Jump to content

Help needed for removal of Trojan.Agent.ENM pls...


Recommended Posts

Dear forum

MWB has twice found above malware during scan (free version), first 10 days ago and then again today. I've got Norton Security and run MWB regularly; NPE doesn't find anything. I have a Samsung laptop with Windows 7 (10 upgrade would not work on my machine)

Thanks to someone for pointing me in this direction, Farbar results pasted below. BTW i'm not techy, pls dumb down for a newbie. thnx for any help anyone can pls give me.:/

------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-08-2016 01
Ran by Caroline (administrator) on CAROLINE-PC (13-08-2016 07:45:13)
Running from C:\Users\Caroline\Downloads
Loaded Profiles: UpdatusUser & Caroline (Available Profiles: UpdatusUser & Caroline)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\windows\SysWOW64\svchost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\ns.exe
(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13776088 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1805952 2015-09-13] (NVIDIA Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\...\Run: [RESTART_STICKY_NOTES] => C:\windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [187152 2015-09-13] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [164008 2015-09-13] (NVIDIA Corporation)
AppInit_DLLs-x32: , C:\windows\SysWOW64\nvinit.dll => C:\windows\SysWOW64\nvinit.dll [164008 2015-09-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-04-02] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-04-26]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{1744AF86-9089-40A3-92B6-FBC6862049FA}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{89D3CAF5-DB95-4B67-8928-07C7073C392A}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.co.uk/
HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> DefaultScope {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1000&geo=GB&ver=22&locale=en_GB&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Samsung BHO Class -> {AA609D72-8482-4076-8991-8CDAE5B93BCB} -> C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll [2010-10-25] ()
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553635000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

FireFox:
========
FF ProfilePath: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\jbi2gr1c.default
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-09] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Caroline\AppData\Roaming\Mozilla\Firefox\Profiles\jbi2gr1c.default\searchplugins\norton-safe-search.xml [2016-02-01]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon [2016-06-15]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.5.4.24\coFFAddon
FF HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-28] [not signed]

Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-28]
CHR Extension: (Google Docs) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-28]
CHR Extension: (Google Drive) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-28]
CHR Extension: (Rapport) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-05-08]
CHR Extension: (YouTube) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-28]
CHR Extension: (Norton Security Toolbar) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-01]
CHR Extension: (Google Search) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-28]
CHR Extension: (Google Sheets) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-28]
CHR Extension: (Google Docs Offline) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Norton Identity Safe) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-12-28]
CHR Extension: (Word CaptureX Extension) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2015-12-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-28]
CHR Extension: (Chrome Media Router) - C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-11]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-21]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files (x86)\Deskperience\Word Capture\wcxChrome.crx [2010-07-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2012-10-22] (Macrovision Europe Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-17] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2011-09-01] () [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160810.001\BHDrvx64.sys [1832176 2016-05-13] (Symantec Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160812.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
R1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-07-21] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM Corp.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2012-04-06] (Windows (R) 2003 DDK 3790 provider)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-15] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160614.021\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.5.4.24\Definitions\SDSDefs\20160614.021\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-13 07:45 - 2016-08-13 07:45 - 00024053 _____ C:\Users\Caroline\Downloads\FRST.txt
2016-08-13 07:44 - 2016-08-13 07:45 - 00000000 ____D C:\FRST
2016-08-13 07:43 - 2016-08-13 07:43 - 02393600 _____ (Farbar) C:\Users\Caroline\Downloads\FRST64.exe
2016-08-13 07:40 - 2016-08-13 07:40 - 00001066 _____ C:\Users\Caroline\Desktop\MWB scan 13aug16.txt
2016-08-12 19:21 - 2016-08-13 05:37 - 01312585 _____ C:\Users\Caroline\Desktop\2017 Calendar cover layout.pptx
2016-08-12 07:41 - 2016-08-12 07:41 - 02543562 _____ C:\Users\Caroline\Desktop\Banner_tortie_DLH.psd
2016-08-10 16:19 - 2016-08-02 15:54 - 00394440 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-08-10 16:19 - 2016-08-02 15:08 - 00346312 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-08-10 16:19 - 2016-08-02 07:54 - 25808384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-08-10 16:19 - 2016-08-02 07:47 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-08-10 16:19 - 2016-08-02 07:47 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-08-10 16:19 - 2016-08-02 07:32 - 02894336 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-08-10 16:19 - 2016-08-02 07:32 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-08-10 16:19 - 2016-08-02 07:31 - 00572416 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-08-10 16:19 - 2016-08-02 07:31 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-08-10 16:19 - 2016-08-02 07:31 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-08-10 16:19 - 2016-08-02 07:31 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-08-10 16:19 - 2016-08-02 07:24 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-08-10 16:19 - 2016-08-02 07:23 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-08-10 16:19 - 2016-08-02 07:20 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-08-10 16:19 - 2016-08-02 07:19 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-08-10 16:19 - 2016-08-02 07:19 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-08-10 16:19 - 2016-08-02 07:18 - 06047744 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-08-10 16:19 - 2016-08-02 07:18 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-08-10 16:19 - 2016-08-02 07:18 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-08-10 16:19 - 2016-08-02 07:11 - 00969216 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-08-10 16:19 - 2016-08-02 07:08 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-08-10 16:19 - 2016-08-02 07:03 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-08-10 16:19 - 2016-08-02 07:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 16:19 - 2016-08-02 06:59 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-08-10 16:19 - 2016-08-02 06:56 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-08-10 16:19 - 2016-08-02 06:55 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-08-10 16:19 - 2016-08-02 06:54 - 20343808 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-08-10 16:19 - 2016-08-02 06:53 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-08-10 16:19 - 2016-08-02 06:51 - 00497664 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-08-10 16:19 - 2016-08-02 06:51 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-08-10 16:19 - 2016-08-02 06:51 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-08-10 16:19 - 2016-08-02 06:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-08-10 16:19 - 2016-08-02 06:51 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-08-10 16:19 - 2016-08-02 06:50 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-08-10 16:19 - 2016-08-02 06:47 - 02286592 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-08-10 16:19 - 2016-08-02 06:45 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-08-10 16:19 - 2016-08-02 06:44 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-08-10 16:19 - 2016-08-02 06:42 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-08-10 16:19 - 2016-08-02 06:41 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-08-10 16:19 - 2016-08-02 06:41 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-08-10 16:19 - 2016-08-02 06:41 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-08-10 16:19 - 2016-08-02 06:40 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-08-10 16:19 - 2016-08-02 06:38 - 00806400 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-08-10 16:19 - 2016-08-02 06:38 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-08-10 16:19 - 2016-08-02 06:37 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-08-10 16:19 - 2016-08-02 06:36 - 02131456 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-08-10 16:19 - 2016-08-02 06:33 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-08-10 16:19 - 2016-08-02 06:29 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 16:19 - 2016-08-02 06:28 - 15412224 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-08-10 16:19 - 2016-08-02 06:28 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-08-10 16:19 - 2016-08-02 06:26 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-08-10 16:19 - 2016-08-02 06:25 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-08-10 16:19 - 2016-08-02 06:24 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-08-10 16:19 - 2016-08-02 06:23 - 02868224 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-08-10 16:19 - 2016-08-02 06:22 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-08-10 16:19 - 2016-08-02 06:21 - 04608000 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-08-10 16:19 - 2016-08-02 06:16 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-08-10 16:19 - 2016-08-02 06:15 - 00692736 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-08-10 16:19 - 2016-08-02 06:14 - 02055680 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-08-10 16:19 - 2016-08-02 06:14 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-08-10 16:19 - 2016-08-02 06:11 - 13808128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-08-10 16:19 - 2016-08-02 06:10 - 01550848 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-08-10 16:19 - 2016-08-02 05:59 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-08-10 16:19 - 2016-08-02 05:56 - 02393088 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-08-10 16:19 - 2016-08-02 05:53 - 01316352 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-08-10 16:19 - 2016-08-02 05:51 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-08-10 16:19 - 2016-07-08 16:37 - 00154856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-08-10 16:19 - 2016-07-08 16:37 - 00095464 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-08-10 16:19 - 2016-07-08 16:32 - 01464320 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 01212928 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00730624 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00690688 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00343552 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00316416 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00190464 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-08-10 16:19 - 2016-07-08 16:32 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-08-10 16:19 - 2016-07-08 16:17 - 00666112 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-08-10 16:19 - 2016-07-08 16:17 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00342528 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00260608 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00141312 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-08-10 16:19 - 2016-07-08 16:16 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-08-10 16:19 - 2016-07-08 16:03 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-08-10 16:19 - 2016-07-08 15:57 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-08-10 16:19 - 2016-07-08 15:56 - 00291328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-08-10 16:19 - 2016-07-08 15:56 - 00129536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-08-10 16:19 - 2016-07-08 15:55 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-08-10 16:19 - 2016-07-08 15:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-08-10 16:19 - 2016-07-08 15:50 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-08-10 16:17 - 2016-07-08 16:01 - 03218944 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-08-03 09:00 - 2016-08-13 06:52 - 00432686 _____ C:\windows\ntbtlog.txt
2016-08-01 19:23 - 2016-08-12 06:40 - 00000000 ____D C:\Users\Caroline\Desktop\Calendar 2017 pics
2016-07-24 18:06 - 2016-07-24 18:06 - 00000000 ____D C:\Program Files\Common Files\EPSON
2016-07-24 18:05 - 2016-07-24 18:06 - 00000000 ____D C:\ProgramData\EPSON
2016-07-24 18:05 - 2016-07-24 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2016-07-24 18:05 - 2012-09-27 11:02 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YLMJHE.DLL
2016-07-24 18:05 - 2012-09-27 11:02 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YD4BJHE.DLL
2016-07-24 18:05 - 2012-09-27 11:02 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-13 07:33 - 2012-10-15 15:47 - 00000000 ____D C:\Users\Caroline\Outlook
2016-08-13 07:18 - 2015-12-28 12:00 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-13 06:49 - 2009-07-14 05:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-13 06:49 - 2009-07-14 05:45 - 00028848 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-13 06:43 - 2014-06-17 09:55 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-13 06:36 - 2015-12-28 12:00 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-13 06:35 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-08-13 06:34 - 2011-07-20 11:19 - 00000000 ____D C:\windows\lt
2016-08-13 06:32 - 2014-06-17 09:55 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-12 18:59 - 2015-12-02 09:08 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2016-08-12 07:41 - 2012-10-31 19:54 - 00001456 _____ C:\Users\Caroline\AppData\Local\Adobe Save for Web 12.0 Prefs
2016-08-10 18:39 - 2009-07-14 05:45 - 04979760 _____ C:\windows\system32\FNTCACHE.DAT
2016-08-10 17:32 - 2013-08-14 21:44 - 00000000 ____D C:\windows\system32\MRT
2016-08-10 17:19 - 2012-05-01 08:19 - 147640136 ____C (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-08-09 06:01 - 2015-12-28 12:01 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 06:01 - 2015-12-28 12:01 - 00002143 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-04 17:38 - 2009-07-14 06:13 - 00786662 _____ C:\windows\system32\PerfStringBackup.INI
2016-08-04 17:38 - 2009-07-14 04:20 - 00000000 ____D C:\windows\inf
2016-08-03 09:13 - 2013-12-18 23:22 - 00000000 ____D C:\Users\Caroline\AppData\Local\NPE
2016-08-03 09:01 - 2014-04-25 17:42 - 00000000 ____D C:\NPE
2016-08-03 08:02 - 2009-07-14 06:32 - 00000000 ____D C:\windows\Downloaded Program Files
2016-07-30 16:38 - 2009-07-14 04:20 - 00000000 ____D C:\windows\rescache
2016-07-29 22:28 - 2012-05-28 19:36 - 00000000 ____D C:\Users\Caroline\AppData\Local\CrashDumps
2016-07-29 12:32 - 2012-11-26 20:37 - 00000000 ____D C:\Users\Caroline\Desktop\cm stuff 2015
2016-07-29 12:32 - 2012-10-21 19:13 - 00000000 ____D C:\Users\Caroline\Desktop\CFC 2015
2016-07-29 06:13 - 2015-12-28 12:00 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-29 06:13 - 2015-12-28 12:00 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-23 06:53 - 2016-04-07 08:15 - 00213107 _____ C:\Users\Caroline\Desktop\Bobbie.jpeg
2016-07-21 18:14 - 2013-11-17 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-07-20 08:05 - 2015-03-31 21:52 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-07-20 08:05 - 2015-03-31 21:52 - 00000000 ___SD C:\windows\system32\GWX
2016-07-17 14:21 - 2016-05-17 12:00 - 00099196 _____ C:\Users\Caroline\Desktop\Healing.pptx

==================== Files in the root of some directories =======

2012-11-11 12:48 - 2012-12-22 00:21 - 0000132 _____ () C:\Users\Caroline\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-10-31 19:54 - 2016-08-12 07:41 - 0001456 _____ () C:\Users\Caroline\AppData\Local\Adobe Save for Web 12.0 Prefs
2015-06-10 14:36 - 2015-06-10 14:36 - 0007605 _____ () C:\Users\Caroline\AppData\Local\Resmon.ResmonCfg
2015-04-05 14:27 - 2015-04-05 14:27 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-07-28 13:37 - 2014-08-05 19:23 - 0006843 _____ () C:\ProgramData\hpzinstall.log
2011-07-20 10:40 - 2011-09-07 21:17 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2011-07-20 10:35 - 2011-07-20 10:35 - 0000113 _____ () C:\ProgramData\{34FBC7C4-CD31-4D93-A428-0E524EAC4586}.log
2011-07-20 10:38 - 2011-09-07 21:12 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-07-20 10:35 - 2011-09-07 21:11 - 0000106 _____ () C:\ProgramData\{80E158EA-7181-40FE-A701-301CE6BE64AB}.log
2011-07-20 10:39 - 2011-09-07 21:15 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2011-09-07 21:15 - 2011-09-07 21:17 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

Some files in TEMP:
====================
C:\Users\Caroline\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-07-30 16:30

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Caroline (2016-08-13 07:46:04)
Running from C:\Users\Caroline\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2012-04-26 09:34:59)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2774599765-3218687334-1828580283-500 - Administrator - Disabled)
Caroline (S-1-5-21-2774599765-3218687334-1828580283-1001 - Administrator - Enabled) => C:\Users\Caroline
Guest (S-1-5-21-2774599765-3218687334-1828580283-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2774599765-3218687334-1828580283-1003 - Limited - Enabled)
Limited (S-1-5-21-2774599765-3218687334-1828580283-1004 - Limited - Enabled)
UpdatusUser (S-1-5-21-2774599765-3218687334-1828580283-1000 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

„Windows Live Essentials“ (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
„Windows Live Mail“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live Messenger“ (x32 Version: 15.4.3502.0922 - „Microsoft Corporation“) Hidden
„Windows Live“ fotogalerija (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20056 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Flash Player 21 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (HKLM\...\PremElem100) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Premiere Elements 10 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Elements 10 Content (HKLM-x32\...\Adobe Premiere Elements 10 Content) (Version: 10.0 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Any Audio Converter 3.5.6 (HKLM-x32\...\Any Audio Converter_is1) (Version:  - Any-Audio-Converter.com)
Any Video Converter 3.5.6 (HKLM-x32\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
BatteryLifeExtender (HKLM-x32\...\{FFD0E594-823B-4E2B-B680-720B3C852588}) (Version: 1.0.11 - Samsung)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 5.60.48.55 - Broadcom Corporation)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4380 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C4380_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
ChargeableUSB (HKLM-x32\...\{92D50865-FC60-4EA8-BA7A-5581B0D13EFB}) (Version: 1.0.0.0 - SAMSUNG)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
CyberLink Media Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2227 - CyberLink Corp.)
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 5.0.1130a - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4813b - CyberLink Corp.)
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.4207 - CyberLink Corp.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3029.52 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.3509 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\...\Dropbox) (Version: 3.4.3 - Dropbox, Inc.)
Easy Content Share (HKLM-x32\...\{2DDC70C1-C77A-4D08-89D2-9AB648504533}) (Version: 1.0 - Samsung Electronics Co., LTD)
Easy Display Manager (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 3.2 - Samsung Electronics Co., Ltd.)
Easy Migration (HKLM-x32\...\{AD86049C-3D9C-43E1-BE73-643F57D83D50}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Easy Network Manager (HKLM-x32\...\{8732818E-CA78-4ACB-B077-22311BF4C0E4}) (Version: 4.4.7 - Samsung)
Easy SpeedUp Manager (HKLM-x32\...\{EF367AA4-070B-493C-9575-85BE59D789C9}) (Version: 2.1.1.1 - Samsung Electronics Co.,Ltd.)
EasyBatteryManager (HKLM-x32\...\{4A331D24-A9E8-484F-835E-1BA7B139689C}) (Version: 4.0.0.4 - Samsung)
EasyFileShare (HKLM-x32\...\{1181AA5B-8EFD-4AC5-8CDE-A1F7307B3427}) (Version: 1.0.13 - Samsung)
Elements 10 Organizer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
EPSON WF-3540 Series Printer Uninstall (HKLM\...\EPSON WF-3540 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare PS/2-X64 8.0.7.2_WHQL (HKLM\...\Elantech) (Version: 8.0.7.2 - ELAN Microelectronic Corp.)
Fast Start (HKLM-x32\...\{77F45ECD-FAFC-45A8-8896-CFFB139DAAA3}) (Version: 2.2.0.1 - SAMSUNG)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
ffdshow v1.1.4369 [2012-03-03] (HKLM-x32\...\ffdshow_is1) (Version: 1.1.4369.0 - )
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie foto Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2253 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel(R) Turbo Boost Technology Monitor 2.0 (HKLM\...\{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}) (Version: 2.0.82.0 - Intel)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 9.6.0 (Standard) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.6.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Color Enhancer (HKLM-x32\...\{7F6F62F0-7884-4CFB-B86C-597A4A6D9C4D}) (Version: 1.0 - Samsung Electronics Co., Ltd.)
Mozilla Firefox 44.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0 (x86 en-GB)) (Version: 44.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia POP (HKLM-x32\...\{331ECF61-69AF-4F57-AC35-AFED610231C3}) (Version: 1.1 - )
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Norton Security (HKLM-x32\...\NS) (Version: 22.7.0.76 - Symantec Corporation)
NVIDIA Graphics Driver 353.84 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.84 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pdf995 (HKLM-x32\...\Pdf995) (Version:  - )
PhoneShare (HKLM-x32\...\{3F50512F-53DF-46B1-8CCB-6C7E638CADD6}) (Version: 9.1.4 - Samsung)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
PRE10STI64Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Rapport (x32 Version: 3.5.1609.76 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7404 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung AnyWeb Print (HKLM-x32\...\{318DBE01-1E6B-4243-84B0-210391FE789A}) (Version: 2.0.67.1 - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Recovery Solution 5 (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 5.0.0.9 - Samsung)
Samsung Support Center (HKLM-x32\...\{F687E657-F636-44DF-8125-9FEEA2C362F5}) (Version: 1.1.24 - Samsung)
Samsung Universal Print Driver (HKLM-x32\...\Samsung Universal Print Driver) (Version: 2.02.05.00:27 - Samsung Electronics Co., Ltd.)
Samsung Universal Scan Driver (HKLM-x32\...\Samsung Universal Scan Driver) (Version: 1.2.5.0 - Samsung Electronics Co., Ltd.)
Samsung Update Plus (HKLM-x32\...\{142D8CA7-2C6F-45A7-83E3-099AAFD99133}) (Version: 3.0.0.17 - Samsung Electronics Co., Ltd.)
SamsungMovie (HKLM-x32\...\{EFA6EF6A-9E0D-4CF0-91DD-B55D8632F65A}) (Version: 1.0.0 - Samsung)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SISShortcut (HKLM-x32\...\{FDAE128F-A355-42B1-8422-1AF3ACEE34F4}) (Version: 1.00.000 - Samsung)
SmartSound Common Data (HKLM-x32\...\InstallShield_{B8A2869E-30CA-40C5-9CF8-BD7354E57EF8}) (Version: 1.1.0 - SmartSound Software Inc.)
SmartSound Common Data (x32 Version: 1.1.0 - SmartSound Software Inc.) Hidden
SmartSound Premiere Elements 10 x64 Plugin (HKLM\...\{3DAE9A67-DD8D-4EDB-91F7-7B5132B1864D}) (Version: 5.70.0001 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (HKLM-x32\...\InstallShield_{1D273D91-D7D5-4036-8B84-EB4615FF5F81}) (Version: 5.7.1 - SmartSound Software Inc.)
SmartSound Sonicfire Pro 5 (x32 Version: 5.7.1 - SmartSound Software Inc.) Hidden
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
User Guide (HKLM-x32\...\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}) (Version: 1.5 - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}) (Version: 6.3.0.7000 - Broadcom Corporation)
Windows Live 程式集 (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WordCaptureX Pro (HKLM-x32\...\{139C1D95-9037-3AB3-F5F4-4A79BF6831EC}) (Version: 4.0.0 - Deskperience)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Фотогалерия на Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Caroline\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C15C14E-0ABE-4CB6-82FF-72B08B7D2D1C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {1810FF88-FD80-4D40-8842-11E24A73BE7B} - System32\Tasks\SUPBackground => C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe [2011-01-11] (Samsung Electronics)
Task: {1BB7C560-4C51-48B2-94E9-681844D41975} - System32\Tasks\WifiManager => C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {1E4815D1-08B3-4533-B0CC-DE8FA071E7C8} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe [2010-11-29] (Samsung Electronics Co., Ltd.)
Task: {1FA4ACDF-B7A1-4457-8E0F-19D3F0D0A011} - System32\Tasks\SmartRestarter => C:\Program Files\Samsung\SamsungFastStart\SmartRestarter.exe [2010-08-05] (Samsung Electronics Co., Ltd.)
Task: {26D0B1D8-508C-4CA3-89C8-8F724C6312B4} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {4695C861-AB36-49A9-8A5B-B24750C54353} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\EasyBatteryManager\EasyBatteryMgr4.exe [2010-07-20] (SAMSUNG Electronics co., LTD.)
Task: {487955C2-4040-40FA-A22E-FC6D55B7BDB8} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {48D8FC94-DC8F-4FCC-AFC7-A780A5DE8576} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-11-10] (CyberLink)
Task: {4B1E5F0F-C2CD-4976-AC9A-8FC9EFA22990} - System32\Tasks\SamsungSupportCenter => C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe [2011-02-07] (SAMSUNG Electronics)
Task: {4D97D42D-C11F-4BBE-8389-57B1641EDB3D} - System32\Tasks\4994 => Wscript.exe C:\Users\Caroline\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {550DC194-11A7-47C4-A45D-F57F474E7905} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {597B8727-BD15-4A03-9678-C1CC34A199B8} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe [2010-12-06] (Samsung Electronics Co., Ltd.)
Task: {84CFBC70-4856-47BE-9000-8C5ADCA4F885} - System32\Tasks\advSRS5 => C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe [2010-11-17] (SEC)
Task: {9527CFFF-72BC-43FD-99EC-C8DC456D26ED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec [Argument = /RestartRecording]
Task: {9F863DA4-40A0-4E6F-8FF5-2CFDB29E0673} - System32\Tasks\EasyPartitionManager => C:\Windows\MSetup\BA46-12225A02\EPM.exe
Task: {A7DB7759-BBBD-400D-B2D5-B7CEFAB2F043} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {AA21B158-5092-428B-997B-CFBF433FADB5} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => %SystemRoot%\ehome\ehrec [Argument = /StartRecording]
Task: {ABC6AE90-4934-4291-928C-51DFB89564E6} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Security\Upgrade.exe [2016-06-17] (Symantec Corporation)
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {ADEF0A7D-87C6-48A9-80E9-5C61A343F894} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\WSCStub.exe [2016-06-17] (Symantec Corporation)
Task: {CB980953-9F25-4C88-BC2B-10BBB5F6FA4B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-12-28] (Google Inc.)
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {D8DFC81C-838E-4D1B-937F-9AE1CDCE411D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate [Argument = -crl -hms -pscn 15]
Task: {DAEE778C-6B9F-470E-BD76-1D7E5EC6A5DB} - System32\Tasks\Norton Security\Norton Error Processor => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {E4A0C0E8-65E2-481F-945F-298C5B0399CA} - System32\Tasks\BatteryLifeExtender => C:\Program Files (x86)\Samsung\BatteryLifeExtender\BatteryLifeExtender.exe [2010-12-18] (Samsung Electronics. Co. Ltd.)
Task: {E547BB5A-5E36-4BEF-9989-D5E3FABAD334} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate [Argument = $(Arg0)]
Task: {EA0F4352-583F-4B04-B568-2EA2236E9F1B} - System32\Tasks\Norton Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {F8417A58-DCBA-460C-9BA6-A555FFC816B5} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-07] (Adobe Systems Incorporated)
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Task: {FB0F0801-420B-4834-9C71-CC7540244F75} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\EasySpeedUpManager\EasySpeedUpManager2.exe [2010-12-23] (Samsung Electronics)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-13 09:18 - 2015-09-13 09:18 - 00022328 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2015-10-15 10:10 - 2015-08-07 18:28 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-18 14:53 - 2012-04-26 15:51 - 00040448 _____ () C:\windows\System32\pdf995mon64.dll
2011-07-21 01:31 - 2008-06-05 00:53 - 00027648 _____ () C:\windows\System32\spd__l.dll
2011-09-07 21:11 - 2011-09-01 03:09 - 00244904 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-07-21 01:31 - 2010-10-21 19:22 - 00709632 _____ () C:\windows\system32\SnMinDrv.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2015-09-13 09:18 - 2015-09-13 09:18 - 00022144 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2015-10-15 11:09 - 2010-05-07 23:22 - 01636864 _____ () C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-11-11 03:42 - 2015-11-11 03:42 - 01045672 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-06-09 10:33 - 2014-02-10 13:44 - 04592128 _____ () C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2016-06-09 10:33 - 2014-02-10 13:44 - 00112128 _____ () C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SMR410 => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Caroline\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{0BD2B3E2-8A5E-4641-BAB5-9DF0EFA83FCC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{CDE083F0-DEE1-49DB-B114-A4F2C5FE1746}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{24CCD856-8FE6-4868-8B60-D52BC83BCD29}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{688E73E9-2D99-4D9E-992A-19D7A77F0B75}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\USDAgent.exe
FirewallRules: [{F0EE70C0-C890-41CF-8868-365E215D6F8E}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{588F63AB-B6DB-414A-A953-D5346EBA6AFA}] => (Allow) C:\Program Files (x86)\Samsung\Samsung Universal Scan Driver\ICCUpdater.exe
FirewallRules: [{28A9D931-0EE3-4FCD-BCD0-97529BFF1BF2}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{C43260DA-3ECB-4585-B76F-A9AF420B1770}] => (Allow) C:\Windows\System32\SUPDSvc.exe
FirewallRules: [{9F974AC6-171C-47C5-939E-6F0C81138FD6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{38C23A24-2214-4F54-BC55-25BD15366037}] => (Allow) LPort=2869
FirewallRules: [{F14A4699-56B6-46EE-B005-62FA7E5999E6}] => (Allow) LPort=1900
FirewallRules: [{999BD14F-F9C6-4D6D-8639-4EC0D85E72A9}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{F31C0C5A-C660-4875-A910-CEE1CEAF256C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C8DCE68F-4E23-43FE-83AA-9526DA49E27A}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector\PDR8.EXE
FirewallRules: [{DCEBAD84-016F-4018-8977-554228068FEE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{58D44D10-2B3F-4207-8D3B-F5950BFA847D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2FAD5AAA-3E95-4A3F-9118-D81590B09D30}] => (Allow) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{8E51C08E-BF69-49E0-8FC5-E5D94FAC3EAF}] => (Allow) C:\Users\Caroline\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{0832F506-A356-4F2B-AA28-8FAD15E99043}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{868A9381-A9BA-4122-A1CE-936E91DA9AB4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D73F7F0E-0B2D-4A06-8A9C-14CA882DC927}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8EAE816C-A9D0-4546-A65B-0AA15F675E45}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{6EB083A1-4190-43F2-AD95-79C7C599B485}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS0F0C\setup\hpznui40.exe
FirewallRules: [{35F41737-C134-43F9-8DB0-2AE7C61D6B04}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3881B19B-F10C-47E5-B20B-D98EB637FFEF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{D9923D9E-B23F-43DC-8319-A49F817A2C40}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{9ED81735-5F08-43F6-99DD-C947B195CC37}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{D3244041-A882-4F93-A84A-F945D3076312}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3E725F7F-F445-4591-8AD7-AEDF6CD3DACD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{31A5C4BE-C472-45E7-8219-B6405FAD5B89}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{F7A2BE71-B884-414D-9E94-3AEC38103F28}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{E722A078-95A3-41E2-B3D7-69D346474C42}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{4DAB18CA-DE89-4DD7-B2AF-97ACC90BA624}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{AFC37C96-0CDF-41A9-A9EB-71AB1FD5B5E0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{83FD5841-B875-4321-8D80-0D3FE8BFC1D5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{EB63F58C-AD8C-4207-B6D0-1877BE508D73}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{DC2A2E14-9C3D-467C-B787-80D4597D7803}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsudi.exe
FirewallRules: [{71D6F274-3384-4C79-B3E1-46BB2147D870}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpsapp.exe
FirewallRules: [{EE651F19-99ED-4A84-9BB0-AD0B601A7F46}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{8508F74C-CF9C-455F-A557-C6F452018ECE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{C15C271D-9709-4FAB-A5A8-501AC626C898}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqpse.exe
FirewallRules: [{376AA658-478B-46B8-889F-4A801F3BAEED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{5D1A1C9C-D203-46F7-AA7A-2C99109B9A92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{2040D129-FCB3-493D-8560-D9287B70085B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{AD8D798F-1A61-4A65-8A25-457EB2B1363D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{499919F5-5DF3-419B-9093-D3E49DE703A8}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{2FE359DF-1B93-48F1-A25E-6CCE4DD6896B}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [TCP Query User{41DD8168-DC70-4B65-A11E-9443E9645F45}C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{1C31CEEB-5C42-4E7C-8AE3-7AF7E6CC32FA}C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\caroline\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{54F4581B-711B-4F36-9F3E-44A87FB15498}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{ED8D1DA8-8633-40EE-B6DE-EBAC3F10990A}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS1F14.tmp\SymNRT.exe
FirewallRules: [{707518F4-4AC5-4159-A6A9-83B8CCD97FA6}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS1F14.tmp\SymNRT.exe
FirewallRules: [{F44DEA68-0590-4A4A-82C8-3EF3BB622B5D}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS93F5.tmp\SymNRT.exe
FirewallRules: [{FAEAD4CE-F30F-4194-9119-51A02D4EA3C2}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zS93F5.tmp\SymNRT.exe
FirewallRules: [{33409E33-A5EA-43A9-905D-8B77C756BAD2}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zSFAD2.tmp\SymNRT.exe
FirewallRules: [{D8B1C659-9D39-4251-B56C-8C53D19D511D}] => (Allow) C:\Users\Caroline\AppData\Local\Temp\7zSFAD2.tmp\SymNRT.exe
FirewallRules: [{81CB5D64-3094-4A91-8267-66620622827C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EC221F39-5370-4C4D-896C-E766ADEDD389}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{25582CB8-335D-4F06-A250-1549DC74D64B}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

13-07-2016 17:11:08 Windows Update
20-07-2016 08:03:44 Windows Update
21-07-2016 18:12:20 Installed Rapport
30-07-2016 16:36:47 Scheduled Checkpoint
10-08-2016 17:17:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/13/2016 06:36:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/12/2016 04:37:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/11/2016 06:01:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29201609

Error: (08/11/2016 06:01:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29201609

Error: (08/11/2016 06:01:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/11/2016 06:01:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29186009

Error: (08/11/2016 06:01:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 29186009

Error: (08/11/2016 06:01:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/10/2016 06:36:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/10/2016 08:24:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/13/2016 06:38:03 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (08/13/2016 06:37:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/13/2016 05:01:04 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/13/2016 05:01:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/13/2016 05:01:03 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/13/2016 05:00:54 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/12/2016 04:39:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (08/12/2016 09:07:27 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/12/2016 09:07:26 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (08/12/2016 09:07:25 AM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 34%
Total physical RAM: 8104.29 MB
Available physical RAM: 5327.11 MB
Total Virtual: 16206.76 MB
Available Virtual: 12952.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:364 GB) (Free:218.6 GB) NTFS
Drive d: () (Fixed) (Total:544.49 GB) (Free:543.79 GB) NTFS
Drive f: () (Removable) (Total:14.83 GB) (Free:0.88 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: CD54DF59)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=364 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=544.5 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=22.9 GB) - (Type=12)

========================================================
Disk: 1 (Size: 14.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

 

Link to post
Share on other sites

Hello Nordica and welcome to Malwarebytes,

My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please:

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...


Continue as follows:

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.
NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.


Next,

Please open Malwarebytes Anti-Malware.

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".
  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware
  • Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the Scan is complete Apply Actions to any found entries.
  • Wait for the prompt to restart the computer to appear (if applicable), then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.
  • Double click on the Scan log which shows the Date and time of the scan just performed.
  • Click Export > From export you have three options: > From export you have three options:

      Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
      Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
      XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

  • Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Fixlist.txt

Link to post
Share on other sites

Hello

thanks so much for replying and offering to help. Such a relief... So, a question - i am still on the free MWB as didn't want to risk using payment info on an unsafe PC today. Is that OK?

Also, i messed up the save location for the fixlist (newbie), realised my error, re-did and re-ran (had to re-start, it said) and here is the result.

This last MWB did not show any detections so did not need to re-start. But, MWB is still showing the trojan as Quarantined from the scan i did first thing today, should i remove it?

Hope i've done this correctly.

thnx

==========

Fix result of Farbar Recovery Scan Tool (x64) Version: 11-08-2016 01
Ran by Caroline (2016-08-13 10:18:55) Run:2
Running from C:\Users\Caroline\Desktop
Loaded Profiles: UpdatusUser & Caroline (Available Profiles: UpdatusUser & Caroline)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
BootExecute: autocheck autochk * sdnclean64.exe 
C:\Users\Caroline\AppData\Local\Temp\ose00000.exe 
Task: {0C15C14E-0ABE-4CB6-82FF-72B08B7D2D1C} - \Microsoft\Windows\Windows Activation Technologies\ValidationTask -> No File <==== ATTENTION
Task: {26D0B1D8-508C-4CA3-89C8-8F724C6312B4} - \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline -> No File <==== ATTENTION
Task: {2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} - \Microsoft\Windows\WindowsBackup\ConfigNotification -> No File <==== ATTENTION
Task: {487955C2-4040-40FA-A22E-FC6D55B7BDB8} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent -> No File <==== ATTENTION
Task: {CEE64558-E1A7-4D9D-80A7-2001912BE5B5} - \Microsoft\Windows\MemoryDiagnostic\CorruptionDetector -> No File <==== ATTENTION
Task: {FA2BC0A6-8D4B-458A-85C8-2B8C72487513} - \Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector -> No File <==== ATTENTION
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
end

*****************

Restore point was successfully created.
Processes closed successfully.
hklm\System\CurrentControlSet\Control\Session Manager\\BootExecute => value restored successfully
"C:\Users\Caroline\AppData\Local\Temp\ose00000.exe" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C15C14E-0ABE-4CB6-82FF-72B08B7D2D1C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTask => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{26D0B1D8-508C-4CA3-89C8-8F724C6312B4} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2F57269B-1E09-4E2D-AB1E-B0FDAC7D279C} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\WindowsBackup\ConfigNotification => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{487955C2-4040-40FA-A22E-FC6D55B7BDB8} => key not found. 
C:\windows\System32\Tasks\0 => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\0 => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AC4E5ACF-89F7-4220-BA21-81EE183975E2} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Application Experience\AitAgent => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CEE64558-E1A7-4D9D-80A7-2001912BE5B5} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\CorruptionDetector => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FA2BC0A6-8D4B-458A-85C8-2B8C72487513} => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\MemoryDiagnostic\DecompressionFailureDetector => key not found. 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 12582912 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4731375 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 152752 B
Edge => 0 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 0 B
UpdatusUser => 0 B
Caroline => 27144 B

RecycleBin => 6431 B
EmptyTemp: => 16.7 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 10:19:38 ====

==========================

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 13/08/2016
Scan Time: 06:43
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.08.13.02
Rootkit Database: v2016.08.09.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Caroline

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389200
Time Elapsed: 56 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Fixlog.txt

Link to post
Share on other sites

Yes you can delete the quarantined entry from Malwarebytes, continue and run the following:

Download RKill from here: http://www.bleepingcomputer.com/download/rkill/

There are three buttons to choose from with different names on, select the first one and save it to your desktop.
 
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7/8/10, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply.
  • If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time.
  • If the tool does not run from any of the links provided, please let me know.


Next,

Download AdwCleaner by Xplode onto your Desktop.
 
  • Double click on Adwcleaner.exe to run the tool.
  • Click on the Scan in the Actions box
  • Please wait fot the scan to finish..
  • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
  • Click on the Cleaning box.
  • Next click OK on the "Closing Programs" pop up box.
  • Click OK on the Information box & again OK to allow the necessary reboot
  • After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply. Where * is the number relative to list of scans completed...


Next,

Download Sophos Free Virus Removal Tool and save it to your desktop.
 
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found please confirm that result....


Let me see those logs, also give an update on any remaining issues or concerns.......

Thank you,

Kevin..
Link to post
Share on other sites

Thank you. Have deleted the quarantined malware from MWB.
RKill ran ok, logfile below.
ADWCleaner found 23 items; logfile below.
Sophos - only issue with your instructions was it didn't launch on clicking Finish, so clicked on desktop shortcut and it did run, (for a long time), reported No threats.

Guess my remaining concern is.. is it really gone? ?
MWB removed it 10 days ago and then it 'reappeared', or how did i get reinfected. 
Which leads me onto prob the most common question you get - how do i stop this happening again? apart from never going online.
Thanks so much for helping - will defo donate (if my pc is safe...)

------------

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/13/2016 12:09:45 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity: 

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

 * TBS [Missing Service]

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 08/13/2016 12:13:44 PM
Execution time: 0 hours(s), 3 minute(s), and 58 seconds(s)
-----------

# AdwCleaner v6.000 - Logfile created 13/08/2016 at 12:21:56
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-12.4 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Caroline - CAROLINE-PC
# Running from : C:\Users\Caroline\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\ColaBrowser.LHExplorerBar
[-] Key deleted: HKLM\SOFTWARE\Classes\ColaBrowser.LHExplorerBar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
[-] Key deleted: HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
[-] Key deleted: [x64] HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
[-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Key deleted: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Yahoo\YFriendsBar
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\DataMngr
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Datamngr
[#] Key deleted on reboot: HKCU\Software\Yahoo\Companion
[#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar
[-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion
[-] Key deleted: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Data restored: HKU\S-1-5-21-2774599765-3218687334-1828580283-1001\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[#] Value deleted on reboot: HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf []


***** [ Web browsers ] *****

[-] [uk.ask.com] [Search Provider] Deleted: uk.ask.com
[-] [spybot-search-destroy.en.softonic.com] [Search Provider] Deleted: spybot-search-destroy.en.softonic.com
[-] [C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mjdepfkicdcciagbigfcmdhknnoaaegf


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3378 Bytes] - [13/08/2016 12:21:56]
C:\AdwCleaner\AdwCleaner[S0].txt - [3582 Bytes] - [13/08/2016 12:20:50]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3524 Bytes] ##########
 

Link to post
Share on other sites

RKill has indicated a missing service, TPM base service. I`ve attached TPM base service.zip to this reply. Download and unzip that file to your Desktop, you should have TPM base service.reg.

Double click on that reg file, agree any alerts and merges, re-boot when complete...

Regarding security, your system had many browser hijackers and a few pup`s, The majority may have come piggy backed to software or browser plugins you may have installed or allowed on your system...

The best security does not always stop unwanted extras if you grant access to the host carrier. I would strongly recommend that you update Malwarebytes to the premium version...

Also download and install UnChecky - https://unchecky.com/ that program will stop many piggy-backed unwanted extras that can arrive with free software..

Also download and install McShield - http://www.mcshield.net/ that program will protect from external hard drives, Flash drives, memory sticks and other USB devices that may carry infection or exploited software....

Let me know if the service merges ok, also if any remaining issues or concerns...

Thank you,

Kevin

TPM_Base_Services.zip

Link to post
Share on other sites

Thank you v much for your help & advice... i opened the registry file, agreed to it changing stuff, re-booted, and everything's still working ok :)...

I will get premium MWB, is it safe now to use my pc to do so? or can i buy with another PC and download to this...

Also, should i uninstall the programms i've added today, or keep them and re-run regularly?

I still have Norton, not that it helped with this problem! 
I'm not one for downloading and installing stuff, the most recent trouble i had was Google Chrome a few months ago so maybe it happened then, or via USB/Sd cards. Will also download the other progs you suggest.

Finally, if MWB does find it again in several days, should i come back here or what further advice might you have?

thnx so much.

 

Link to post
Share on other sites

Yes you can return anytime you want, make sure to also install Unchecky and McShield, they are free... To clean up do  the following:

To remove Zemana and Sophos d/l and use the following Uninstaller tool...

Download GeekUninstaller from here: http://www.geekuninstaller.com/download (Choose free version) Save Geek.zip to your Desktop. (Visit the Home page at that link for necessary information)

Extract Geek Uninstaller and save to your Desktop. There is no need to install, the executable is portable and can also be run from a USB if required.

Run the tool, the main GUI will populate with installed programs list,

Left click on Program name to highlight that entry.

Select Action from the Menu bar, then Uninstall from there follow the prompts.

If Uninstall fails open the "Action" menu one more time and use "Force Removal" option

Next,

Download "Delfix by Xplode" and save it to your desktop.

Or use the following if first link is down:

"Delfix link mirror"

If your security program alerts to Delfix either, accept the alert or turn your security off.

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

Make Sure the following items are checked:

 
  • Remove disinfection tools <----- this will remove tools we have used.
  • Purge System Restore <--- this will remove all previous and possibly exploited restore points, a new point relative to system status at present will be created.
  • Reset system settings <--- this will reset any system settings back to default that were changed either by us during cleansing or malware/infection


Now click on "Run" and wait patiently until the tool has completed.

The tool will create a log when it has completed. We don't need you to post this.

Any remnant files/logs from tools we have used can be deleted…

Next,

Read the following links to fully understand PC Security and Best Practices, you may find them useful....

Answers to Common Security Questions and best Practices

Do I need a Registry Cleaner?

Take care and surf safe

Kevin... user posted image
Link to post
Share on other sites

Morning. Thought i would run ADWcleaner once more before removing seeing at it found stuff yesterday, and reported 3 items again (logfile below).

Do i still have a problem ? Got the MWB premium trial (scan was clear), got Mcshield & Unchecky, will work thro your removal list this morning... thnx

 

# AdwCleaner v6.000 - Logfile created 14/08/2016 at 07:01:39
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-13.3 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Caroline - CAROLINE-PC
# Running from : C:\Users\Caroline\Downloads\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[#] Value deleted on reboot: HKLM\SOFTWARE\Google\Chrome\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf []


***** [ Web browsers ] *****

[-] [C:\Users\Caroline\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: mjdepfkicdcciagbigfcmdhknnoaaegf


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [3607 Bytes] - [13/08/2016 12:21:56]
C:\AdwCleaner\AdwCleaner[C2].txt - [1194 Bytes] - [14/08/2016 07:01:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [3582 Bytes] - [13/08/2016 12:20:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [1539 Bytes] - [14/08/2016 07:01:12]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1413 Bytes] ##########
 

Link to post
Share on other sites

Right click on the NIS icon on the taskbar, select Disable Smart Firewall for a period of time that you wish (10 mins should be enough) also disable Norton Antivirus Auto Protect from that same menu....

AdwCleaner will have mopped up remnants, it is typical for a second/third run to do that... Such remnants pose no threat to your system...

Let me know if Delfix completes, also if any remaining issues or concerns..

Thank you,

Kevin

Link to post
Share on other sites

Thanks for your reassuring comments re Adwcleaner remnants and how to disable Norton..
Delfix downloaded & completed. Those removal programs have gone. Norton re-enabled.
Looking in Downloads, i can still see the Sophos.exe is listed - can i just delete this?

Also, shall i delete the Geek zip & .exe still on my desktop?

On with reading your suggested links! must get out more and stop surfing.

Link to post
Share on other sites

Yes you can delete Sophos executable, also delete the zip file you mention.. Other than that you should be good to go...

It was a pleasure to work with you, please do not hesitate to return should you need help in the future....

Regards,

Kevin....

Edited by kevinf80
typo
Link to post
Share on other sites

Thanks, have done that now. Will monitor MWB spotting anything again in the next couple of weeks, just in case.
Can't thank you enough for your help ... what sort of donation would be commensurate with the time you've spent helping me? (can maybe do from my work pc until faith is restored in this laptop)
Planning on sending this laptop off to a computer bloke who does 'pc MOT's' - amongst other things, the backup has never worked since i rolled back from Windows 10 to 7, and various other issues probably need tidying up as it's 4 yrs old now.
I would wish you a good weekend but it's nearly over, hope you got out for some beers inbetween helping stressed out malware victims like me.

thnx!

 

 

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.