Jump to content

Search the Community

Showing results for tags 'trojan.agent.enm'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

Found 3 results

  1. Good morning. I am a Windows 7 user and keep running into Trojan.Agent.ENM. I ran a scan this AM and it popped up again. How can I completely rid myself of this malware. Of late, it has only been showing up in my eTradePro folder. Latest Scan Export attached. Thanks, BernardB Scan Dump 6-15-2017.txt
  2. Dear forum MWB has twice found above malware during scan (free version), first 10 days ago and then again today. I've got Norton Security and run MWB regularly; NPE doesn't find anything. I have a Samsung laptop with Windows 7 (10 upgrade would not work on my machine) Thanks to someone for pointing me in this direction, Farbar results pasted below. BTW i'm not techy, pls dumb down for a newbie. thnx for any help anyone can pls give me.:/ ------------ Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01 Ran by Caroline (administrator) on CAROLINE-PC (13-08-2016 07:45:13) Running from C:\Users\Caroline\Downloads Loaded Profiles: UpdatusUser & Caroline (Available Profiles: UpdatusUser & Caroline) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\windows\System32\nvvsvc.exe (Microsoft Corporation) C:\windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\windows\SysWOW64\svchost.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe (IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Microsoft Corporation) C:\windows\System32\StikyNot.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe (SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\conathst.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1805952 2015-09-13] (NVIDIA Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\...\Run: [RESTART_STICKY_NOTES] => C:\windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [187152 2015-09-13] (NVIDIA Corporation) AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164008 2015-09-13] (NVIDIA Corporation) AppInit_DLLs-x32: , C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164008 2015-09-13] (NVIDIA Corporation) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation) ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.) ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-04-26] ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) BootExecute: autocheck autochk * sdnclean64.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1744AF86-9089-40A3-92B6-FBC6862049FA}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{89D3CAF5-DB95-4B67-8928-07C7073C392A}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/ HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869 BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] () BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) Toolbar: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553635000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab FireFox: ======== FF ProfilePath: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\jbi2gr1c.default FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\jbi2gr1c.default\searchplugins\norton-safe-search.xml [2016-02-01] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-06-15] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon FF HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-28] [not signed] Chrome: ======= CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR Profile: C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Slides) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-28] CHR Extension: (Google Docs) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-28] CHR Extension: (Google Drive) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28] CHR Extension: (Rapport) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-08] CHR Extension: (YouTube) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28] CHR Extension: (Norton Security Toolbar) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-01] CHR Extension: (Google Search) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28] CHR Extension: (Google Sheets) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-28] CHR Extension: (Google Docs Offline) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16] CHR Extension: (Norton Identity Safe) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-28] CHR Extension: (Word CaptureX Extension) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2015-12-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Gmail) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28] CHR Extension: (Chrome Media Router) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-11] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink) S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-10-22] (Macrovision Europe Ltd.) [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-17] (Symantec Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-09-01] () [File not signed] S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-05-13] (Symantec Corporation) R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160812.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation) R1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-21] (IBM Corp.) R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.) R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM Corp.) R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM Corp.) R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.) S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-06] (Windows (R) 2003 DDK 3790 provider) R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-15] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160614.021\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160614.021\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-13 07:45 - 2016-08-13 07:45 - 00024053 _____ C:\Users\Caroline\Downloads\FRST.txt 2016-08-13 07:44 - 2016-08-13 07:45 - 00000000 ____D C:\FRST 2016-08-13 07:43 - 2016-08-13 07:43 - 02393600 _____ (Farbar) C:\Users\Caroline\Downloads\FRST64.exe 2016-08-13 07:40 - 2016-08-13 07:40 - 00001066 _____ C:\Users\Caroline\Desktop\MWB scan 13aug16.txt 2016-08-12 19:21 - 2016-08-13 05:37 - 01312585 _____ C:\Users\Caroline\Desktop\2017 Calendar cover layout.pptx 2016-08-12 07:41 - 2016-08-12 07:41 - 02543562 _____ C:\Users\Caroline\Desktop\Banner_tortie_DLH.psd 2016-08-10 16:19 - 2016-08-02 15:54 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2016-08-10 16:19 - 2016-08-02 15:08 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2016-08-10 16:19 - 2016-08-02 07:54 - 25808384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2016-08-10 16:19 - 2016-08-02 07:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2016-08-10 16:19 - 2016-08-02 07:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2016-08-10 16:19 - 2016-08-02 07:32 - 02894336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2016-08-10 16:19 - 2016-08-02 07:32 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2016-08-10 16:19 - 2016-08-02 07:31 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2016-08-10 16:19 - 2016-08-02 07:31 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec 2016-08-10 16:19 - 2016-08-02 07:31 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2016-08-10 16:19 - 2016-08-02 07:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2016-08-10 16:19 - 2016-08-02 07:24 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2016-08-10 16:19 - 2016-08-02 07:23 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2016-08-10 16:19 - 2016-08-02 07:20 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2016-08-10 16:19 - 2016-08-02 07:19 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2016-08-10 16:19 - 2016-08-02 07:19 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2016-08-10 16:19 - 2016-08-02 07:18 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2016-08-10 16:19 - 2016-08-02 07:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll 2016-08-10 16:19 - 2016-08-02 07:18 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2016-08-10 16:19 - 2016-08-02 07:11 - 00969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2016-08-10 16:19 - 2016-08-02 07:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2016-08-10 16:19 - 2016-08-02 07:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2016-08-10 16:19 - 2016-08-02 07:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2016-08-10 16:19 - 2016-08-02 06:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll 2016-08-10 16:19 - 2016-08-02 06:56 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2016-08-10 16:19 - 2016-08-02 06:55 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2016-08-10 16:19 - 2016-08-02 06:54 - 20343808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2016-08-10 16:19 - 2016-08-02 06:53 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2016-08-10 16:19 - 2016-08-02 06:51 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2016-08-10 16:19 - 2016-08-02 06:51 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec 2016-08-10 16:19 - 2016-08-02 06:51 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll 2016-08-10 16:19 - 2016-08-02 06:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2016-08-10 16:19 - 2016-08-02 06:51 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2016-08-10 16:19 - 2016-08-02 06:50 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2016-08-10 16:19 - 2016-08-02 06:47 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2016-08-10 16:19 - 2016-08-02 06:45 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2016-08-10 16:19 - 2016-08-02 06:44 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2016-08-10 16:19 - 2016-08-02 06:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2016-08-10 16:19 - 2016-08-02 06:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll 2016-08-10 16:19 - 2016-08-02 06:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2016-08-10 16:19 - 2016-08-02 06:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2016-08-10 16:19 - 2016-08-02 06:40 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll 2016-08-10 16:19 - 2016-08-02 06:38 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2016-08-10 16:19 - 2016-08-02 06:38 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2016-08-10 16:19 - 2016-08-02 06:37 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2016-08-10 16:19 - 2016-08-02 06:36 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2016-08-10 16:19 - 2016-08-02 06:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2016-08-10 16:19 - 2016-08-02 06:29 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-08-10 16:19 - 2016-08-02 06:28 - 15412224 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2016-08-10 16:19 - 2016-08-02 06:28 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll 2016-08-10 16:19 - 2016-08-02 06:26 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2016-08-10 16:19 - 2016-08-02 06:25 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2016-08-10 16:19 - 2016-08-02 06:24 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2016-08-10 16:19 - 2016-08-02 06:23 - 02868224 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2016-08-10 16:19 - 2016-08-02 06:22 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll 2016-08-10 16:19 - 2016-08-02 06:21 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2016-08-10 16:19 - 2016-08-02 06:16 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll 2016-08-10 16:19 - 2016-08-02 06:15 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2016-08-10 16:19 - 2016-08-02 06:14 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2016-08-10 16:19 - 2016-08-02 06:14 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2016-08-10 16:19 - 2016-08-02 06:11 - 13808128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2016-08-10 16:19 - 2016-08-02 06:10 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2016-08-10 16:19 - 2016-08-02 05:59 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2016-08-10 16:19 - 2016-08-02 05:56 - 02393088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2016-08-10 16:19 - 2016-08-02 05:53 - 01316352 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2016-08-10 16:19 - 2016-08-02 05:51 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2016-08-10 16:19 - 2016-07-08 16:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys 2016-08-10 16:19 - 2016-07-08 16:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys 2016-08-10 16:19 - 2016-07-08 16:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll 2016-08-10 16:19 - 2016-07-08 16:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2016-08-10 16:19 - 2016-07-08 16:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll 2016-08-10 16:19 - 2016-07-08 16:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll 2016-08-10 16:19 - 2016-07-08 16:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2016-08-10 16:19 - 2016-07-08 16:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe 2016-08-10 16:19 - 2016-07-08 15:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys 2016-08-10 16:19 - 2016-07-08 15:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys 2016-08-10 16:19 - 2016-07-08 15:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys 2016-08-10 16:19 - 2016-07-08 15:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe 2016-08-10 16:19 - 2016-07-08 15:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe 2016-08-10 16:19 - 2016-07-08 15:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll 2016-08-10 16:17 - 2016-07-08 16:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2016-08-03 09:00 - 2016-08-13 06:52 - 00432686 _____ C:\windows\ntbtlog.txt 2016-08-01 19:23 - 2016-08-12 06:40 - 00000000 ____D C:\Users\Caroline\Desktop\Calendar 2017 pics 2016-07-24 18:06 - 2016-07-24 18:06 - 00000000 ____D C:\Program Files\Common Files\EPSON 2016-07-24 18:05 - 2016-07-24 18:06 - 00000000 ____D C:\ProgramData\EPSON 2016-07-24 18:05 - 2016-07-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON 2016-07-24 18:05 - 2012-09-27 11:02 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YLMJHE.DLL 2016-07-24 18:05 - 2012-09-27 11:02 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YD4BJHE.DLL 2016-07-24 18:05 - 2012-09-27 11:02 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-08-13 07:33 - 2012-10-15 15:47 - 00000000 ____D C:\Users\Caroline\Outlook 2016-08-13 07:18 - 2015-12-28 12:00 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2016-08-13 06:49 - 2009-07-14 05:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-08-13 06:49 - 2009-07-14 05:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-08-13 06:43 - 2014-06-17 09:55 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2016-08-13 06:36 - 2015-12-28 12:00 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2016-08-13 06:35 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT 2016-08-13 06:34 - 2011-07-20 11:19 - 00000000 ____D C:\windows\lt 2016-08-13 06:32 - 2014-06-17 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-08-12 18:59 - 2015-12-02 09:08 - 00000000 ____D C:\windows\System32\Tasks\Remediation 2016-08-12 07:41 - 2012-10-31 19:54 - 00001456 _____ C:\Users\Caroline\AppData\Local\Adobe Save for Web 12.0 Prefs 2016-08-10 18:39 - 2009-07-14 05:45 - 04979760 _____ C:\windows\system32\FNTCACHE.DAT 2016-08-10 17:32 - 2013-08-14 21:44 - 00000000 ____D C:\windows\system32\MRT 2016-08-10 17:19 - 2012-05-01 08:19 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe 2016-08-09 06:01 - 2015-12-28 12:01 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-08-09 06:01 - 2015-12-28 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-08-04 17:38 - 2009-07-14 06:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI 2016-08-04 17:38 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf 2016-08-03 09:13 - 2013-12-18 23:22 - 00000000 ____D C:\Users\Caroline\AppData\Local\NPE 2016-08-03 09:01 - 2014-04-25 17:42 - 00000000 ____D C:\NPE 2016-08-03 08:02 - 2009-07-14 06:32 - 00000000 ____D C:\windows\Downloaded Program Files 2016-07-30 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache 2016-07-29 22:28 - 2012-05-28 19:36 - 00000000 ____D C:\Users\Caroline\AppData\Local\CrashDumps 2016-07-29 12:32 - 2012-11-26 20:37 - 00000000 ____D C:\Users\Caroline\Desktop\cm stuff 2015 2016-07-29 12:32 - 2012-10-21 19:13 - 00000000 ____D C:\Users\Caroline\Desktop\CFC 2015 2016-07-29 06:13 - 2015-12-28 12:00 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-07-29 06:13 - 2015-12-28 12:00 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-07-23 06:53 - 2016-04-07 08:15 - 00213107 _____ C:\Users\Caroline\Desktop\Bobbie.jpeg 2016-07-21 18:14 - 2013-11-17 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection 2016-07-20 08:05 - 2015-03-31 21:52 - 00000000 ___SD C:\windows\SysWOW64\GWX 2016-07-20 08:05 - 2015-03-31 21:52 - 00000000 ___SD C:\windows\system32\GWX 2016-07-17 14:21 - 2016-05-17 12:00 - 00099196 _____ C:\Users\Caroline\Desktop\Healing.pptx ==================== Files in the root of some directories ======= 2012-11-11 12:48 - 2012-12-22 00:21 - 0000132 _____ () C:\Users\Caroline\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-10-31 19:54 - 2016-08-12 07:41 - 0001456 _____ () C:\Users\Caroline\AppData\Local\Adobe Save for Web 12.0 Prefs 2015-06-10 14:36 - 2015-06-10 14:36 - 0007605 _____ () C:\Users\Caroline\AppData\Local\Resmon.ResmonCfg 2015-04-05 14:27 - 2015-04-05 14:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-07-28 13:37 - 2014-08-05 19:23 - 0006843 _____ () C:\ProgramData\hpzinstall.log 2011-07-20 10:40 - 2011-09-07 21:17 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log 2011-07-20 10:35 - 2011-07-20 10:35 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log 2011-07-20 10:38 - 2011-09-07 21:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log 2011-07-20 10:35 - 2011-09-07 21:11 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log 2011-07-20 10:39 - 2011-09-07 21:15 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log 2011-09-07 21:15 - 2011-09-07 21:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log Some files in TEMP: ==================== C:\Users\Caroline\AppData\Local\Temp\ose00000.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\windows\system32\winlogon.exe => File is digitally signed C:\windows\system32\wininit.exe => File is digitally signed C:\windows\SysWOW64\wininit.exe => File is digitally signed C:\windows\explorer.exe => File is digitally signed C:\windows\SysWOW64\explorer.exe => File is digitally signed C:\windows\system32\svchost.exe => File is digitally signed C:\windows\SysWOW64\svchost.exe => File is digitally signed C:\windows\system32\services.exe => File is digitally signed C:\windows\system32\User32.dll => File is digitally signed C:\windows\SysWOW64\User32.dll => File is digitally signed C:\windows\system32\userinit.exe => File is digitally signed C:\windows\SysWOW64\userinit.exe => File is digitally signed C:\windows\system32\rpcss.dll => File is digitally signed C:\windows\system32\dnsapi.dll => File is digitally signed C:\windows\SysWOW64\dnsapi.dll => File is digitally signed C:\windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-07-30 16:30 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01 Ran by Caroline (2016-08-13 07:46:04) Running from C:\Users\Caroline\Downloads Windows 7 Home Premium Service Pack 1 (X64) (2012-04-26 09:34:59) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2774599765-3218687334-1828580283-500 - Administrator - Disabled) Caroline (S-1-5-21-2774599765-3218687334-1828580283-1001 - Administrator - Enabled) => C:\Users\Caroline Guest (S-1-5-21-2774599765-3218687334-1828580283-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2774599765-3218687334-1828580283-1003 - Limited - Enabled) Limited (S-1-5-21-2774599765-3218687334-1828580283-1004 - Limited - Enabled) UpdatusUser (S-1-5-21-2774599765-3218687334-1828580283-1000 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) „Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden „Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden „Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated) Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.) Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated) Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated) Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated) Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated) AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Any Audio Converter 3.5.6 (HKLM-x32\...\Any Audio Converter_is1) (Version: - Any-Audio-Converter.com) Any Video Converter 3.5.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden C4380 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden C4380_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.) CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.) CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4813b - CyberLink Corp.) CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4207 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3029.52 - CyberLink Corp.) CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Dropbox (HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.) Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD) Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.) Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung) Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.) EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung) EasyFileShare (HKLM-x32\...\{1181AA5B-8EFD-4AC5-8CDE-A1F7307B3427}) (Version: 1.0.13 - Samsung) Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version: - SEIKO EPSON Corporation) ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.) Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden ffdshow v1.1.4369 [2012-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4369.0 - ) Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation) Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel) iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden K-Lite Codec Pack 9.6.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - ) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation) Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.) Mozilla Firefox 44.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-GB)) (Version: 44.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - ) Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden Norton Security (HKLM-x32\...\NS) (Version: 22.7.0.76 - Symantec Corporation) NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation) NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden Pdf995 (HKLM-x32\...\Pdf995) (Version: - ) PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung) Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.) Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Rapport (x32 Version: 3.5.1609.76 - Trusteer) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.) Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation) Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.) Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: - Samsung Electronics Co., Ltd.) Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung) Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung) Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.) Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.) Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.) SamsungMovie (HKLM-x32\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SISShortcut (HKLM-x32\...\{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}) (Version: 1.00.000 - Samsung) SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.) SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.) SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.) SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer) UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - ) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7000 - Broadcom Corporation) Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience) Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0C15C14E-0ABE-4CB6-82FF-72B08B7D2D1C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION Task: {1810FF88-FD80-4D40-8842-11E24A73BE7B} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics) Task: {1BB7C560-4C51-48B2-94E9-681844D41975} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.) Task: {1E4815D1-08B3-4533-B0CC-DE8FA071E7C8} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.) Task: {1FA4ACDF-B7A1-4457-8E0F-19D3F0D0A011} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.) Task: {26D0B1D8-508C-4CA3-89C8-8F724C6312B4} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION Task: {4695C861-AB36-49A9-8A5B-B24750C54353} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.) Task: {487955C2-4040-40FA-A22E-FC6D55B7BDB8} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION Task: {48D8FC94-DC8F-4FCC-AFC7-A780A5DE8576} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink) Task: {4B1E5F0F-C2CD-4976-AC9A-8FC9EFA22990} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics) Task: {4D97D42D-C11F-4BBE-8389-57B1641EDB3D} - System32\Tasks\4994 => Wscript.exe C:\Users\Caroline\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION Task: {550DC194-11A7-47C4-A45D-F57F474E7905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated) Task: {597B8727-BD15-4A03-9678-C1CC34A199B8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-06] (Samsung Electronics Co., Ltd.) Task: {84CFBC70-4856-47BE-9000-8C5ADCA4F885} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC) Task: {9527CFFF-72BC-43FD-99EC-C8DC456D26ED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec [Argument = /RestartRecording] Task: {9F863DA4-40A0-4E6F-8FF5-2CFDB29E0673} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe Task: {A7DB7759-BBBD-400D-B2D5-B7CEFAB2F043} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.) Task: {AA21B158-5092-428B-997B-CFBF433FADB5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec [Argument = /StartRecording] Task: {ABC6AE90-4934-4291-928C-51DFB89564E6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-06-17] (Symantec Corporation) Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION Task: {ADEF0A7D-87C6-48A9-80E9-5C61A343F894} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\WSCStub.exe [2016-06-17] (Symantec Corporation) Task: {CB980953-9F25-4C88-BC2B-10BBB5F6FA4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.) Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION Task: {D8DFC81C-838E-4D1B-937F-9AE1CDCE411D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate [Argument = -crl -hms -pscn 15] Task: {DAEE778C-6B9F-470E-BD76-1D7E5EC6A5DB} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {E4A0C0E8-65E2-481F-945F-298C5B0399CA} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.) Task: {E547BB5A-5E36-4BEF-9989-D5E3FABAD334} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate [Argument = $(Arg0)] Task: {EA0F4352-583F-4B04-B568-2EA2236E9F1B} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {F8417A58-DCBA-460C-9BA6-A555FFC816B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-07] (Adobe Systems Incorporated) Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION Task: {FB0F0801-420B-4834-9C71-CC7540244F75} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-13 09:18 - 2015-09-13 09:18 - 00022328 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll 2015-10-15 10:10 - 2015-08-07 18:28 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2012-10-18 14:53 - 2012-04-26 15:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll 2011-07-21 01:31 - 2008-06-05 00:53 - 00027648 _____ () C:\windows\System32\spd__l.dll 2011-09-07 21:11 - 2011-09-01 03:09 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2011-07-21 01:31 - 2010-10-21 19:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll 2015-09-13 09:18 - 2015-09-13 09:18 - 00022144 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll 2015-10-15 11:09 - 2010-05-07 23:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-11-11 03:42 - 2015-11-11 03:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-06-09 10:33 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll 2016-06-09 10:33 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{0BD2B3E2-8A5E-4641-BAB5-9DF0EFA83FCC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{CDE083F0-DEE1-49DB-B114-A4F2C5FE1746}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe FirewallRules: [{24CCD856-8FE6-4868-8B60-D52BC83BCD29}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe FirewallRules: [{688E73E9-2D99-4D9E-992A-19D7A77F0B75}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe FirewallRules: [{F0EE70C0-C890-41CF-8868-365E215D6F8E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe FirewallRules: [{588F63AB-B6DB-414A-A953-D5346EBA6AFA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe FirewallRules: [{28A9D931-0EE3-4FCD-BCD0-97529BFF1BF2}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{C43260DA-3ECB-4585-B76F-A9AF420B1770}] => (Allow) C:\Windows\System32\SUPDSvc.exe FirewallRules: [{9F974AC6-171C-47C5-939E-6F0C81138FD6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{38C23A24-2214-4F54-BC55-25BD15366037}] => (Allow) LPort=2869 FirewallRules: [{F14A4699-56B6-46EE-B005-62FA7E5999E6}] => (Allow) LPort=1900 FirewallRules: [{999BD14F-F9C6-4D6D-8639-4EC0D85E72A9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{F31C0C5A-C660-4875-A910-CEE1CEAF256C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe FirewallRules: [{C8DCE68F-4E23-43FE-83AA-9526DA49E27A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE FirewallRules: [{DCEBAD84-016F-4018-8977-554228068FEE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{58D44D10-2B3F-4207-8D3B-F5950BFA847D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{2FAD5AAA-3E95-4A3F-9118-D81590B09D30}] => (Allow) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{8E51C08E-BF69-49E0-8FC5-E5D94FAC3EAF}] => (Allow) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{0832F506-A356-4F2B-AA28-8FAD15E99043}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{868A9381-A9BA-4122-A1CE-936E91DA9AB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{D73F7F0E-0B2D-4A06-8A9C-14CA882DC927}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8EAE816C-A9D0-4546-A65B-0AA15F675E45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{6EB083A1-4190-43F2-AD95-79C7C599B485}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS0F0C\setup\hpznui40.exe FirewallRules: [{35F41737-C134-43F9-8DB0-2AE7C61D6B04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe FirewallRules: [{3881B19B-F10C-47E5-B20B-D98EB637FFEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe FirewallRules: [{D9923D9E-B23F-43DC-8319-A49F817A2C40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe FirewallRules: [{9ED81735-5F08-43F6-99DD-C947B195CC37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe FirewallRules: [{D3244041-A882-4F93-A84A-F945D3076312}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe FirewallRules: [{3E725F7F-F445-4591-8AD7-AEDF6CD3DACD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe FirewallRules: [{31A5C4BE-C472-45E7-8219-B6405FAD5B89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe FirewallRules: [{F7A2BE71-B884-414D-9E94-3AEC38103F28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe FirewallRules: [{E722A078-95A3-41E2-B3D7-69D346474C42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe FirewallRules: [{4DAB18CA-DE89-4DD7-B2AF-97ACC90BA624}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe FirewallRules: [{AFC37C96-0CDF-41A9-A9EB-71AB1FD5B5E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe FirewallRules: [{83FD5841-B875-4321-8D80-0D3FE8BFC1D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe FirewallRules: [{EB63F58C-AD8C-4207-B6D0-1877BE508D73}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe FirewallRules: [{DC2A2E14-9C3D-467C-B787-80D4597D7803}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe FirewallRules: [{71D6F274-3384-4C79-B3E1-46BB2147D870}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe FirewallRules: [{EE651F19-99ED-4A84-9BB0-AD0B601A7F46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe FirewallRules: [{8508F74C-CF9C-455F-A557-C6F452018ECE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe FirewallRules: [{C15C271D-9709-4FAB-A5A8-501AC626C898}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe FirewallRules: [{376AA658-478B-46B8-889F-4A801F3BAEED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe FirewallRules: [{5D1A1C9C-D203-46F7-AA7A-2C99109B9A92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe FirewallRules: [{2040D129-FCB3-493D-8560-D9287B70085B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe FirewallRules: [{AD8D798F-1A61-4A65-8A25-457EB2B1363D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe FirewallRules: [{499919F5-5DF3-419B-9093-D3E49DE703A8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe FirewallRules: [{2FE359DF-1B93-48F1-A25E-6CCE4DD6896B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe FirewallRules: [TCP Query User{41DD8168-DC70-4B65-A11E-9443E9645F45}C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{1C31CEEB-5C42-4E7C-8AE3-7AF7E6CC32FA}C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{54F4581B-711B-4F36-9F3E-44A87FB15498}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{ED8D1DA8-8633-40EE-B6DE-EBAC3F10990A}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS1F14.tmp\SymNRT.exe FirewallRules: [{707518F4-4AC5-4159-A6A9-83B8CCD97FA6}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS1F14.tmp\SymNRT.exe FirewallRules: [{F44DEA68-0590-4A4A-82C8-3EF3BB622B5D}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS93F5.tmp\SymNRT.exe FirewallRules: [{FAEAD4CE-F30F-4194-9119-51A02D4EA3C2}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS93F5.tmp\SymNRT.exe FirewallRules: [{33409E33-A5EA-43A9-905D-8B77C756BAD2}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zSFAD2.tmp\SymNRT.exe FirewallRules: [{D8B1C659-9D39-4251-B56C-8C53D19D511D}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zSFAD2.tmp\SymNRT.exe FirewallRules: [{81CB5D64-3094-4A91-8267-66620622827C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{EC221F39-5370-4C4D-896C-E766ADEDD389}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{25582CB8-335D-4F06-A250-1549DC74D64B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 13-07-2016 17:11:08 Windows Update 20-07-2016 08:03:44 Windows Update 21-07-2016 18:12:20 Installed Rapport 30-07-2016 16:36:47 Scheduled Checkpoint 10-08-2016 17:17:20 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/13/2016 06:36:53 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/12/2016 04:37:59 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/11/2016 06:01:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 29201609 Error: (08/11/2016 06:01:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 29201609 Error: (08/11/2016 06:01:52 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/11/2016 06:01:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 29186009 Error: (08/11/2016 06:01:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 29186009 Error: (08/11/2016 06:01:36 AM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (08/10/2016 06:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (08/10/2016 08:24:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (08/13/2016 06:38:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC) Error: (08/13/2016 06:37:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/13/2016 05:01:04 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (08/13/2016 05:01:03 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (08/13/2016 05:01:03 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (08/13/2016 05:00:54 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (08/12/2016 04:39:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC) Error: (08/12/2016 09:07:27 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (08/12/2016 09:07:26 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. Error: (08/12/2016 09:07:25 AM) (Source: Disk) (EventID: 11) (User: ) Description: The driver detected a controller error on \Device\Harddisk1\DR1. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz Percentage of memory in use: 34% Total physical RAM: 8104.29 MB Available physical RAM: 5327.11 MB Total Virtual: 16206.76 MB Available Virtual: 12952.99 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:364 GB) (Free:218.6 GB) NTFS Drive d: () (Fixed) (Total:544.49 GB) (Free:543.79 GB) NTFS Drive f: () (Removable) (Total:14.83 GB) (Free:0.88 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 931.5 GB) (Disk ID: CD54DF59) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=364 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=544.5 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=22.9 GB) - (Type=12) ======================================================== Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  3. Hello, long time MBAM Free user who has mostly been happy with it until now. I'm running Windows 7 Home Premium. Yesterday I found my first Trojan while running a scan in my own LUA: a Trojan.Agent.ENM in the file 00011334.tmp. This is especially alarming since it was found in the actual Malwarebytes Anti-Malware folder in Program Files-- and even though the Scan History says it was quarantined, it is nowhere in my Quarantine list. I do not remember whether it was ever there. After a few hours searching the forums for this issue, I updated the program and databases to prepare for creating this post. (I successfully used the Administrator account after having had database/program update problems in my LUA for a few months-- I didn't know till now that running MBAM as an Administrator makes a difference.) This time the scan as Administrator only turned up the two PUPs that also came up in the previous scan that turned up the now-missing Trojan. Since the file isn't showing up in the Quarantine list to be restored and examined, I couldn't post about this issue in the False Positive board-- and by now I am too uneasy about the fact that a possible Trojan on my computer has mysteriously vanished. Logs are attached below: MBAM logs mbamscanlog-11-18-2015-1.txt Using version 2.1.8.1057. Trojan and 2 PUPs found. mbamscanlog-11-18-2015-2.txt Using version 2.2.0.1024. Which only found the PUPs. Farbar Recovery Scan Tool Addition.txt FRST.txt If you need additional information or there are formatting issues, please tell me. I'm just as concerned about what this could mean for your program as I am about my own computer. Thank you in advance for your time. FRST.txt Addition.txt mbamscanlog-11-18-2015-1.txt mbamscanlog-11-18-2015-2.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.