally have no money to spend on professional help or professional programs. I've spend quite a bit of...
Lishy Inactive Malware Help Topics 0 01-25-2011 11:57 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:32 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts