Evidence of infection with at least minor PUPs

[jonbam]

Hi

 

I was told to post here, so far I have been told the following:

 

 

 

1. You are running MBAM in compatibility mode -- that is neither recommended nor necessary and it can cause problems for the program.

 

When I checked the program properties the compatibility box isn't ticked? See Here:  http://i1306.photobucket.com/albums/s579/jbaccrington/compmode_zps721ba1e1.jpg

 

 

 

2. There is evidence of infection with at least minor PUPs.

 

Malwarebytes Premium 2.0.2.1012 didn't detect anything, When I scanned using the threat scan option.

 

 

FRST.txt

Addition.txt

CheckResults.txt

[jonbam]

Hi

 

I am getting a unwanted popups. I leave my computer for a while, and when I get back the following has appeared:

 

http://i1306.photobucket.com/albums/s579/jbaccrington/unwantedpopup_zps27b5ef32.jpg

 

thanks

 

Jonathan

[kevinf80]

Hello and

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.

• 
  

Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

Please download Junkware Removal Tool to your desktop.

• 
  

Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Let me see those logs in your next reply, also give an update on any remaining issues or concerns...

 

Kevin...

[jonbam]

# AdwCleaner v3.310 - Report created 28/09/2014 at 19:35:28
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jonathan - JONATHAN-PC
# Running from : C:\Users\Jonathan\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


-\\ Mozilla Firefox v32.0.3 (x86 en-US)

[ File : C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\9ie5dycq.default-1378541054654\prefs.js ]


-\\ Google Chrome v37.0.2062.124

[ File : C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2350 octets] - [27/09/2014 11:56:07]
AdwCleaner[R1].txt - [2410 octets] - [27/09/2014 12:00:18]
AdwCleaner[R2].txt - [1149 octets] - [27/09/2014 12:04:58]
AdwCleaner[R3].txt - [1275 octets] - [27/09/2014 12:12:45]
AdwCleaner[R4].txt - [1335 octets] - [27/09/2014 12:32:33]
AdwCleaner[R5].txt - [1395 octets] - [27/09/2014 12:34:57]
AdwCleaner[R6].txt - [1450 octets] - [27/09/2014 12:37:29]
AdwCleaner[R7].txt - [1510 octets] - [28/09/2014 19:34:23]
AdwCleaner[s0].txt - [2419 octets] - [27/09/2014 12:01:17]
AdwCleaner[s1].txt - [1458 octets] - [27/09/2014 12:36:17]
AdwCleaner[s2].txt - [1431 octets] - [28/09/2014 19:35:28]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1491 octets] ##########

[jonbam]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.2.3 (09.27.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jonathan on 28/09/2014 at 19:43:37.56
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Jonathan\AppData\Roaming\mozilla\firefox\profiles\9ie5dycq.default-1378541054654\minidumps [73 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/09/2014 at 19:47:02.24
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[kevinf80]

Did you run Malwarebytes before AdwCleaner and JRT, if so can I see that log..

[jonbam]

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 27/09/2014
Scan Time: 17:36:37
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.27.07
Rootkit Database: v2014.09.19.01
License: Premium
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Jonathan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 354948
Time Elapsed: 5 min, 31 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

[kevinf80]

Do you still get the unwanted popups, is it only specific to one browser or more than one...

[jonbam]

Hi

 

These popups appear at about 7pm UK time each day. I will have to wait to find out if they reappear?

 

thanks

 

Jonathan

[jonbam]

I'm using firefox, the popups appear in a new window.

 

I'm thinking is there a way to check the processes/services in the windows7 taskbar?

 

 

thanks

 

Jonathan

[kevinf80]

Open Task manager, Right click on the taskbar and select "Start Task Manager"

 

Next,

 

If the popups remain run the following:

 

Scan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 

• 
  

Right-click on icon and select Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;

 

 

• 
  

Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply.

Don't forget to re-enable your switched-off protection software!

 

Post that log in next reply...

 

Kevin...

[jonbam]

Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Jonathan on 29/09/2014 at 10:45:16.69.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jonathan\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

29/09/2014 10:46:26 Zoek.exe System Restore Point Created Succesfully.

==== Empty Folders Check ======================

C:\PROGRA~2\AGEIA Technologies deleted successfully
C:\PROGRA~3\CanonEPP deleted successfully
C:\PROGRA~3\CanonIJEPPEX2 deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\Users\Jonathan\AppData\Roaming\Windows Live Writer deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDD3B846-8D59-4ffb-8758-209B6AD74ACC} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Running Processes ======================

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\MagicTune Premium\GammaTray.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Users\Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Users\Jonathan\Desktop\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\9ie5dycq.default-1378541054654\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.co.uk/");

Added to C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\9ie5dycq.default-1378541054654\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\Users\Jonathan\en_res.dll deleted
C:\Users\Jonathan\es_res.dll deleted
C:\Users\Jonathan\fr_res.dll deleted
C:\Users\Jonathan\grm_res.dll deleted
C:\Users\Jonathan\it_res.dll deleted
C:\Users\Jonathan\jp_res.dll deleted
C:\Users\Jonathan\mfc80u.dll deleted
C:\Users\Jonathan\msvcr80.dll deleted
C:\Users\Jonathan\pt_res.dll deleted
C:\Users\Jonathan\ResourceReader.dll deleted
C:\Users\Jonathan\ru_res.dll deleted
C:\Users\Jonathan\zh_res.dll deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Users\Jonathan\PCPE Setup.exe deleted

==== System Specs ======================

Windows: Windows 7 Home Premium Edition (64-bit) Service Pack 1 (Build 7601)
Memory (RAM): 8142 MB
CPU Info: Intel® Core i5-3570 CPU @ 3.40GHz
CPU Speed: 3405.8 MHz
Sound Card: Speakers (Realtek High Definiti |
Realtek Digital Output (Realtek |
Realtek Digital Output(Optical) |
Display Adapters: NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | NVIDIA GeForce GTX 670 | RDPDD Chained DD | RDP Encoder Mirror Driver | RDP Reflector Display Driver
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1920 X 1080 - 32 bit
Network: Network Present
Network Adapters: 300Mbps Wireless USB Adapter | Realtek PCIe GBE Family Controller
CD / DVD Drives: 1x (D: | ) D: PIONEER BD-RW   BDR-208D
Ports: COM1 LPT Port NOT Present.
Mouse: 8 Button Wheel Mouse Present
Hard Disks: C:  111.4GB | E:  1863.0GB
Hard Disks - Free: C:  53.5GB | E:  1763.0GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE | 02/01/13 | ALASKA - 1072009
Time Zone: GMT Standard Time
Motherboard *: ASUSTeK COMPUTER INC. P8Z77-V LX
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Microsoft Security Essentials On-access scanning disabled (Outdated)
Anti-Spyware: Microsoft Security Essentials disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Anti-Spyware: Spybot - Search and Destroy disabled (Outdated)
Default Browser: Firefox    32.0.3
Internet Explorer Version: 11.0.9600.17280
Mozilla Firefox version: 32.0.3 (x86 en-US)
Google Chrome version: 37.0.2062.124
Adobe Reader version: 11.0.9.29
Flash Player version: 15.0.0.152

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Jonathan\AppData\Local\Temp ====
2014-09-29 09:28:14    DA1B3479EA9C704F23A95823BD924BAE    9413536    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\reflectPatch.exe
2014-09-29 08:44:21    4E566FEA83FCEEAF2873702806B55006    43008    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpooqjnl.dll
2014-09-29 08:07:29    4E566FEA83FCEEAF2873702806B55006    43008    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuuhmf4.dll
2014-09-28 18:43:31    E0DC8C6BBC787B972A9A468648DBFD85    1008128    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\libiconv2.dll
2014-09-28 18:43:31    D202BAA425176287017FFE1FB5D1B77C    103424    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\libintl3.dll
2014-09-28 18:43:31    57CAC848FA14AE38F14F9441F8933282    140288    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\pcre3.dll
2014-09-28 18:43:31    547C43567AB8C08EB30F6C6BACB479A3    79360    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\regex2.dll
2014-09-28 18:43:31    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-09-27 10:56:35    0DC5AF80D059DEC792B665ED598C6567    536576    ----a-w-    C:\Windows\SysWOW64\sqlite3.dll
2014-09-24 09:19:48    C263F3E7E0523556964D661BC7CB9565    2048    ----a-w-    C:\Windows\SysWOW64\tzres.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-09-28 16:27:38    82446D358A9FB51CB9DA32A5C901D7A0    21040    ----a-w-    C:\Windows\Sysnative\sdnclean64.exe
2014-09-24 09:19:48    A8A87343CAE432677D82C0BCC753D905    2048    ----a-w-    C:\Windows\Sysnative\tzres.dll
====== C:\Windows\Sysnative\drivers =====
2014-09-26 22:12:26    0D7BA4369BE0DF5DA9E6E6FB16F94EEA    536984    ----a-w-    C:\Windows\Sysnative\drivers\RapportKE64.sys
2014-09-26 15:58:59    8A50D5304E6AE48664CF5838EC32F647    122584    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-09-26 15:58:51    F92B0E478C0FAA6D6661E6E977247E60    25816    ----a-w-    C:\Windows\Sysnative\drivers\mbam.sys
2014-09-26 15:58:51    1A243DAD23BB639D47F25AB9EC51FCAD    92888    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-09-26 15:58:51    15E8ABC06843672955CE26A009533BAD    63704    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2014-09-09 08:00:17    8B33375280AE5D3C07C2C982D94A8E71    166384    ----a-w-    C:\Windows\Sysnative\drivers\psmounterex.sys
====== C:\Windows\Tasks ======
2014-09-28 16:27:47    --------    d-----w-    C:\Windows\Sysnative\Tasks\Safer-Networking
2014-09-28 16:08:54    DBA6DF0C648F9BEEB2ECD77F4B1064E9    3602    ----a-w-    C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task d983d64e-786e-4471-9c93-4027eb16f392
2014-09-28 16:08:54    ACA367D0E4624E7A875657158A136013    3528    ----a-w-    C:\Windows\Sysnative\Tasks\SUPERAntiSpyware Scheduled Task f9ffa0fa-c9fa-4382-b6c5-c55eaa602f38
2014-09-28 16:08:54    94F6ECA0A8FAB78FF02B3FABD06C54FC    516    ----a-w-    C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task f9ffa0fa-c9fa-4382-b6c5-c55eaa602f38.job
2014-09-28 16:08:54    56B25C9A4E3235449A0F08919B83E855    516    ----a-w-    C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task d983d64e-786e-4471-9c93-4027eb16f392.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-09-28 16:08:26    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
======= C:\PROGRA~2 =====
2014-09-28 19:18:42    --------    d-----w-    C:\PROGRA~2\ESET
2014-09-26 22:12:03    --------    d-----w-    C:\PROGRA~2\Trusteer
======= C: =====
====== C:\Users\Jonathan\AppData\Roaming ======
2014-09-28 16:32:03    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Programs
2014-09-28 16:08:51    --------    d-----w-    C:\Users\Jonathan\AppData\Roaming\SUPERAntiSpyware.com
2014-09-27 20:12:16    --------    d-----w-    C:\Users\Jonathan\AppData\Roaming\AVG2015
2014-09-27 20:12:04    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\AVG2015
2014-09-27 20:11:53    --------    d-----w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2014-09-27 20:11:52    --------    d-----w-    C:\Users\Jonathan\AppData\Roaming\TuneUp Software
2014-09-27 20:11:31    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Local\Avg2015
2014-09-27 20:10:11    --------    d-----w-    C:\Users\Jonathan\AppData\Local\Avg2015
2014-09-26 22:12:42    --------    d-----w-    C:\Windows\SysNative\config\systemprofile\AppData\Local\Trusteer
2014-09-26 22:12:14    --------    d-----w-    C:\Users\Jonathan\AppData\Local\Trusteer
2014-08-30 11:01:21    --------    d-----w-    C:\Users\Jonathan\AppData\Local\Adobe
====== C:\Users\Jonathan ======
2014-09-28 19:18:11    E8D3E34FFDAF21DF7C09CBBBA5763237    2347384    ----a-w-    C:\Users\Jonathan\Downloads\esetsmartinstaller_enu.exe
2014-09-28 18:48:56    E8D3E34FFDAF21DF7C09CBBBA5763237    2347384    ----a-w-    C:\Users\Jonathan\Desktop\esetsmartinstaller_enu.exe
2014-09-28 18:41:52    620D4168BF050BE55182FC1C4794FD3A    1699276    ----a-w-    C:\Users\Jonathan\Desktop\JRT.exe
2014-09-28 18:30:23    788FCDDD88240A85039F7F561093B118    448512    ----a-w-    C:\Users\Jonathan\Desktop\TFC.exe
2014-09-28 17:30:35    DFF72B75746001A9060AB2B80310012E    14349744    ----a-w-    C:\Users\Jonathan\Downloads\mbar-1.07.0.1012.exe
2014-09-28 16:08:28    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-28 16:08:26    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2014-09-27 20:11:43    --------    d-----w-    C:\ProgramData\AVG2015
2014-09-27 20:10:11    --------    d--h--w-    C:\ProgramData\Common Files
2014-09-27 10:55:40    1B151CCE618BE06C22B55FD4B502B75E    1373475    ----a-w-    C:\Users\Jonathan\Desktop\AdwCleaner.exe
2014-09-26 22:12:13    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-09-26 22:10:50    --------    d-----w-    C:\ProgramData\Trusteer
2014-09-26 22:10:20    80EF74B48195D4C62CC512F3F1159502    436504    ----a-w-    C:\Users\Jonathan\Downloads\RpprtSetup(2).exe

====== C: exe-files ==
2014-09-29 09:28:14    DA1B3479EA9C704F23A95823BD924BAE    9413536    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\reflectPatch.exe
2014-09-28 19:18:46    E273331224005C5A8A504164373DE1DC    535304    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
2014-09-28 19:18:46    5B3DE7968D23B476AFB256D8014B25B9    333424    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
2014-09-28 19:18:46    47B06E473B78A792DF07D226E0537D63    119184    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
2014-09-28 19:18:46    3C3F35C91F230493B088B334E39D1F7A    358144    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
2014-09-28 19:18:45    9E47522861242EE002D7F385C35D1322    2887824    ----a-w-    C:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
2014-09-28 19:18:11    E8D3E34FFDAF21DF7C09CBBBA5763237    2347384    ----a-w-    C:\Users\Jonathan\Downloads\esetsmartinstaller_enu.exe
2014-09-28 18:48:56    E8D3E34FFDAF21DF7C09CBBBA5763237    2347384    ----a-w-    C:\Users\Jonathan\Desktop\esetsmartinstaller_enu.exe
2014-09-28 18:43:31    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2014-09-28 18:41:52    620D4168BF050BE55182FC1C4794FD3A    1699276    ----a-w-    C:\Users\Jonathan\Desktop\JRT.exe
2014-09-28 18:30:23    788FCDDD88240A85039F7F561093B118    448512    ----a-w-    C:\Users\Jonathan\Desktop\TFC.exe
2014-09-28 17:30:35    DFF72B75746001A9060AB2B80310012E    14349744    ----a-w-    C:\Users\Jonathan\Downloads\mbar-1.07.0.1012.exe
2014-09-28 16:27:38    82446D358A9FB51CB9DA32A5C901D7A0    21040    ----a-w-    C:\Windows\System32\sdnclean64.exe
2014-09-28 16:06:38    65C7F7AD25C431F26358A028BA7E17A2    19606920    ----a-w-    C:\Users\Jonathan\Desktop\software install prog\SUPERAntiSpyware(1).exe
2014-09-28 10:10:27    FCCD0F6A733248E8F624B9FE813F0324    1944824    ----a-w-    C:\Users\Jonathan\Desktop\beeping pc\rkill.exe
2014-09-28 09:13:35    9689A7E5F79A661E8BAA83819482A33E    54072    ----a-w-    C:\Users\Jonathan\Desktop\mbar\mbamdor.exe
2014-09-28 09:13:35    830259CA42B59F809F1E01BAF29FA4A2    1184056    ----a-w-    C:\Users\Jonathan\Desktop\mbar\mbar.exe
2014-09-28 09:13:33    5F9B2112F55EC84DBF4C5DAA8CA58402    821560    ----a-w-    C:\Users\Jonathan\Desktop\mbar\Plugins\fixdamage.exe
2014-09-28 08:46:51    DFF72B75746001A9060AB2B80310012E    14349744    ----a-w-    C:\Users\Jonathan\Desktop\beeping pc\mbar-1.07.0.1012.exe
2014-09-28 08:06:03    1747A50E01D0FDB324F9F50E025FDB66    401920    ----a-w-    C:\Users\Jonathan\Desktop\beeping pc\MiniToolBox.exe
2014-09-28 08:03:28    B05E0D5FD175F8C1C86C49EA18DEC59B    415232    ----a-w-    C:\Users\Jonathan\Desktop\beeping pc\FSS.exe
2014-09-27 10:55:40    1B151CCE618BE06C22B55FD4B502B75E    1373475    ----a-w-    C:\Users\Jonathan\Desktop\AdwCleaner.exe
2014-09-27 09:07:04    D1366F8F6CC86614A842F79E14788C95    1682416    ----a-w-    C:\Users\Jonathan\Desktop\malware info\mbam-check-2.1.1.1001.exe
2014-09-27 09:01:50    B09E9DE60735BC130AEF036990FEF5CF    2108928    ----a-w-    C:\Users\Jonathan\Desktop\malware info\FRST64.exe
2014-09-26 22:10:20    80EF74B48195D4C62CC512F3F1159502    436504    ----a-w-    C:\Users\Jonathan\Downloads\RpprtSetup(2).exe
2014-09-26 15:50:38    E90BF9E1562F40140161573B79CD5720    17292760    ----a-w-    C:\Users\Jonathan\Desktop\malware info\mbam-setup-2.0.2.1012(1).exe
2014-09-25 14:52:54    7CA4092A339EA30DE8FF06D3FF79D6ED    749648    ----a-w-    C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\37.0.2062.124\37.0.2062.124_37.0.2062.120_chrome_updater.exe
2014-09-25 09:17:46    044519BCD651D8F6D9D5BD93F4A5D858    305128    ----a-w-    C:\ProgramData\NVIDIA\Updatus\Packages\000063df\DRS update.15334346.exe
2014-09-24 18:45:05    072376C5BB7C4A636721D4482FD5D2ED    7137440    ----a-w-    C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\Update\OneDriveSetup.exe
2014-09-24 18:45:05    072376C5BB7C4A636721D4482FD5D2ED    7137440    ----a-w-    C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\OneDriveSetup.exe
2014-09-24 18:45:01    B0FBFCFA0105B45A3436AECC7D69A246    81576    ----a-w-    C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\SkyDriveConfig.exe
2014-09-24 09:19:48    916CEC665A9879DEB15BBDD943B7350B    49664    ----a-w-    C:\Windows\servicing\GC64\tzupd.exe
=== C: other files ==
2014-09-28 18:43:29    E65FD31C267E8B8187F72E9F6B74882C    15127    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\get.bat
2014-09-28 18:43:29    DD1E4D974B1672ABD09EFFB225791C4A    1230    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\TDL4.bat
2014-09-28 18:43:29    C7B1E724E387DA744B894454AD44CB05    157105    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\misc.bat
2014-09-28 18:43:29    AD2F52DC72B10AF331692E4A4DD80DFC    18670    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\medfos.bat
2014-09-28 18:43:29    8E6020C14F982CF11B3FE7DBB0CB8EDE    24738    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\searchlnk.bat
2014-09-28 18:43:29    86707BCE5CBB65D9B1C41E249B4423BA    152733    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\firefox.bat
2014-09-28 18:43:29    83F691D8398F0E37E71E9355BF730DB9    719    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\ev_clear.bat
2014-09-28 18:43:29    654E9FE74B930A454EE5BDE165794B65    85    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\delorphans.bat
2014-09-28 18:43:29    5B71358F97544D9DE58A9A0893079506    39458    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\prelim.bat
2014-09-28 18:43:29    53B191266B30D57F2F835ABBF54C68C5    13963    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\chrome.bat
2014-09-28 18:43:29    4D80C7010E2CE44AB25FA25B013649E4    8085    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\mws.bat
2014-09-28 18:43:29    38A0BDF322ACCC968B0A824C38D50157    29635    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\ask.bat
2014-09-28 18:43:29    335DFF8F23E5EC02B5426362F0F8509B    31401    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\iexplore.bat
2014-09-28 18:43:29    2B588C39A2346DCD91B0F83244A39305    9542    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\runvalues.bat
2014-09-28 18:43:29    0C4649A62845AB5D5DBCC4998477FF6D    1813    ----a-w-    C:\Users\Jonathan\AppData\Local\Temp\jrt\delfolders.bat
2014-09-26 22:12:29    C0CAF5E029A54C4E7094A7545ACBD12F    152216    ----a-w-    C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso.sys
2014-09-26 22:12:29    251A19D5EBFE0477E76608A4E1DC3F49    428696    ----a-w-    C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportIaso64.sys
2014-09-26 22:12:28    AC26E6992C7931220B2FF74B4BD5D5E8    768184    ----a-w-    C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80049.sys
2014-09-26 22:12:28    33FC774AD3AB2805B7D8F31CB3EF3ECB    433240    ----a-w-    C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys
2014-09-26 22:12:26    0D7BA4369BE0DF5DA9E6E6FB16F94EEA    536984    ----a-w-    C:\Windows\System32\drivers\RapportKE64.sys
2014-09-26 15:58:59    8A50D5304E6AE48664CF5838EC32F647    122584    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-26 15:58:51    F92B0E478C0FAA6D6661E6E977247E60    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-09-26 15:58:51    1A243DAD23BB639D47F25AB9EC51FCAD    92888    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-26 15:58:51    15E8ABC06843672955CE26A009533BAD    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2393814480-1901860420-2681352935-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-2393814480-1901860420-2681352935-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"SkyDrive"="C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"AmazonMP3DownloaderHelper"="C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2393814480-1901860420-2681352935-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-21-2393814480-1901860420-2681352935-1002\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"USB3MON"="C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"LifeCam"="C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
"CanonSolutionMenuEx"="C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon"
"WinampAgent"="C:\Program Files (x86)\Winamp\winampa.exe"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe"
"KiesTrayAgent"="C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe -osboot"
"Display"="C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe"
"SDTray"="C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MoneyAgent"="C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"KiesPreload"="C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload"
"KiesAirMessage"="C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup"
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
"SkyDrive"="C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe /background"
"AmazonMP3DownloaderHelper"="C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
"Uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"="C:\Windows\system32\cmd.exe /q /c rmdir /s /q C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"MagicTuneEngine"="C:\Program Files\MagicTune Premium\MagicTuneLauncher.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"

==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\EADM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EADM"
"hkey"="HKCU"
"command"="\"e:\\Program Files (x86)\\Origin\\Origin.exe\" -AutoStart"


==== Startup Folders ======================

2014-04-29 18:05:29    1055    ----a-w-    C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
2013-05-08 18:14:51    1043    ----a-w-    C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZooskMessenger.lnk
2013-11-23 15:40:57    1059    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\APC UPS Status.lnk
2013-03-27 13:40:49    1495    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GammaTray.exe.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [24/09/2014 19:05]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ [undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [05/02/2014 19:25]
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task d983d64e-786e-4471-9c93-4027eb16f392.job --a------ C:\Program Files\SUPERAntiSpyware\SASTask.exe [07/11/2013 21:08]
C:\Windows\tasks\SUPERAntiSpyware Scheduled Task f9ffa0fa-c9fa-4382-b6c5-c55eaa602f38.job --a------ C:\Program Files\SUPERAntiSpyware\SASTask.exe [07/11/2013 21:08]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CreateChoiceProcessTask" [C:\Windows\System32\browserchoice.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002" [C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2393814480-1901860420-2681352935-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2393814480-1901860420-2681352935-1002" [C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe]
"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task d983d64e-786e-4471-9c93-4027eb16f392" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\Windows\SysNative\tasks\SUPERAntiSpyware Scheduled Task f9ffa0fa-c9fa-4382-b6c5-c55eaa602f38" [C:\Program Files\SUPERAntiSpyware\SASTask.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
"C:\Windows\SysNative\tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates" ["C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe"]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [02/09/2013 09:56]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\9ie5dycq.default-1378541054654
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\9ie5dycq.default-1378541054654
DFC9460CC37E5C414DC4680B10C19E7A    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll -    Shockwave Flash
BE126CB7049E89ED6F3038016668B502    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -    RealDownloader Plugin
14ED052BCEB672B01DD6E9353878F196    - C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll -    AmazonMP3DownloaderPlugin

Profilepath: C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\l5pl0f0j.default-1391623591908
BE126CB7049E89ED6F3038016668B502    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll -    RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll -    RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll -    RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7    - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll -    RealDownloader Plugin
14ED052BCEB672B01DD6E9353878F196    - C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll -    AmazonMP3DownloaderPlugin


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

Google Docs - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
Google Voice Search Hotword (Beta) - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn
YouTube - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Jonathan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.pcspecialist.co.uk/"
"Default_Page_URL"="http://www.pcspecialist.co.uk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://www.pcspecialist.co.uk/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== HijackThis Entries ======================

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe
O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files (x86)\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [skyDrive] "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [AmazonMP3DownloaderHelper] C:\Users\Jonathan\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811_1\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jonathan\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2393814480-1901860420-2681352935-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2393814480-1901860420-2681352935-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: Dropbox.lnk = Jonathan\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: ZooskMessenger.lnk = C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
O4 - Global Startup: APC UPS Status.lnk = C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe
O4 - Global Startup: GammaTray.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files (x86)\Microsoft Money\System\mnyside.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: APC Data Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe
O23 - Service: APC UPS Service - Schneider Electric - C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Macrium Reflect Image Mounting Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OUPM9Z1 will be deleted at reboot
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42AKUNXJ will be deleted at reboot
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96QPEQFA will be deleted at reboot
C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJJ5F8AI will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jonathan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=37 folders=19 29954360 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jonathan\AppData\Local\Temp will be emptied at reboot
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jonathan\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OUPM9Z1" not found
"C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\42AKUNXJ" not found
"C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\96QPEQFA" not found
"C:\Users\Jonathan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RJJ5F8AI" not found

==== EOF on 29/09/2014 at 11:06:00.67 ======================
 

[kevinf80]

What is the current status, any remaining issues/concerns?

[jonbam]

Hi

 

Will not know until approx. 7.30pm today.

 

So far the popups have been appearing after 7pm UK time.

[kevinf80]

Thanks for the update, let me know what happens later...

 

Thanks,

 

Kevin...

[jonbam]

Hi

 

The following pages have reappeared but this time much later at 7.53pm today.

 

http://www.healthy-consumer.com/articles/uk/skincare-secrets-exposed/?&c1=278&c2=22387&c3=


http://healthy-consumer.com/articles/uk/skincare-secrets-exposed/exit.php?&c1=278exit&c2=22387&c3=#OFFER

[jonbam]

Hi

 

I have just had a thought, I have been using http://s1306.photobucket.com at around the same time these pop-ups appear?

 

So if I don't use photobucket.com tomorrow, I'll check if that has something to do with these popups?

 

thanks

 

Jonathan

[kevinf80]

Thanks for the update, lets see what happens tomorrow. One other point, do you have the following two extensions installed on Firefox:

 

Adblock Plus - https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/

 

Flash Block   - https://addons.mozilla.org/en-US/firefox/addon/flashblock/

 

Kevin..

[jonbam]

Hi

 

No I don't. I'll wait and see what happens tomorrow.

 

I will not use the photobucket website tomorrow.

 

thanks

 

Jonathan

[kevinf80]

Those two addons are essential for Firefox to stop issues like you are experiencing....

[jonbam]

Hi

 

I want to know if it has been the photobucket site?

 

I'll install those addons afterwards.

 

thanks

 

Jonathan

[kevinf80]

Thanks for the update, why not open Photobucket now and see what happens?

[jonbam]

Yeah it doesn't happen more than once. I'll know tomorrow I will not visit the site.

 

And i'll install those popup block apps on Wednesday.

 

Jonathan

[kevinf80]

Thanks for the update, let me know the outcome....

[jonbam]

Hi

I have just logged into photobucket.com on another computer of mine (a laptop) and the pop-under has appeared. It's not a popup, its a pop-under.

I have wasted a lot of time