Strange behavior

[HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 19-11-2017
Ran by Patrick (24-11-2017 15:05:54) Run:9
Running from C:\Users\Owner\Desktop
Loaded Profiles: Patrick & Owner & Administrator (Available Profiles: Patrick & Owner & Administrator)
Boot Mode: Normal[/HEADING]
fixlist content:

---

Start
Createrestorepoint:
Closeprocesses:
HKLM...\RunOnce: [CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}] => C:\ProgramData\cis7D3A.exe [4784832 2017-08-29] (COMODO)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1492466166-1735938548-1690570200-1000...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-1492466166-1735938548-1690570200-1001...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1223560 2017-05-07] (Ruiware)
HKU\S-1-5-21-1492466166-1735938548-1690570200-1001...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe
Winsock: Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
Winsock: Catalog5-x64 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL => No File
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
R1 epp; C:\EEK\bin64\epp.sys [124552 2016-11-23] (Emsisoft Ltd)
S1 mbamchameleon; ??\C:\Windows\system32\drivers\mbamchameleon.sys
S3 MBAMSwissArmy; ??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
S3 VSScanner; system32\DRIVERS\vsscanner.sys
S1 ZAM; ??\C:\Windows\System32\drivers\zam64.sys
S1 ZAM_Guard; ??\C:\Windows\System32\drivers\zamguard64.sys
ContextMenuHandlers1: [Glary Utilities] → {B3C418F8-922B-4faf-915E-59BC14448CF7} => → No File
ContextMenuHandlers2: [Glary Utilities] → {B3C418F8-922B-4faf-915E-59BC14448CF7} => → No File
ContextMenuHandlers4: [MSSE] → {0365FE2C-F183-4091-AC82-BFC39FB75C49} => → No File
ContextMenuHandlers4: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => → No File
ContextMenuHandlers6: [Glary Utilities] → {B3C418F8-922B-4faf-915E-59BC14448CF7} => → No File
ContextMenuHandlers6: [Offline Files] → {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => → No File
Task: {2F74E8B2-69A2-4A0F-A3E5-9EBDFD44AD0D} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {9514F30D-C8DA-4CB1-AB27-D743DD03904E} - System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
Task: {A432B3CF-C559-407B-9656-D8E9A2E12DBF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1492466166-1735938548-1690570200-1000
Task: {AE5F3DE8-C9FB-47B7-AE5A-8B5B3259C90D} - System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: {EA935066-368B-4288-92AE-C3C9403B8386} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe
Task: C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => C:\ProgramData\cis7D3A.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP1B5B4F1 [151]
MSCONFIG\Services: VoodooShieldService => 2
FirewallRules: [{8EA77410-6200-4326-96A9-2DC1FC8F8723}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{02D1563B-D869-4314-A7CF-3BFE79A9F8C0}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{E37B2E3D-BD7E-4D14-9C50-96028AAF46AD}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{C8253294-4436-430C-B5EE-91193083C298}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{C36A565E-B5A0-48B3-8973-F3559B6166A0}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{81CC9780-9D96-4C73-8ED4-A01A4676623F}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{F48882C1-0AD6-4DDD-A9C0-E213A7D9827A}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{54F0A311-72F9-49BD-8D81-291074F5556B}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{307BF65A-9757-43AB-858C-3B68ABB3E2A6}] => (Allow) C:\Users\Owner\AppData\Roaming\uTorrent\uTorrent.e xe
FirewallRules: [{DF6A0D1D-5D57-4D6C-96B6-104AFBA3A8B2}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{24132901-D7BA-4A97-91FA-E60B7D31FB47}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{60E6D465-398E-4850-BE86-7EF7620A2377}] => (Block) C:\windows\system32\svchost.exe
C:\Program Files (x86)\Ruiware
C:\ProgramData\cis7D3A.exe
C:\Program Files (x86)\MCShield
C:\EEK
C:\Windows\system32\drivers\mbamchameleon.sys
C:\Windows\system32\drivers\MBAMSwissArmy.sys
C:\Windows\System32\drivers\zam64.sys
C:\Windows\System32\drivers\zamguard64.sys
C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job
C:\ProgramData\cmdres.dll
C:\Windows\system32\Drivers\4B53E2E4.sys
C:\ProgramData\Emsisoft
C:\Users\Owner\AppData\Roaming\9-lab
C:\Users\Patrick\AppData\Local\ESET
C:\Users\Owner\AppData\Local\ESET
C:\Program Files\9-lab
C:\Users\Public\Desktop\Removal Tool.lnk
C:\Users\Patrick\AppData\Roaming\9-lab
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
C:\ProgramData\9-lab
C:\Users\Administrator\AppData\Local\Zemana
C:\Windows\ZAM.krnl.trace
C:\Windows\ZAM_Guard.krnl.trace
C:\ProgramData\HitmanPro
C:\ProgramData\cis7D3A.exe
C:\Program Files\COMODO
Hosts:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
EmptyTemp:
reboot:
end

---

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Once\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82} => value removed successfully
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender => key removed successfully
HKU\S-1-5-21-1492466166-1735938548-1690570200-1000\Software\Microsoft\Windows\CurrentVersion\Run \WinPatrol => value removed successfully
HKU\S-1-5-21-1492466166-1735938548-1690570200-1001\Software\Microsoft\Windows\CurrentVersion\Run \WinPatrol => value removed successfully
HKU\S-1-5-21-1492466166-1735938548-1690570200-1001\Software\Microsoft\Windows\CurrentVersion\Run \MCShield Monitor => value removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\000000 000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries\000000 000009 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries64\0000 00000008 => key removed successfully
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Pa rameters\NameSpace_Catalog5\Catalog_Entries64\0000 00000009 => key removed successfully
HKLM\System\CurrentControlSet\Services\AppMgmt => key removed successfully
AppMgmt => service removed successfully
epp => Service stopped successfully.
HKLM\System\CurrentControlSet\Services\epp => key removed successfully
epp => service removed successfully
HKLM\System\CurrentControlSet\Services\mbamchamele on => key removed successfully
mbamchameleon => service removed successfully
HKLM\System\CurrentControlSet\Services\MBAMSwissAr my => key removed successfully
MBAMSwissArmy => service removed successfully
HKLM\System\CurrentControlSet\Services\VSScanner => key removed successfully
VSScanner => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully
ZAM => service removed successfully
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully
ZAM_Guard => service removed successfully
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \Glary Utilities => key removed successfully
HKLM\Software\Classes\CLSID{B3C418F8-922B-4faf-915E-59BC14448CF7} => key removed successfully
HKLM\Software\Classes\Drive\ShellEx\ContextMenuHan dlers\Glary Utilities => key removed successfully
HKLM\Software\Classes\CLSID{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\MSSE => key removed successfully
HKLM\Software\Classes\CLSID{0365FE2C-F183-4091-AC82-BFC39FB75C49} => key not found.
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers\Glary Utilities => key removed successfully
HKLM\Software\Classes\CLSID{B3C418F8-922B-4faf-915E-59BC14448CF7} => key not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers\Offline Files => key removed successfully
HKLM\Software\Classes\CLSID{474C98EE-CF3D-41f5-80E3-4AAB0AB04301} => key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot{2F74E8B2-69A2-4A0F-A3E5-9EBDFD44AD0D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{2F74E8B 2-69A2-4A0F-A3E5-9EBDFD44AD0D} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\C OMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{9514F30 D-C8DA-4CB1-AB27-D743DD03904E} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{9514F30 D-C8DA-4CB1-AB27-D743DD03904E} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\C OMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{A432B3C F-C559-407B-9656-D8E9A2E12DBF} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A432B3C F-C559-407B-9656-D8E9A2E12DBF} => key removed successfully
C:\Windows\System32\Tasks\Games\UpdateCheck_S-1-5-21-1492466166-1735938548-1690570200-1000 => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Games\Up dateCheck_S-1-5-21-1492466166-1735938548-1690570200-1000 => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{AE5F3DE 8-C9FB-47B7-AE5A-8B5B3259C90D} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{AE5F3DE 8-C9FB-47B7-AE5A-8B5B3259C90D} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\C OMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{EA93506 6-368B-4288-92AE-C3C9403B8386} => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{EA93506 6-368B-4288-92AE-C3C9403B8386} => key removed successfully
C:\Windows\System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\COMODO\C OMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => key removed successfully
C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job => moved successfully
“C:\ProgramData\TEMP” => “1B5B4F1” ADS not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\VoodooShieldService => key removed successfully
HKLM\System\CurrentControlSet\Services\VoodooShiel dService => key not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{8EA7741 0-6200-4326-96A9-2DC1FC8F8723} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{02D1563 B-D869-4314-A7CF-3BFE79A9F8C0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{E37B2E3 D-BD7E-4D14-9C50-96028AAF46AD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{C825329 4-4436-430C-B5EE-91193083C298} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{C36A565 E-B5A0-48B3-8973-F3559B6166A0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{81CC978 0-9D96-4C73-8ED4-A01A4676623F} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{F48882C 1-0AD6-4DDD-A9C0-E213A7D9827A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{54F0A31 1-72F9-49BD-8D81-291074F5556B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{307BF65 A-9757-43AB-858C-3B68ABB3E2A6} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{DF6A0D1 D-5D57-4D6C-96B6-104AFBA3A8B2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{2413290 1-D7BA-4A97-91FA-E60B7D31FB47} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAcces s\Parameters\FirewallPolicy\FirewallRules\{60E6D46 5-398E-4850-BE86-7EF7620A2377} => value removed successfully
C:\Program Files (x86)\Ruiware => moved successfully
C:\ProgramData\cis7D3A.exe => moved successfully
“C:\Program Files (x86)\MCShield” => not found.
C:\EEK => moved successfully
“C:\Windows\system32\drivers\mbamchameleon.sys” => not found.
“C:\Windows\system32\drivers\MBAMSwissArmy.sys” => not found.
“C:\Windows\System32\drivers\zam64.sys” => not found.
“C:\Windows\System32\drivers\zamguard64.sys” => not found.
“C:\Windows\Tasks\CIS_{81EFDD93-DBBE-415B-BE6E-49B9664E3E82}.job” => not found.
C:\ProgramData\cmdres.dll => moved successfully
C:\Windows\system32\Drivers\4B53E2E4.sys => moved successfully
C:\ProgramData\Emsisoft => moved successfully
C:\Users\Owner\AppData\Roaming\9-lab => moved successfully
C:\Users\Patrick\AppData\Local\ESET => moved successfully
C:\Users\Owner\AppData\Local\ESET => moved successfully
C:\Program Files\9-lab => moved successfully
C:\Users\Public\Desktop\Removal Tool.lnk => moved successfully
C:\Users\Patrick\AppData\Roaming\9-lab => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool => moved successfully
C:\ProgramData\9-lab => moved successfully
C:\Users\Administrator\AppData\Local\Zemana => moved successfully
C:\Windows\ZAM.krnl.trace => moved successfully
C:\Windows\ZAM_Guard.krnl.trace => moved successfully
C:\ProgramData\HitmanPro => moved successfully
“C:\ProgramData\cis7D3A.exe” => not found.
C:\Program Files\COMODO => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= netsh advfirewall reset =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003

An error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 0 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2100493 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 0 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
Patrick => 23707807 B
Owner => 5411 B
Administrator => 432 B

RecycleBin => 0 B
EmptyTemp: => 24.6 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 15:06:50 ====

What’s the next step? Did you see I posted the ZHPDiag log?

Yes, give me a little time to go through the log.

Hi PatL, Please run this ZHP fix.

Please go HERE and click the blue [MEDIA=imgur]fQO1SSi[/MEDIA] link (French for download) and save the file to your desktop.

Please note is it important to disable your antivirus before running this tool. If you are uncertain how to do this please ask?

Right click the desktop icon [MEDIA=imgur]h5QXsXi[/MEDIA] and choose “Run as Administrator”. You can safely ignore any security warnings when running this tool.

On the main interface select IMPORT

[MEDIA=imgur]I3yMa37[/MEDIA]

If a box appears similar to that below, click OK or just X out of it.

[MEDIA=imgur]v6smBPj[/MEDIA]

Copy the contents of the box below
Script Zhpfix
O38 - TASK: {2F74E8B2-69A2-4A0F-A3E5-9EBDFD44AD0D} [64Bits][\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (.not file.) [0] (.Orphan.) =>.SUP.Orphan
O38 - TASK: {39A98B3C-C528-4993-8E16-3399E7A62867} [64Bits][\Microsoft\Windows\Media Center\mcupdate] - (…) – C:\Windows\ehome\mcupdate (.not file.) [0] (.Orphan.) =>.SUP.Orphan
O38 - TASK: {3B3DCCBA-789E-4662-A0AF-49E6D2F4BCF7} [64Bits][\Microsoft\Windows\Media Center\StartRecording] - (…) – C:\Windows\ehome\ehrec (.not file.) [0] (.Orphan.) =>.SUP.Orphan
O38 - TASK: {9514F30D-C8DA-4CB1-AB27-D743DD03904E} [64Bits][\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (.not file.) [0] (.Orphan.) =>.SUP.Orphan
O38 - TASK: {999DA5BD-5583-4F14-97FA-1602A926540D} [64Bits][\Microsoft\Windows\Media Center\RecordingRestart] - (…) – C:\Windows\ehome\ehrec (.not file.) [0] (.Orphan.) =>.SUP.Orphan
O38 - TASK: {AE5F3DE8-C9FB-47B7-AE5A-8B5B3259C90D} [64Bits][\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (.not file.) [0] (.Orphan.) =>.SUP.Orphan
O38 - TASK: {EA935066-368B-4288-92AE-C3C9403B8386} [64Bits][\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (.not file.) [0] (.Orphan.) =>.SUP.Orphan
O10 - WLSP:\NameSpace_Catalog5\Catalog_Entries\000000000 008\Winsock LSP File . (…) – C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Not File) =>Hijacker.Winsock
O10 - WLSP:\NameSpace_Catalog5\Catalog_Entries\000000000 009\Winsock LSP File . (…) – C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Not File) =>Hijacker.Winsock
O10 - WLSP:\NameSpace_Catalog5\Catalog_Entries64\0000000 00008\Winsock LSP File . (…) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Not File) =>Hijacker.Winsock
O10 - WLSP:\NameSpace_Catalog5\Catalog_Entries64\0000000 00009\Winsock LSP File . (…) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Not File) =>Hijacker.Winsock
O108 - CMH1: Glary Utilities [64Bits] - {B3C418F8-922B-4faf-915E-59BC14448CF7} . (.Orphan.)
O108 - CMH4: MSSE [64Bits] - {0365FE2C-F183-4091-AC82-BFC39FB75C49} . (.Orphan.)
O108 - CMH4: Offline Files [64Bits] - {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} . (.Orphan.)
O108 - CMH6: Glary Utilities [64Bits] - {B3C418F8-922B-4faf-915E-59BC14448CF7} . (.Orphan.)
O108 - CMH6: Offline Files [64Bits] - {474C98EE-CF3D-41f5-80E3-4AAB0AB04301} . (.Orphan.)
O108 - CMH7: Glary Utilities [64Bits] - {B3C418F8-922B-4faf-915E-59BC14448CF7} . (.Orphan.)
HKLM\Software\Classes*\ShellEx\ContextMenuHandlers \Glary Utilities =>.SUP.Orphan
HKLM\Software\Classes\CLSID{B3C418F8-922B-4faf-915E-59BC14448CF7} =>.SUP.Orphan
HKLM\Software\Wow6432Node\Classes\CLSID{B3C418F8-922B-4faf-915E-59BC14448CF7} =>.SUP.Orphan
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\MSSE =>.SUP.Orphan
HKLM\Software\Classes\Directory\ShellEx\ContextMen uHandlers\Offline Files =>.SUP.Orphan
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers\Glary Utilities =>.SUP.Orphan
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHa ndlers\Offline Files =>.SUP.Orphan
HKLM\Software\Classes\Drive\shellex\ContextMenuHan dlers\Glary Utilities =>.SUP.Orphan
EmptyPrefetch
Emptytemp
EmptyClsid

And paste it into the blank ZHP Fix interface screen, then click GO.

[MEDIA=imgur]CiyzY6j[/MEDIA]

Accept the cleaning process by clicking “Oui” (yes)



The cleanup will run and will again ask for permission to complete, again select “Oui”.

At the conclusion of cleaning a file notepad will open and be saved to your desktop. Please Copy and Paste the contents of this file in your next reply

Rapport de ZHPFix 2017.06.13.1 par Nicolas Coolman, Update du 13/06/2017
Fichier d’export Registre :
Run by Patrick at 11/25/2017 5:36:29 PM
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Recycle Bin emptied (01mn AMs)

========== Registry keys ==========
REMOVES: HKLM\Software\Wow6432Node\Classes\CLSID{B3C418F8-922B-4faf-915E-59BC14448CF7}

========== Folders ==========
No folders empty CLSID Local user

========== Files ==========
Deletes temporary Windows (0) (0 octets)

========== Other ==========
NON-TREATY O38 - TASK: {2F74E8B2-69A2-4A0F-A3E5-9EBDFD44AD0D} [64Bits][\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (.not file.) [0] (.Orphan.)
NON-TREATY O38 - TASK: {39A98B3C-C528-4993-8E16-3399E7A62867} [64Bits][\Microsoft\Windows\Media Center\mcupdate] - (…) – C:\Windows\ehome\mcupdate (.not file.) [0] (.Orphan.)
NON-TREATY O38 - TASK: {3B3DCCBA-789E-4662-A0AF-49E6D2F4BCF7} [64Bits][\Microsoft\Windows\Media Center\StartRecording] - (…) – C:\Windows\ehome\ehrec (.not file.) [0] (.Orphan.)
NON-TREATY O38 - TASK: {9514F30D-C8DA-4CB1-AB27-D743DD03904E} [64Bits][\COMODO\COMODO Autostart {D5EFF3B3-E126-4AF6-BCE9-852A72129E10}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (.not file.) [0] (.Orphan.)
NON-TREATY O38 - TASK: {999DA5BD-5583-4F14-97FA-1602A926540D} [64Bits][\Microsoft\Windows\Media Center\RecordingRestart] - (…) – C:\Windows\ehome\ehrec (.not file.) [0] (.Orphan.)
NON-TREATY O38 - TASK: {AE5F3DE8-C9FB-47B7-AE5A-8B5B3259C90D} [64Bits][\COMODO\COMODO CMC {06A09C0F-DD9C-4191-A670-71115CD78627}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (.not file.) [0] (.Orphan.)
NON-TREATY O38 - TASK: {EA935066-368B-4288-92AE-C3C9403B8386} [64Bits][\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85}] - (…) – C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe (.not file.) [0] (.Orphan.)

========== Summary ==========
1 : Registry keys
1 : Folders
1 : Files
7 : Other

End of clean in 02mn AMs

========== Path to file report ==========
C:\Users\Patrick\AppData\Roaming\ZHP\ZHPFix[R1].txt - 11/19/2017 10:23:18 AM [1571]
C:\Users\Patrick\AppData\Roaming\ZHP\ZHPFix[R2].txt - 11/19/2017 1:25:56 PM [637]
C:\Users\Patrick\AppData\Roaming\ZHP\ZHPFix[R3].txt - 11/19/2017 1:26:09 PM [800]
C:\Users\Patrick\AppData\Roaming\ZHP\ZHPFix[R4].txt - 11/25/2017 5:36:30 PM [2487]

Has there been any change to your PC? What issues remain?

There are no changes and the issues from before still remain. While in Normal Mode under my Standard User Account: Owner anything I click that is in the taskbar gives me the window: “Can’t open this item: it might have been moved, renamed, or deleted.” Also any shortcuts on the desktop I click and anything in the start menu clicked on do not open. I have to manually move to the folder where the program I am trying to open is, then double click it.

From the amount of Security apps removed in this thread, which you have obviously used with unknown results, and the scans we have performed there is little evidence of any remaining malware. Therefore it would appear that there are issues with Windows 7 itself.

Before I move this thread out of malware can you try?

Run system File Checker Use the System File Checker tool to repair missing or corrupted system files - Microsoft Support
creating another account and see if the issues remain?

I’ve tested the problem on my Patrick account, it does not occur. Also on the effected account the problem vanishes in Safe Mode. It’s quite frustrating… SFC did not find any integrity violations.

Voila, why not use your Patrick (admin) account?

Shall move this thread to Windows 7 forum.

EDIT: these are the accounts listed from the supplied logs

Administrator (S-1-5-21-1492466166-1735938548-1690570200-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-1492466166-1735938548-1690570200-501 - Limited - Disabled)
Owner (S-1-5-21-1492466166-1735938548-1690570200-1001 - Limited - Enabled) => C:\Users\Owner
Patrick (S-1-5-21-1492466166-1735938548-1690570200-1000 - Administrator - Enabled) => C:\Users\Patrick

Could I reinstall my Comodo Firewall now, or should I wait?

Commodo Firewall only, if you wish? Just don’t install two realtime AV’s together. Get rid of Avast and install the Commodo suite you had previously if you wish.

Gus,
I’ve re-installed my Malwarebytes, Zemana and Comodo. (Just to be sure my licenses were still working, they are) For some reason Comodo Firewall auto installs as Advanced Security. However I have deselected all other programs settings so it’s only listed as the firewall. I’ve given exclusions to all antimalware/virus apps for each other so there are no conflicts. What is the next step?

This thread is open to others now to comment on your Windows account issues. As you appear not to want to use your own account, which resolves your issues. Perhaps others can help you with the use of a limited account you wish to use.
And that’s added to Avast you already have. You have been advised in the past not to choke your pc with a multitude of security apps, your call.

Well for RTP I have Avast and MWB both those are proven to work together on all PCs. Comodo is simply a firewall with an advanced HIPS feature. Since it has a HIPS it reads (incorrectly) as an anti-virus companion. So it’s no big problem there either. Still no luck trying to figure out which setting changes between Safe Mode and Normal that blocks my taskbar, start menu clicks and shortcuts from opening. How do I do a Clean Boot in Normal to test that out?