Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Machine rebooting itself then stuck on black screen [Solved]


  • This topic is locked This topic is locked
14 replies to this topic

#1 leeg100

leeg100

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 18 September 2016 - 09:56 AM

Hello,
I'm currently having an issue with my machine where it will run for a short time then simply reboot itself. Upon rebooting it gets stuck on a black screen and goes no further. If I hard boot the machine, it does come bck up but will stay on for no longer than an hour and half at the most. I use Trend Micro Titanium and I've noticed when it starts, it starts 'starting protection' but never actually gets going.
Please see below my Hijack this log, aswMBR log and FRST log, I would really appreciate any help you could offer.
 
 
Hijackthis log:
 
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:21:58 PM, on 17-Sep-16
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10586.0545)
Boot mode: Normal
 
Running processes:
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\chrome_extension2\host\chrome_native_msg_host.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lee\Downloads\HiJackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll
O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll
O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files (x86)\WOT\WOT.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll
O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O4 - HKLM\..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_SE699.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON4AFCD5 (Epson Stylus Photo PX730)] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\Lee\AppData\Local\Temp\E_S77DA.tmp" /EF "HKCU"
O4 - Startup: SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.aka...vex-2.2.5.0.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset...lineScanner.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll
O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
O23 - Service: Trend Micro Password Manager Central Control Service (PwmSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
O23 - Service: Macrium Reflect Utility Service (ReflectService.exe) - Paramount Software UK Ltd - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: @%systemroot%\system32\vmcompute.exe,-100 (vmcompute) - Unknown owner - C:\WINDOWS\system32\vmcompute.exe (file missing)
O23 - Service: @%systemroot%\system32\vmms.exe,-10 (vmms) - Unknown owner - C:\WINDOWS\system32\vmms.exe (file missing)
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNETDHCP.EXE
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\SYSWOW64\VMNAT.EXE
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 15160 bytes
 
 
Startuplist log:
 
StartupList report, 17-Sep-16, 6:28:24 PM
StartupList version: 1.52.2
Started from : C:\Users\Lee\Downloads\HiJackThis.EXE
Detected: Unknown Windows (WinNT 6.02.1008)
Detected: Internet Explorer v11.0 (11.00.10586.0545)
* Using default options
==================================================
 
Running processes:
 
C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\SABnzbd\SABnzbd.exe
C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\AMSP\module\20013\ChromeExt\chromeextension\TmopChromeMsgHost32.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\chromeextension\NativeMessageHost\ToolbarNativeMsgHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Lee\Downloads\HiJackThis.exe
 
--------------------------------------------------
 
Listing of startup folders:
 
Shell folders Startup:
[C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
SABnzbd.lnk = C:\Program Files (x86)\SABnzbd\SABnzbd.exe
 
--------------------------------------------------
 
Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
Hotkey Utility = C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
Adobe Reader Speed Launcher = "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM = "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
SwitchBoard = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
AdobeCS5ServiceManager = "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
LWS = C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
APSDaemon = "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Monitor = "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"
SunJavaUpdateSched = "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 
--------------------------------------------------
 
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
 
Logitech Vid = "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
TomTomHOME.exe = "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
OneDrive = "C:\Users\Lee\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
EPSON Stylus Photo R265 Series = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_SE699.tmp" /EF "HKCU"
EPSON4AFCD5 (Epson Stylus Photo PX730) = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE /FU "C:\Users\Lee\AppData\Local\Temp\E_S77DA.tmp" /EF "HKCU"
 
--------------------------------------------------
 
Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
 
[OptionalComponents]
 = 
 
--------------------------------------------------
 
File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command
 
(Default) = C:\Windows\SysWOW64\mshta.exe "%1" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}%U{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5} %*
 
--------------------------------------------------
 
Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:
 
Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*
 
Shell & screensaver key from Registry:
 
Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*
 
Policies Shell key:
 
HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*
 
--------------------------------------------------
 
 
Enumerating Browser Helper Objects:
 
AcroIEHelperStub - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll - {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Trend Micro Toolbar BHO - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll - {43C6D902-A1C5-45c9-91F6-FD9E90337E18}
(no name) - (no file) - {5C255C8A-E604-49b4-9D64-90988571CECB}
(no name) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Trend Micro Network Filter Plugin - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll - {959A5673-7971-48e6-AF54-58F745AC4ABC}
Trend Micro IE Protection - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}
(no name) - C:\Program Files (x86)\WOT\WOT.dll - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7}
(no name) - C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll - {DBC80044-A445-435b-BC74-9C25C1C588A9}
 
--------------------------------------------------
 
Enumerating Task Scheduler jobs:
 
Adobe Flash Player Updater.job
GoogleUpdateTaskMachineCore.job
GoogleUpdateTaskMachineUA.job
 
--------------------------------------------------
 
Enumerating Download Program Files:
 
[DLM Control]
InProcServer32 = C:\Windows\DOWNLO~1\DownloadManagerV2.ocx
 
[{7530BFB8-7293-4D34-9923-61A11451AFC5}]
 
--------------------------------------------------
 
Enumerating Winsock LSP files:
 
NameSpace #1: C:\WINDOWS\system32\NLAapi.dll
NameSpace #2: C:\WINDOWS\system32\napinsp.dll
NameSpace #3: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #4: C:\WINDOWS\system32\pnrpnsp.dll
NameSpace #7: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
 
--------------------------------------------------
 
Enumerating ShellServiceObjectDelayLoad items:
 
WebCheck: *Registry key not found*
 
--------------------------------------------------
End of report, 7,367 bytes
Report generated in 0.031 seconds
 
Command line options:
   /verbose  - to add additional info on each section
   /complete - to include empty sections and unsuspicious data
   /full     - to include several rarely-important sections
   /force9x  - to include Win9x-only startups even if running on WinNT
   /forcent  - to include WinNT-only startups even if running on Win9x
   /forceall - to include all Win9x and WinNT startups, regardless of platform
   /history  - to list version history only
 
 
 
aswMBR log:
 
aswMBR version 1.0.1.2252 Copyright© 2014 AVAST Software
Run date: 2016-09-18 13:45:13
-----------------------------
13:45:13.608    OS Version: Windows x64 6.2.9200 
13:45:13.608    Number of processors: 4 586 0x170A
13:45:13.609    ComputerName: LEE-QUAD  UserName: Lee
13:45:25.727    Initialize success
13:45:25.811    VM: initialized successfully
13:45:25.812    VM: Intel CPU supported 
13:45:28.527    VM: disk I/O iaStorAV.sys
13:47:25.441    AVAST engine defs: 16091202
13:48:03.041    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e
13:48:03.044    Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 8
13:48:04.056    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000031
13:48:04.060    Disk 1 Vendor: SAMSUNG_HD204UI 1AQ10001 Size: 1907729MB BusType: 8
13:48:04.142    Disk 0 MBR read successfully
13:48:04.146    Disk 0 MBR scan
13:48:04.192    Disk 0 Windows 7 default MBR code
13:48:04.196    Disk 0 Partition 1 00     27 Hidden NTFS WinRE NTFS        15360 MB offset 2048
13:48:04.223    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 31459328
13:48:04.265    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       349645 MB offset 31664128
13:48:04.297    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS       350296 MB offset 747739136
13:48:04.356    Disk 0 scanning C:\WINDOWS\system32\drivers
13:48:17.935    Service scanning
13:48:41.384    Modules scanning
13:48:41.391    Disk 0 trace - called modules:
13:48:41.415    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorAV.sys 
13:48:41.421    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0018920d060]
13:48:41.426    3 CLASSPNP.SYS[fffff801c5237d95] -> nt!IofCallDriver -> [0xffffe00188926570]
13:48:41.432    5 ACPI.sys[fffff801c4221361] -> nt!IofCallDriver -> \Device\0000002e[0xffffe00188928060]
13:48:42.584    AVAST engine scan C:\WINDOWS
13:48:47.163    AVAST engine scan C:\WINDOWS\system32
13:51:48.516    AVAST engine scan C:\WINDOWS\system32\drivers
13:52:10.782    AVAST engine scan C:\Users\Lee
14:02:02.926    AVAST engine scan C:\ProgramData
14:21:31.907    Disk 0 statistics 3002632/0/0 @ 1.54 MB/s
14:21:31.917    Scan finished successfully
14:21:48.193    Disk 0 MBR has been saved successfully to "C:\Users\Lee\Downloads\MBR.dat"
14:21:48.238    The log file has been saved successfully to "C:\Users\Lee\Downloads\aswMBR.txt"
 
 
 
 
FRST log:
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-09-2016
Ran by Lee (administrator) on LEE-QUAD (18-09-2016 14:22:15)
Running from C:\Users\Lee\Downloads
Loaded Profiles: Lee (Available Profiles: Lee & Shons & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHQE.EXE
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18 ] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-07-14] (TomTom)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [EPSON Stylus Photo R265 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE [139264 2006-05-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [EPSON4AFCD5 (Epson Stylus Photo PX730)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2010-08-16]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
GroupPolicyUsers\S-1-5-21-1954145345-3184534799-3782876019-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\..\Interfaces\{1475c761-93a8-4eda-a634-16fc7bceef3d}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll => No File
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-18] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-18] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
 
FireFox:
========
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\gocygxt6.default
FF NetworkProxy: "no_proxies_on", "https://localhost, localhost, 127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416  -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\gocygxt6.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-03]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-07-03]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-12-06]
 
Chrome: 
=======
CHR Profile: C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-08-31]
CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2458624 2016-09-01] (Trend Micro Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [File not signed]
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2015-12-29] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2015-12-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2015-12-29] (Microsoft Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2015-12-29] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2015-12-29 ] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2015-12-29] (Microsoft Corporation)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2015-12-29] (Microsoft Corporation)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [101600 2016-07-20] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [124752 2015-12-10] (Trend Micro Inc.)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2015-12-29] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2015-12-29] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30 ] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-01-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Lee\AppData\Local\Temp\aswMBR.sys [62728 2016-09-18 ] () [File not signed]
U3 aswVmm; C:\Users\Lee\AppData\Local\Temp\aswVmm.sys [224896 2016-09-18] ()
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-18 14:22 - 2016-09-18 14:22 - 00024554 _____ C:\Users\Lee\Downloads\FRST.txt
2016-09-18 14:21 - 2016-09-18 14:21 - 00002418  _____ C:\Users\Lee\Downloads\aswMBR.txt
2016-09-18 14:21 - 2016-09-18 14:21 - 00000512  _____ C:\Users\Lee\Downloads\MBR.dat
2016-09-18 11:04 - 2016-09-18 14:22 - 00000000 ____D C:\FRST
2016-09-18 10:59 - 2016-09-18 11:04 - 02399232 _____ (Farbar) C:\Users\Lee\Downloads\FRST64.exe
2016-09-18 10:58 - 2016-09-18 11 :04 - 05198336 _____ (AVAST Software) C:\Users\Lee\Downloads\aswMBR.exe
2016-09-17 18:28 - 2016-09-17 18:28 - 00007195 _____ C:\Users\Lee\Downloads\startuplist.txt
2016-09-17 18:17 - 2016-09-17 18:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HiJackThis.exe
2016-09-17 17:53 - 2016-09-18 11:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-17 17:52 - 2016-09-17 17 :52 - 00001179  _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000  ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000  ____D C:\ProgramData\Malwarebytes
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000  ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-17 17:52 - 2016-03-10 14 :09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-17 17:52 - 2016-03-10 14 :08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-17 17:52 - 2016-03-10 14 :08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-17 17:51 - 2016-09-17 17:52 - 22851472 _____ (Malwarebytes ) C:\Users\Lee\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-17 17:44 - 2016-09-17 17 :44 - 00566128  _____ (Malwarebytes) C:\Users\Lee\Downloads\mbam-clean-2.3.0.1001.exe
2016-09-17 16:49 - 2016-09-17 16 :49 - 00002010 _____ C:\Users\Public\Desktop\Reflect.lnk
2016-09-17 16:49 - 2016-09-17 16 :49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2016-09-17 16:49 - 2016-09-17 16 :49 - 00000000 ____D C:\Program Files\Macrium
2016-09-17 16:36 - 2016-09-17 16:36 - 00000000  ____D C:\Users\Lee\Downloads\Macrium
2016-09-17 16:35 - 2016-09-17 16:51 - 00000000  ____D C:\ProgramData\Macrium
2016-09-08 13:44 - 2016-09-08 13 :44 - 00486958  _____ C:\Users\Lee\Downloads\Newsletter September 2016 +.pdf
2016-09-08 13:42 - 2016-09-08 13:42 - 00487140 _____ C:\Users\Lee\Downloads\Newsletter  Sept  2016.pdf
2016-09-08 11:56 - 2016-09-08 13:29 - 00000000 ____D C:\ESD
2016-09-08 11:47 - 2016-09-08 11:47 - 00000000  ___HD C:\$Windows.~WS
2016-09-08 11:47 - 2016-09-08 11:47 - 00000000  ____D C:\$WINDOWS.~BT
2016-09-08 11:45 - 2016-09-08 11:47 - 18309328  _____ (Microsoft Corporation) C:\Users\Lee\Downloads\MediaCreationTool.exe
2016-09-08 11:42 - 2016-09-08 11:42 - 00002555 _____ C:\Users\Lee\Downloads\Productkeyforwindows.vbs
2016-09-07 15:52 - 2016-09-07 15 :52 - 01445367  _____ C:\Users\Lee\Downloads\WORRY BOOK.pdf
2016-09-04 16:27 - 2016-09-05 08:08 - 00001319 _____ C:\Users\Lee\Desktop\Worry diary.txt
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.002
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.001
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.000
2016-08-27 15:37 - 2016-08-27 15:37 - 00003320 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-19 12:44 - 2016-08-19 12 :44 - 00002446  _____ C:\Users\Lee\Downloads\contacts.csv
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-18 14:11 - 2013-04-13 09:53 - 00000924  _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-18 13:58 - 2015-10-30 08 :24 - 00000000  ____D C:\WINDOWS\AppReadiness
2016-09-18 13:57 - 2015-10-30 08 :24 - 00000000  ___HD C:\Program Files\WindowsApps
2016-09-18 13:52 - 2012-04-20 21 :06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-18 13:44 - 2013-04-13 09 :53 - 00000920  _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-18 13:41 - 2015-12-29 15:40 - 01031504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-18 13:41 - 2015-10-30 08:21 - 00000000  ____D C:\WINDOWS\INF
2016-09-18 13:34 - 2015-12-29 16:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-18 13:34 - 2012-05-21 18:10 - 00000000 ____D C:\ProgramData\VMware
2016-09-18 13:33 - 2013-04-01 19:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-18 13:33 - 2013-04-01 19:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-18 12:31 - 2013-04-01 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-18 12:27 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-18 12:08 - 2015-11-15 21:34 - 00000010  _____ C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
2016-09-18 11:16 - 2016-07-21 15:42 - 00000000 ____D C:\Users\Lee\Downloads\incomplete
2016-09-18 11:01 - 2016-07-28 15:52 - 00000000  ____D C:\Users\Lee\AppData\Local\DP_Tower_3.7
2016-09-17 18:18 - 2010-03-21 19:36 - 00000000  ____D C:\Users\Lee\AppData\Local\VirtualStore
2016-09-17 18:10 - 2015-12-29 15:41 - 00000000  ____D C:\Users\Lee
2016-09-17 17:45 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-17 17:15 - 2013-04-13 09:55 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 17:15 - 2013-04-13 09:55 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-17 16:36 - 2010-09-25 09:43 - 00004150  _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2EB18B0-B9DE-4821-8F80-FDDE65545E85}
2016-09-17 16:34 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-13 19:52 - 2015-10-30 08 :24 - 00000000  ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-13 19:52 - 2015-10-30 08 :24 - 00000000  ____D C:\WINDOWS\system32\Macromed
2016-09-13 17:11 - 2015-11-15 19:50 - 00000000  ____D C:\ProgramData\TMDP_Log
2016-09-13 17:11 - 2009-07-14 03:34 - 00000647  _____ C:\WINDOWS\win.ini
2016-09-08 13:29 - 2015-12-29 23:31 - 00000000  ___DC C:\WINDOWS\Panther
2016-09-04 15:18 - 2016-07-24 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-04 15:18 - 2016-07-24 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-02 00:10 - 2015-10-30 08:24 - 00000000  ____D C:\WINDOWS\system32\appraiser
2016-08-27 15:37 - 2015-11-14 22:17 - 00002403 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-27 15:37 - 2015-11-14 22:17 - 00000000 ___RD C:\Users\Lee\OneDrive
2016-08-27 15:36 - 2011-01-25 20:34 - 00000000  ____D C:\Users\Lee\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2011-10-16 19:55 - 2011-10-16 19 :55 - 0000132 _____ () C:\Users\Lee\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-08-23 21:16 - 2015-11-01 16:55 - 0035328 _____ () C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-05 15:37 - 2013-01-05 15:37 - 0000036 _____ () C:\Users\Lee\AppData\Local\housecall.guid.cache
2011-01-29 11:48 - 2011-01-29 11:49 - 0006100 _____ () C:\Users\Lee\AppData\Local\MyWinLockerInstaller.txt-20110129.log
2010-08-25 20:28 - 2011-09-06 20:06 - 0007597 _____ () C:\Users\Lee\AppData\Local\Resmon.ResmonCfg
2015-11-15 21:34 - 2016-09-18 12:08 - 0000010 _____ () C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
2009-09-20 12:54 - 2009-09-20 12 :56 - 0008505 _____ () C:\ProgramData\ArcadeDeluxe3.log
2011-01-25 21:27 - 2011-01-25 21:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-27 20:18 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2011-01-28 15:42 - 2011-01-28 15:43 - 0000091 _____ () C:\ProgramData\PS.log
 
Some files in TEMP:
====================
C:\Users\Lee\AppData\Local\Temp\jre-8u91-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-08 17:17
 
==================== End of FRST.txt ============================
 

    Advertisements

Register to Remove


#2 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 18 September 2016 - 08:23 PM

:welcome:

 

The first time FRST is run it produces an Additions log, can you post it please. If you lost it you may have to run FRST again , this time make sure there is a checkmark in Additions, leave everything else as is.  Before you run it again, we need to move it to your desktop . Go to your downloads folder and look for FRST64, right click on and select CUT, come back to your desktop and  right click on blank space and select PASTE



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#3 leeg100

leeg100

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 19 September 2016 - 02:32 AM

Hello,

Thanks for the quick response, apologies for missing the additions log, I have re-scanned my machine with FRST, please see results below.

 

Regards

 

Lee

 

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016
Ran by Lee (administrator) on LEE-QUAD (19-09-2016 09:20:24)
Running from C:\Users\Lee\Desktop
Loaded Profiles: Lee (Available Profiles: Lee & Shons & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHQE.EXE
() C:\Program Files (x86)\SABnzbd\SABnzbd.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
() C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7981088 2009-07-20] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-05] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [629280 2009-08-18 ] ()
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-08-12] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [67384 2016-07-05] (Apple Inc.)
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [124544 2016-02-11] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6129496 2011-01-13] (Logitech Inc.)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [255224 2016-07-14] (TomTom)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [EPSON Stylus Photo R265 Series] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_FATIBNE.EXE [139264 2006-05-19] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Run: [EPSON4AFCD5 (Epson Stylus Photo PX730)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIHQE.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SABnzbd.lnk [2010-08-16]
ShortcutTarget: SABnzbd.lnk -> C:\Program Files (x86)\SABnzbd\SABnzbd.exe ()
GroupPolicyUsers\S-1-5-21-1954145345-3184534799-3782876019-1003\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{1475c761-93a8-4eda-a634-16fc7bceef3d}: [DhcpNameServer] 192.168.1.1 0.0.0.0
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> DefaultScope value is missing
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
SearchScopes: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_en
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll [2010-04-28] (Microsoft Corporation)
BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll => No File
BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-18] (Oracle Corporation)
BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-18] (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll No File
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.0.cab
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-16] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-11-22] (Skype Technologies S.A.)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe64.dll [2016-06-15] (Trend Micro Inc.)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\TmBpIe32.dll [2016-06-15] (Trend Micro Inc.)
Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-17] (Trend Micro Inc.)
Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-17] (Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-12-21] (Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.)
Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2010-08-30] ()
 
FireFox:
========
FF ProfilePath: C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\gocygxt6.default
FF NetworkProxy: "no_proxies_on", "https://localhost, localhost, 127.0.0.1"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-13] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-13] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-18] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416  -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-16] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Extension: (Firefox Hotfix) - C:\Users\Lee\AppData\Roaming\Mozilla\Firefox\Profiles\gocygxt6.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-03]
FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF Extension: (Trend Micro BEP Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension [2016-07-03]
FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1089\9.1.1089\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2016-03-25]
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF Extension: (Trend Micro Osprey Firefox Extension) - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-12-06]
 
Chrome: 
=======
CHR Profile: C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default [2016-09-18]
CHR Extension: (Google Docs) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-21]
CHR Extension: (Google Drive) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]
CHR Extension: (Google Search) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Google Docs Offline) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-11]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-11]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2016-08-31]
CHR Extension: (Gmail) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Extension: (Chrome Media Router) - C:\Users\Lee\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-31]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.)
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2458624 2016-09-01] (Trend Micro Inc.)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3764472 2016-09-07] (Paramount Software UK Ltd)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 VMAuthdService; C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe [79872 2012-06-09] (VMware, Inc.) [File not signed]
S3 vmcompute; C:\Windows\system32\vmcompute.exe [1142272 2015-12-29] (Microsoft Corporation)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [14384128 2015-12-29] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)
S2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [22528 2015-12-29] (Microsoft Corporation)
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-18] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [23552 2015-12-29] (Microsoft Corporation)
S3 pcip; C:\Windows\System32\drivers\pcip.sys [44544 2015-12-29 ] (Microsoft Corporation)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [50176 2015-12-29] (Microsoft Corporation)
R3 Synth3dVsp; C:\Windows\System32\drivers\synth3dvsp.sys [101888 2015-12-29] (Microsoft Corporation)
R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [133424 2015-11-23] (Trend Micro Inc.)
R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [324912 2015-11-23] (Trend Micro Inc.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.)
R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-08] (Trend Micro Inc.)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-23] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [99632 2015-11-23] (Trend Micro Inc.)
R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [561952 2016-06-24] (Trend Micro Inc.)
R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [101600 2016-07-20] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [124752 2015-12-10] (Trend Micro Inc.)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [26624 2015-12-29] (Microsoft Corporation)
R2 VMSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
R0 vmsproxy; C:\Windows\System32\drivers\vmsproxy.sys [22016 2015-12-29] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\System32\drivers\vmswitch.sys [976384 2016-02-23] (Microsoft Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30 ] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WinNat; C:\Windows\System32\drivers\winnat.sys [350720 2016-01-16] (Microsoft Corporation)
U3 aswMBR; C:\Users\Lee\AppData\Local\Temp\aswMBR.sys [62728 2016-09-18 ] () [File not signed]
U3 aswVmm; C:\Users\Lee\AppData\Local\Temp\aswVmm.sys [224896 2016-09-18] ()
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-19 09:20 - 2016-09-19 09:21 - 00024827  _____ C:\Users\Lee\Desktop\FRST.txt
2016-09-19 09:19 - 2016-09-19 09:19 - 00000000 ____D C:\Users\Lee\Desktop\FRST-OlderVersion
2016-09-19 09:18 - 2016-09-19 09:19 - 02400256 _____ (Farbar) C:\Users\Lee\Desktop\FRST64.exe
2016-09-18 14:23 - 2016-09-18 14:24 - 00049944  _____ C:\Users\Lee\Downloads\Addition.txt
2016-09-18 14:22 - 2016-09-18 14:24 - 00033845  _____ C:\Users\Lee\Downloads\FRST.txt
2016-09-18 14:21 - 2016-09-18 14:21 - 00002418  _____ C:\Users\Lee\Downloads\aswMBR.txt
2016-09-18 14:21 - 2016-09-18 14:21 - 00000512  _____ C:\Users\Lee\Downloads\MBR.dat
2016-09-18 11:04 - 2016-09-19 09:20 - 00000000 ____D C:\FRST
2016-09-18 10:59 - 2016-09-18 11:04 - 02399232 _____ (Farbar) C:\Users\Lee\Downloads\FRST64.exe
2016-09-18 10:58 - 2016-09-18 11 :04 - 05198336 _____ (AVAST Software) C:\Users\Lee\Downloads\aswMBR.exe
2016-09-17 18:28 - 2016-09-17 18:28 - 00007195 _____ C:\Users\Lee\Downloads\startuplist.txt
2016-09-17 18:17 - 2016-09-17 18:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Lee\Downloads\HiJackThis.exe
2016-09-17 17:53 - 2016-09-18 11:42 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-17 17:52 - 2016-09-17 17 :52 - 00001179  _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000  ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000  ____D C:\ProgramData\Malwarebytes
2016-09-17 17:52 - 2016-09-17 17 :52 - 00000000  ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-17 17:52 - 2016-03-10 14 :09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-17 17:52 - 2016-03-10 14 :08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-17 17:52 - 2016-03-10 14 :08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-17 17:51 - 2016-09-17 17:52 - 22851472 _____ (Malwarebytes ) C:\Users\Lee\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-17 17:44 - 2016-09-17 17 :44 - 00566128  _____ (Malwarebytes) C:\Users\Lee\Downloads\mbam-clean-2.3.0.1001.exe
2016-09-17 16:49 - 2016-09-17 16 :49 - 00002010 _____ C:\Users\Public\Desktop\Reflect.lnk
2016-09-17 16:49 - 2016-09-17 16 :49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2016-09-17 16:49 - 2016-09-17 16 :49 - 00000000 ____D C:\Program Files\Macrium
2016-09-17 16:36 - 2016-09-17 16:36 - 00000000  ____D C:\Users\Lee\Downloads\Macrium
2016-09-17 16:35 - 2016-09-17 16:51 - 00000000  ____D C:\ProgramData\Macrium
2016-09-08 13:44 - 2016-09-08 13 :44 - 00486958  _____ C:\Users\Lee\Downloads\Newsletter September 2016 +.pdf
2016-09-08 13:42 - 2016-09-08 13:42 - 00487140 _____ C:\Users\Lee\Downloads\Newsletter  Sept  2016.pdf
2016-09-08 11:56 - 2016-09-08 13:29 - 00000000 ____D C:\ESD
2016-09-08 11:47 - 2016-09-08 11:47 - 00000000  ___HD C:\$Windows.~WS
2016-09-08 11:47 - 2016-09-08 11:47 - 00000000  ____D C:\$WINDOWS.~BT
2016-09-08 11:45 - 2016-09-08 11:47 - 18309328  _____ (Microsoft Corporation) C:\Users\Lee\Downloads\MediaCreationTool.exe
2016-09-08 11:42 - 2016-09-08 11:42 - 00002555 _____ C:\Users\Lee\Downloads\Productkeyforwindows.vbs
2016-09-07 15:52 - 2016-09-07 15 :52 - 01445367  _____ C:\Users\Lee\Downloads\WORRY BOOK.pdf
2016-09-04 16:27 - 2016-09-05 08:08 - 00001319 _____ C:\Users\Lee\Desktop\Worry diary.txt
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.002
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.001
2016-08-30 16:10 - 2016-08-30 16:10 - 00000000 __SHD C:\found.000
2016-08-27 15:37 - 2016-08-27 15:37 - 00003320 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-09-19 09:21 - 2015-11-15 21:34 - 00000010  _____ C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
2016-09-19 09:19 - 2010-09-25 09:43 - 00004150  _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2EB18B0-B9DE-4821-8F80-FDDE65545E85}
2016-09-19 09:18 - 2016-07-28 15:52 - 00000000  ____D C:\Users\Lee\AppData\Local\DP_Tower_3.7
2016-09-19 09:18 - 2016-07-21 15:42 - 00000000 ____D C:\Users\Lee\Downloads\incomplete
2016-09-19 09:17 - 2013-04-13 09:53 - 00000920  _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-18 14:29 - 2015-12-29 15:41 - 00000000  ____D C:\Users\Lee
2016-09-18 14:11 - 2013-04-13 09:53 - 00000924  _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-18 13:58 - 2015-10-30 08 :24 - 00000000  ____D C:\WINDOWS\AppReadiness
2016-09-18 13:57 - 2015-10-30 08 :24 - 00000000  ___HD C:\Program Files\WindowsApps
2016-09-18 13:52 - 2012-04-20 21 :06 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-18 13:41 - 2015-12-29 15:40 - 01031504 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-18 13:41 - 2015-10-30 08:21 - 00000000  ____D C:\WINDOWS\INF
2016-09-18 13:34 - 2015-12-29 16:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-18 13:34 - 2012-05-21 18:10 - 00000000 ____D C:\ProgramData\VMware
2016-09-18 13:33 - 2013-04-01 19:28 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-18 13:33 - 2013-04-01 19:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-18 12:31 - 2013-04-01 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-18 12:27 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-17 18:18 - 2010-03-21 19:36 - 00000000  ____D C:\Users\Lee\AppData\Local\VirtualStore
2016-09-17 17:45 - 2015-10-30 07:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-17 17:15 - 2013-04-13 09:55 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-09-17 17:15 - 2013-04-13 09:55 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-09-17 16:34 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-13 19:52 - 2015-10-30 08 :24 - 00000000  ____D C:\WINDOWS\SysWOW64\Macromed
2016-09-13 19:52 - 2015-10-30 08 :24 - 00000000  ____D C:\WINDOWS\system32\Macromed
2016-09-13 17:11 - 2015-11-15 19:50 - 00000000  ____D C:\ProgramData\TMDP_Log
2016-09-13 17:11 - 2009-07-14 03:34 - 00000647  _____ C:\WINDOWS\win.ini
2016-09-08 13:29 - 2015-12-29 23:31 - 00000000  ___DC C:\WINDOWS\Panther
2016-09-04 15:18 - 2016-07-24 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-04 15:18 - 2016-07-24 14:12 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-09-02 00:10 - 2015-10-30 08:24 - 00000000  ____D C:\WINDOWS\system32\appraiser
2016-08-27 15:37 - 2015-11-14 22:17 - 00002403 _____ C:\Users\Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-27 15:37 - 2015-11-14 22:17 - 00000000 ___RD C:\Users\Lee\OneDrive
2016-08-27 15:36 - 2011-01-25 20:34 - 00000000  ____D C:\Users\Lee\AppData\Roaming\Skype
 
==================== Files in the root of some directories =======
 
2011-10-16 19:55 - 2011-10-16 19 :55 - 0000132 _____ () C:\Users\Lee\AppData\Roaming\Adobe BMP Format CS5 Prefs
2010-08-23 21:16 - 2015-11-01 16:55 - 0035328 _____ () C:\Users\Lee\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-01-05 15:37 - 2013-01-05 15:37 - 0000036 _____ () C:\Users\Lee\AppData\Local\housecall.guid.cache
2011-01-29 11:48 - 2011-01-29 11:49 - 0006100 _____ () C:\Users\Lee\AppData\Local\MyWinLockerInstaller.txt-20110129.log
2010-08-25 20:28 - 2011-09-06 20:06 - 0007597 _____ () C:\Users\Lee\AppData\Local\Resmon.ResmonCfg
2015-11-15 21:34 - 2016-09-19 09:21 - 0000010 _____ () C:\Users\Lee\AppData\Local\sponge.last.runtime.cache
2009-09-20 12:54 - 2009-09-20 12 :56 - 0008505 _____ () C:\ProgramData\ArcadeDeluxe3.log
2011-01-25 21:27 - 2011-01-25 21:27 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2009-08-27 20:18 - 2009-07-18 02:57 - 0036136 _____ (Oberon Media) C:\ProgramData\FullRemove.exe
2011-01-28 15:42 - 2011-01-28 15:43 - 0000091 _____ () C:\ProgramData\PS.log
 
Some files in TEMP:
====================
C:\Users\Lee\AppData\Local\Temp\jre-8u91-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-08 17:17
 
==================== End of FRST.txt ============================
 
Addition:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by Lee (19-09-2016 09:21:53)
Running from C:\Users\Lee\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-29 15:07:58)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1954145345-3184534799-3782876019-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1954145345-3184534799-3782876019-503 - Limited - Disabled)
Guest (S-1-5-21-1954145345-3184534799-3782876019-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-1954145345-3184534799-3782876019-1002 - Limited - Enabled)
Lee (S-1-5-21-1954145345-3184534799-3782876019-1001 - Administrator - Enabled) => C:\Users\Lee
Shons (S-1-5-21-1954145345-3184534799-3782876019-1003 - Limited - Enabled) => C:\Users\Shons
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Trend Micro Maximum Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0}
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
6425 (HKLM-x32\...\{37755732-DEC2-4625-B9DC-551061AF9A7F}) (Version: 1.0.0 - Microsoft)
6426 (HKLM-x32\...\{3563A3B5-EFFC-4E41-A22C-B5DFA158E893}) (Version: 1.0.0 - Microsoft)
Ableton Live 9 Suite (HKLM\...\{48EC4E57-1D04-4831-90A7-151DA2269495}) (Version: 9.0.0.0 - Ableton)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.3.0.800 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.162 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (HKLM-x32\...\{15FEDA5F-141C-4127-8D7E-B962D1742728}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000  - Microsoft Corporation)
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110 }) (Version:  - Oberon Media)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - SEIKO EPSON Corporation)
EPSON PX730 Series Printer Uninstall (HKLM\...\EPSON PX730 Series) (Version:  - SEIKO EPSON Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 53.0.2785.116  - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 1.00.3004 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3001 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.6.6 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.6.6 - )
LeapFrog Connect (HKLM-x32\...\UPCShell) (Version: 7.0.7.20035 - LeapFrog)
LeapFrog Connect (x32 Version: 7.0.7.20035 - LeapFrog) Hidden
LeapFrog LeapPad Explorer Plugin (x32 Version: 7.0.6.19846 - LeapFrog) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.30 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 6.1 - Paramount Software (UK) Ltd.)
MAGIX Fonts Package 2 (x32 Version: 1.0.0.0 - MAGIX Software GmbH) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477 }) (Version:  - Oberon Media)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003  - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000  - Microsoft Corporation)
Microsoft Office Professional Plus 2007 (HKLM-x32\...\PROPLUS) (Version: 12.0.6612.1000  - Microsoft Corporation)
Microsoft Office Suite Activation Assistant (HKLM-x32\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148  (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570  (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
mkv2vob (HKLM-x32\...\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}) (Version: 2.4.5.1 - 3r1c)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MySpeed ActiveX v3.8.4 (HKLM-x32\...\{325F2351-2949-49BF-B061-483EFB089ECC}) (Version: 3.08.0252 - Enounce Incorporated)
Nero 9 Essentials (HKLM-x32\...\{299c01fe-0e4f-4584-b8e1-96a5015662b6}) (Version:  - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.7 - )
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5898 - Realtek Semiconductor Corp.)
SABnzbd 1.0.3 (HKLM-x32\...\SABnzbd) (Version: 1.0.3 - The SABnzbd Team)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Star Defender 4 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114803710 }) (Version:  - Oberon Media)
Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
TomTom HOME (HKLM-x32\...\{B581E191-A2C1-4CE3-907E-9FE3C728750C}) (Version: 2.9.91 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.)
Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin) (HKLM-x32\...\LeapPadExplorerPlugin) (Version:  - LeapFrog)
Visual CertExam Suite (HKLM-x32\...\Visual CertExam Suite_is1) (Version:  - Avanset)
VmciSockets (Version: 9.1.54.1 - VMware, Inc.) Hidden
VMware Player (HKLM-x32\...\VMware_Player) (Version: 4.0.4.30409 - VMware, Inc)
VMware Player (x32 Version: 4.0.4.30409 - VMware, Inc.) Hidden
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3005 - Acer Incorporated)
Windows 7 Upgrade Advisor (HKLM-x32\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net  (09/10/2009 02.03.05.012) (HKLM\...\8F14F2ECEDE68D26EA515B48DC25B39103C4FE8D) (Version: 09/10/2009 02.03.05.012 - Leapfrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416  - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{B10914FD-8812-47A4-85A1-50FCDE7F1F33}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029  - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WOT for Internet Explorer (HKLM-x32\...\{F99520C7-7EE6-472E-8DD8-E60003A9292F}) (Version: 10.8.30.0 - WOT Services Oy)
ZyXEL PLA42xx Series Configuration (HKLM\...\{AFCB663E-60B8-45FD-A135-47DF346EB78D}) (Version: 6.0.0 - ZyXEL Communications Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Lee\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0496D92C-9FCC-4776-AD8D-071393ACE28E} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {0641F2BF-899C-4807-B0D6-3968597F964B} - System32\Tasks\{B2524D83-A51B-4A22-8A8F-A87D53494378} => N:\AD Course\Microsoft Learning\C Drive\VServer progs\Virtual Server Mar 08\x64\setup.exe
Task: {0A14B66E-7182-4665-98CC-C496970575E0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {0BB3AD68-8DCF-45B0-A5E7-FEE875F809A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-09-13] (Adobe Systems Incorporated)
Task: {1102ED21-3DEB-45A3-AC4A-12D925EE6020} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Lee\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-27] (Microsoft Corporation)
Task: {1160CFA5-485A-4B5E-9959-C93401F1A42F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {12EB39C5-EE5A-4D3B-8B35-BEA43338E5BA} - System32\Tasks\{4F9D253B-C362-4BEF-917D-435B1616DAD1} => pcalua.exe -a F:\Setup.exe -d F:\
Task: {149D8C88-1D3F-4463-84C5-4AF3BB9AD6E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {173ED157-55ED-49B5-9850-F89D0070F8B4} - System32\Tasks\{84D54B3E-807B-43F4-997C-1C544A15B418} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {18F97976-117A-4028-94A3-77DF4ECD696C} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {1F02C9E9-09AF-4ABF-BDD0-5D1B20BE9A1A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {220969A1-96D4-415C-9999-CBB6CFE34F99} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {273CA0DF-1EF2-4C86-A1AA-BD0D2210C2FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {2C103A86-983D-4773-9211-5B7D6A0AC08D} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {2D618354-3FE6-4ED2-B9C6-BAAF9CF95FF6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {3BC2E104-DFE0-49F8-A687-A4E572D94108} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {3E5502DB-2073-4DFC-A175-F8D556D43DE4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {3E93AC1C-52D3-4CB6-AF99-10EB69A3C323} - System32\Tasks\{D6EECF5A-A6A2-4321-96CF-DA1FBC96108D} => pcalua.exe -a C:\Users\Lee\Downloads\SABnzbd-0.7.19-win32-setup.exe -d C:\Users\Lee\Downloads
Task: {3FF64AE1-1CFC-477F-B135-20139E49CA23} - System32\Tasks\{CE496F8A-B8CF-44FC-AC8B-8AD8AA741E24} => pcalua.exe -a C:\Users\Lee\Downloads\SABnzbd-0.7.17-win32-setup.exe -d C:\Users\Lee\Downloads
Task: {4176CCC9-FD0D-4B9B-BCAF-D8459A91F419} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4450E727-C18C-4286-B249-D33480B1B84B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {4464F9F3-CC74-48B2-AF39-8ECD754BDB74} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {48912906-8D91-492D-97C8-E57D415CE736} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {4C2B042A-58B2-47BA-8D02-5D5C0FA14E2A} - \Titanium BTC -> No File <==== ATTENTION
Task: {5733DB51-793B-498A-846D-7E1CA5517730} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {57F621B7-84BE-4782-BD5C-2FC16048E7E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5F8A7A07-33F4-4F04-8732-D8141B164F5C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {62623375-59B0-44DB-8A8D-810F3AB003DD} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {69BC6D6E-8BD2-4129-975E-A3F44AA8ECF3} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {6DCA2925-5900-4D37-8058-FE2D5490875D} - System32\Tasks\{8231C107-4000-4850-AE47-F29E5CD57C6F} => pcalua.exe -a "C:\Program Files (x86)\PS3 Media Server\PMS.exe" -d "C:\Program Files (x86)\PS3 Media Server"
Task: {6E58E557-33D3-4ED2-9D08-A2EF8C469D5C} - System32\Tasks\{49DA2071-BAE9-41B2-A7CC-9D59931C60D7} => pcalua.exe -a E:\autorun.exe -d E:\
Task: {6E698663-6C60-4604-A037-6DEDDE2C1784} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {739CF8A0-7FEE-4535-ADB2-8279C5BD7295} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {7A778D34-65AE-4BBB-AA1F-44DB8B323DA6} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {7D15C3C5-1C2D-4041-8FE6-0B571F13BC8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8158EB11-89DD-4402-84A1-12CC76A28CDA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {81FBCCBC-0766-4847-BCCC-0F657FC73A02} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {84C434A5-C65E-461B-8D95-1A3FB0D920EA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {AA3C3392-1E34-4932-BF38-22C75497AA88} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {AA7C41B8-BFE2-44A2-85AD-EA8E6D79C578} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {AFACAD88-572D-4329-A817-A9DE76CB3CC6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {B32A0E1F-B454-4F8E-A7E6-BD8A68DCBD1A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {C0DD0302-9B13-4F9A-A903-E260B94C50D0} - System32\Tasks\{01EB28F6-17A8-4D95-B056-F89552C8989D} => N:\AD Course\Microsoft Learning\C Drive\VServer progs\Virtual Server Mar 08\x64\setup.exe
Task: {C8C47B06-C8F2-45FD-9AE5-6D685B6899A7} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {CD9756D6-209F-4C09-A282-54EF4608465A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {D49F6823-F0D5-44BC-93BE-BF2DD5894D44} - System32\Tasks\{B983AD9E-1F5F-4357-B59D-E75E7F086FEA} => N:\AD Course\Microsoft Learning\C Drive\VServer progs\Virtual Server Mar 08\x64\setup.exe
Task: {D4CF0232-7C37-4E76-BE76-C66426C0C790} - System32\Tasks\AdobeAAMUpdater-1.0-Lee-Quad-Lee => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {DD43D464-CA8C-4B46-B5C5-EF8028F866A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {DFC0D368-28B3-4080-B540-125AAFB0870D} - System32\Tasks\{6EC3BE44-462F-40C4-9BD6-D8FFB28F7A8A} => pcalua.exe -a "C:\Program Files (x86)\iJoysoft\MKV Converter\Uninstall.exe"
Task: {E871DA1D-6076-4593-8F91-7AB20F36EAEA} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {EC211D06-BFF8-48F9-ABE8-56C056221CD0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F721A13F-D068-4C92-8B6B-7BBA9379EFE6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {F768FE8A-858D-41D8-8660-87C80BA1FA11} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-12] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\Public\Desktop\Acer Accessory Store.lnk -> C:\Program Files\Acer Accessory Store\StartURL.exe () -> hxxp://store.acer-euro.com/gb?utm_source=Icon&utm_medium=Icon&utm_campaign=Acer%2BInternal
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 08:18 - 2015-12-29 23:20 - 00263168 _____ () C:\WINDOWS\system32\wc_storage.dll
2015-11-15 19:50 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll
2015-11-15 19:52 - 2015-07-16 19 :31 - 00089088  _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll
2015-11-15 19:52 - 2015-07-16 19 :31 - 00018944  _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll
2015-11-15 19:52 - 2015-07-16 19 :31 - 00049664  _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll
2015-11-15 19:52 - 2015-07-16 19 :31 - 00761856  _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 12:30 - 2016-07-01 05 :48 - 02656408  _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 12:30 - 2016-07-01 05 :48 - 02656408  _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-27 15:37 - 2016-08-27 15:37 - 01864384 _____ () C:\Users\Lee\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2010-03-29 21:07 - 2010-03-15 11:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2015-12-29 23:27 - 2015-12-29 23:27 - 00093696  _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 12:32 - 2016-07-01 04:48 - 00472064  _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 12:30 - 2016-07-01 04 :27 - 07992832  _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 12:31 - 2016-07-01 04:21 - 00591360  _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 12:30 - 2016-07-01 04 :22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 12:30 - 2016-07-01 04 :24 - 04089856  _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2010-08-22 20:37 - 2016-06-18 10:05 - 00108032 _____ () C:\Program Files (x86)\SABnzbd\SABnzbd.exe
2009-08-18 08:27 - 2009-08-18 08:27 - 00629280  _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2015-11-15 19:50 - 2016-09-01 14:31 - 40970752  _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe
2016-04-19 09:34 - 2016-04-19 09:36 - 00144384  _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2012-06-09 02:36 - 2012-06-09 02:36 - 01229464  _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2009-04-10 00:04 - 2009-04-10 00:04 - 02141008 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtCore4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 07704400 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtGui4.dll
2009-04-22 22:53 - 2009-04-22 22:53 - 00969040  _____ () C:\Program Files (x86)\Logitech\Vid HD\QtNetwork4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00475472 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtOpenGL4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00363856 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtXml4.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00200016 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtSql4.dll
2010-10-29 21:01 - 2010-10-29 21:01 - 00027472 _____ () C:\Program Files (x86)\Logitech\Vid HD\SDL.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 11311952 _____ () C:\Program Files (x86)\Logitech\Vid HD\QtWebKit4.dll
2010-10-29 21:02 - 2010-10-29 21:02 - 00751616 _____ () C:\Program Files (x86)\Logitech\Vid HD\vpxmd.dll
2009-03-03 23:17 - 2009-03-03 23:17 - 00291664 _____ () C:\Program Files (x86)\Logitech\Vid HD\phonon4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00029008 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qgif4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00035152 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qico4.dll
2009-03-03 23:18 - 2009-03-03 23:18 - 00138064 _____ () C:\Program Files (x86)\Logitech\Vid HD\plugins\imageformats\qjpeg4.dll
2016-08-27 15:37 - 2016-08-27 15:37 - 01383616 _____ () C:\Users\Lee\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-27 15:37 - 2016-08-27 15:37 - 00118976 _____ () C:\Users\Lee\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-06-18 10:05 - 2016-06-18 10:05 - 00047616 _____ () C:\Program Files (x86)\SABnzbd\lib\_socket.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 01420288 _____ () C:\Program Files (x86)\SABnzbd\lib\_ssl.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 01008128 _____ () C:\Program Files (x86)\SABnzbd\lib\_hashlib.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00011264 _____ () C:\Program Files (x86)\SABnzbd\lib\select.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00099328 _____ () C:\Program Files (x86)\SABnzbd\lib\win32api.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00109056 _____ () C:\Program Files (x86)\SABnzbd\lib\pywintypes27.dll
2016-06-18 10:05 - 2016-06-18 10:05 - 00017408 _____ () C:\Program Files (x86)\SABnzbd\lib\win32event.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00041472 _____ () C:\Program Files (x86)\SABnzbd\lib\win32service.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00092672 _____ () C:\Program Files (x86)\SABnzbd\lib\_ctypes.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00051712 _____ () C:\Program Files (x86)\SABnzbd\lib\_sqlite3.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00416768 _____ () C:\Program Files (x86)\SABnzbd\lib\sqlite3.dll
2016-06-18 10:05 - 2016-06-18 10:05 - 00009728 _____ () C:\Program Files (x86)\SABnzbd\lib\_yenc.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00054784 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.crypto.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00010240 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.rand.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00045056 _____ () C:\Program Files (x86)\SABnzbd\lib\OpenSSL.SSL.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00011264 _____ () C:\Program Files (x86)\SABnzbd\lib\Cheetah._namemapper.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00137216 _____ () C:\Program Files (x86)\SABnzbd\lib\pyexpat.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00072192 _____ () C:\Program Files (x86)\SABnzbd\lib\bz2.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00035840 _____ () C:\Program Files (x86)\SABnzbd\lib\win32process.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00118784 _____ () C:\Program Files (x86)\SABnzbd\lib\win32file.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00048640 _____ () C:\Program Files (x86)\SABnzbd\lib\win32evtlog.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00026624 _____ () C:\Program Files (x86)\SABnzbd\lib\servicemanager.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00395776 _____ () C:\Program Files (x86)\SABnzbd\lib\pythoncom27.dll
2016-06-18 10:05 - 2016-06-18 10:05 - 00688128 _____ () C:\Program Files (x86)\SABnzbd\lib\unicodedata.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00166912 _____ () C:\Program Files (x86)\SABnzbd\lib\win32gui.pyd
2016-06-18 10:05 - 2016-06-18 10:05 - 00318976 _____ () C:\Program Files (x86)\SABnzbd\lib\winxpgui.pyd
2009-08-18 08:31 - 2009-08-18 08:31 - 00163840  _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 02143576 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2010-05-07 19:35 - 2010-05-07 19:35 - 07954776 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2010-05-07 19:36 - 2010-05-07 19:36 - 00340824  _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00027480 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2010-05-07 19:37 - 2010-05-07 19:37 - 00126808 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-11-24 09:46 - 2014-11-24 09:46 - 00879104 _____ () C:\Program Files (x86)\LeapFrog\LeapFrog Connect\platforms\qwindows.dll
2016-04-19 09:34 - 2016-04-19 09:36 - 00141312  _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-19 09:34 - 2016-04-19 09:36 - 22284800  _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:1D32EC29 [260]
AlternateDataStreams: C:\ProgramData\Temp:AB689DEA [294]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2014-04-17 20:12 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [VIRT-MIGL-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [VIRT-REMOTEDESKTOP-In-TCP-NoScope] => (Allow) %systemroot%\system32\vmms.exe
FirewallRules: [{A53C702D-A7F8-4ADF-A7C4-78B4F766480A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{86ED0E0D-CD0C-48BF-8CDB-E12B7C299D16}] => (Allow) svchost.exe
FirewallRules: [{A749FA62-4878-4B03-A0B7-7FE210B1564F}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{B35A1AC0-E0EC-4BF2-9ADE-142BE000F6B5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{03013119-F4B7-4D4F-B709-3155CCFD5BDF}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{73449981-7E36-4B8E-B852-9BDBCA7F0571}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [TCP Query User{55DC3F27-E94C-4AEB-B1D8-E2EEE127C28C}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{F3FA9B36-DF6F-49EC-B9FD-0CC9CEA5D6BD}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{7A28D6F0-3229-4640-AFF9-BF6DD7C789C2}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [UDP Query User{F9753D18-CAAF-4E42-90CF-D527BE8BD3E2}C:\program files (x86)\sabnzbd\sabnzbd.exe] => (Allow) C:\program files (x86)\sabnzbd\sabnzbd.exe
FirewallRules: [TCP Query User{A7994A77-B404-4E34-955D-B1C24D18638D}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{FBB4226B-EB7D-41D6-B60A-B98AA9EECC06}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [{5B82E843-8803-4B28-AA7A-EB6B747C6D67}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [{B054747E-16BD-4799-ACD8-53827D6D940B}] => (Allow) C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
FirewallRules: [TCP Query User{0E0D6F49-4CEA-4A2D-8A59-30B389D5BF2B}C:\program files (x86)\microsoft virtual pc\virtual pc.exe] => (Allow) C:\program files (x86)\microsoft virtual pc\virtual pc.exe
FirewallRules: [UDP Query User{C5298841-BB12-451F-9136-2535B31C0E2D}C:\program files (x86)\microsoft virtual pc\virtual pc.exe] => (Allow) C:\program files (x86)\microsoft virtual pc\virtual pc.exe
FirewallRules: [{521DB186-5409-4BBF-8471-6EB0F930B54E}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [{7516D432-CCEA-48D9-9897-D7CADFD8C52A}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
FirewallRules: [TCP Query User{F43D1097-2ADA-4442-BC40-3A872F1086E2}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{C0AC8CCF-B2AE-47DC-B47F-6465E4C98195}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [TCP Query User{767CFBD3-6666-4BE8-9265-B00B70052138}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [UDP Query User{5EBBD575-389E-42CA-BCD2-8CF5517AC477}C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe] => (Allow) C:\program files (x86)\ps3 media server\jre64\bin\javaw.exe
FirewallRules: [{C6505BB2-D09C-4C0C-8231-E06BCEFC1FF2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0472F80D-B7AE-4508-8420-69F0FC3263BB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B181DE35-F8A3-4265-B1FD-323BEE75C1E1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AFEA7F11-627F-418A-82B2-F1323608B74B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1041D583-07DE-4A9D-BB3F-1700617C25D2}] => (Allow) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\LeapfrogConnect.exe
FirewallRules: [{351F9D3C-DE94-4DB0-B112-4836B1596387}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B777EED8-BB38-4698-87D7-C65DD00A1148}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CC940FA0-6965-4EE1-8A95-C4FC5F529021}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{615D7195-D0B9-4C7E-A6A3-59D06DA17E00}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
12-09-2016 18:07:42 Scheduled Checkpoint
17-09-2016 16:48:49 Installed Macrium Reflect Free Edition
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/17/2016 07:11:26 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL Perf_iCrcPerfMonMgr. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/17/2016 05:54:05 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2016 05:42:35 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2016 05:36:06 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe".Error in manifest or policy file "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" on line 8.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (09/17/2016 05:33:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: PwmSvc.exe, version: 3.7.0.1100, time stamp: 0x57c7ca65
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0xad8
Faulting application start time: 0x01d210f80b54e3d2
Faulting application path: C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: 3757b83a-b98b-4a87-ae9a-07bc2bc9527b
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/17/2016 04:48:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (09/12/2016 06:07:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (09/06/2016 08:48:23 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL Perf_iCrcPerfMonMgr. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/05/2016 07:50:54 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL Perf_iCrcPerfMonMgr. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
Error: (09/04/2016 03:34:11 PM) (Source: Perflib) (EventID: 1023) (User: )
Description: Windows cannot load the extensible counter DLL Perf_iCrcPerfMonMgr. The first four bytes (DWORD) of the Data section contains the Windows error code.
 
 
System errors:
=============
Error: (09/19/2016 09:15:38 AM) (Source: iaStorAV) (EventID: 4102) (User: )
Description: Error log: Smart event occured on disk :9VP1YDNV
 
Error: (09/18/2016 02:29:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_267d36 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/18/2016 02:29:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_267d36 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/18/2016 02:29:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_267d36 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/18/2016 02:29:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_267d36 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (09/18/2016 01:44:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Trend Micro Solution Platform service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (09/18/2016 01:38:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/18/2016 01:38:03 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/18/2016 01:38:01 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/18/2016 01:37:58 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
CodeIntegrity:
===================================
  Date: 2016-09-18 14:19:01.922
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 14:19:01.894
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 14:19:01.860
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 12:32:27.874
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 12:04:47.196
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 12:04:47.168
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 12:04:47.125
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 11:49:16.791
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 11:49:16.734
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-09-18 11:49:16.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Quad CPU Q8300 @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 8157.14 MB
Available physical RAM: 5733.73 MB
Total Virtual: 16349.14 MB
Available Virtual: 13568.64 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:341.45 GB) (Free:227.32 GB) NTFS
Drive d: (DATA) (Fixed) (Total:342.09 GB) (Free:144.79 GB) NTFS
Drive l: (Media) (Fixed) (Total:1863.01 GB) (Free:416.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 6B1771F5)
Partition 1: (Not Active) - (Size=15 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=341.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=342.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 477A40FF)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 


#4 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 19 September 2016 - 05:21 AM

Good Mornning

 

Sometimes when you have problems like your having its not always malware to blame, there are a few things to fix on your FRST log but not looking at anything earth shattering malwarewise.

 

Name: Microsoft PS/2 Mouse
Are you having issues with your mouse ?
 
 
Description: The device, \Device\Harddisk0\DR0, has a bad block.
I am not saying your hard drive is going bad but its a possibility as your FRST log is showing it has a bad block
 
 
Where going to run a couple of programs and if no malware turns up than your issue maybe related to hardware and if so you can post on our windows forum for help , they have tools you can run to check the health of your hard drive, but lets run some programs first and see what turns up
 
 

Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist.txt , Save it to your desktop where you have FRST/FRST64 or the fix wont work. Right Click on FRST/FRST64 and select RUN AS ADMINISTRATOR Then click on >FIX< (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
 
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1954145345-3184534799-3782876019-1003\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Task: {0A14B66E-7182-4665-98CC-C496970575E0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {149D8C88-1D3F-4463-84C5-4AF3BB9AD6E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {273CA0DF-1EF2-4C86-A1AA-BD0D2210C2FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4C2B042A-58B2-47BA-8D02-5D5C0FA14E2A} - \Titanium BTC -> No File <==== ATTENTION
Task: {57F621B7-84BE-4782-BD5C-2FC16048E7E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5F8A7A07-33F4-4F04-8732-D8141B164F5C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7D15C3C5-1C2D-4041-8FE6-0B571F13BC8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8158EB11-89DD-4402-84A1-12CC76A28CDA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B32A0E1F-B454-4F8E-A7E6-BD8A68DCBD1A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD9756D6-209F-4C09-A282-54EF4608465A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD43D464-CA8C-4B46-B5C5-EF8028F866A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EC211D06-BFF8-48F9-ABE8-56C056221CD0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
 
 
 
You have Malwarebytes installed, after you run the FRST Fix and post the log, open up Malwarebytes and check for updates and run the THREAT scan, you can set up this way
 

 
MBAM221%201043_zpsdtasp5xe.jpg
 
  •  
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Treat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes
 
 
 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#5 leeg100

leeg100

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 19 September 2016 - 09:33 AM

Hello,

I fully accept it may well be a failing hard drive, just thought I should double check everything before buying a new one :)

 

FIXLOG below:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 18-09-2016
Ran by Lee (19-09-2016 14:26:11) Run:1
Running from C:\Users\Lee\Desktop
Loaded Profiles: Lee (Available Profiles: Lee & Shons & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
GroupPolicyUsers\S-1-5-21-1954145345-3184534799-3782876019-1003\User: Restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKU\S-1-5-21-1954145345-3184534799-3782876019-1001 -> No Name - {71576546-354D-41C9-AAE8-31F2EC22BF0D} -  No File
Task: {0A14B66E-7182-4665-98CC-C496970575E0} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {149D8C88-1D3F-4463-84C5-4AF3BB9AD6E6} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {273CA0DF-1EF2-4C86-A1AA-BD0D2210C2FB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {4C2B042A-58B2-47BA-8D02-5D5C0FA14E2A} - \Titanium BTC -> No File <==== ATTENTION
Task: {57F621B7-84BE-4782-BD5C-2FC16048E7E4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5F8A7A07-33F4-4F04-8732-D8141B164F5C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7D15C3C5-1C2D-4041-8FE6-0B571F13BC8B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {8158EB11-89DD-4402-84A1-12CC76A28CDA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B32A0E1F-B454-4F8E-A7E6-BD8A68DCBD1A} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CD9756D6-209F-4C09-A282-54EF4608465A} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD43D464-CA8C-4B46-B5C5-EF8028F866A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EC211D06-BFF8-48F9-ABE8-56C056221CD0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
CMD: ipconfig /flushdns
Hosts:
EmptyTemp:
End
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\LogonHoursAction => value removed successfully
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DontDisplayLogonHoursWarnings => value removed successfully
C:\WINDOWS\system32\GroupPolicyUsers\S-1-5-21-1954145345-3184534799-3782876019-1003\User => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value removed successfully
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => key not found. 
HKU\S-1-5-21-1954145345-3184534799-3782876019-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => value removed successfully
HKCR\CLSID\{71576546-354D-41C9-AAE8-31F2EC22BF0D} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0A14B66E-7182-4665-98CC-C496970575E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0A14B66E-7182-4665-98CC-C496970575E0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{149D8C88-1D3F-4463-84C5-4AF3BB9AD6E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{149D8C88-1D3F-4463-84C5-4AF3BB9AD6E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{273CA0DF-1EF2-4C86-A1AA-BD0D2210C2FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{273CA0DF-1EF2-4C86-A1AA-BD0D2210C2FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4C2B042A-58B2-47BA-8D02-5D5C0FA14E2A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4C2B042A-58B2-47BA-8D02-5D5C0FA14E2A}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Titanium BTC => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{57F621B7-84BE-4782-BD5C-2FC16048E7E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{57F621B7-84BE-4782-BD5C-2FC16048E7E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F8A7A07-33F4-4F04-8732-D8141B164F5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F8A7A07-33F4-4F04-8732-D8141B164F5C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D15C3C5-1C2D-4041-8FE6-0B571F13BC8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D15C3C5-1C2D-4041-8FE6-0B571F13BC8B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8158EB11-89DD-4402-84A1-12CC76A28CDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8158EB11-89DD-4402-84A1-12CC76A28CDA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B32A0E1F-B454-4F8E-A7E6-BD8A68DCBD1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B32A0E1F-B454-4F8E-A7E6-BD8A68DCBD1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CD9756D6-209F-4C09-A282-54EF4608465A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CD9756D6-209F-4C09-A282-54EF4608465A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD43D464-CA8C-4B46-B5C5-EF8028F866A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD43D464-CA8C-4B46-B5C5-EF8028F866A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EC211D06-BFF8-48F9-ABE8-56C056221CD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC211D06-BFF8-48F9-ABE8-56C056221CD0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 155879479 B
Java, Flash, Steam htmlcache => 549 B
Windows/system/drivers => 88061256 B
Edge => 42064670 B
Chrome => 26959029 B
Firefox => 379075224 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 22826 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 110644 B
NetworkService => 50296 B
Lee => 345969575 B
Shons => 1849383 B
DefaultAppPool => 22826 B
 
RecycleBin => 0 B
EmptyTemp: => 991.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 14:28:01 ====


#6 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 19 September 2016 - 10:21 AM

Lets see what Malwarebytes finds if anything 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#7 leeg100

leeg100

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 19 September 2016 - 12:32 PM

Hello,

It's looking like a disk failure I think...

 

Malwarebytes log below...

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 19-Sep-16
Scan Time: 7:16 PM
Logfile: Malwarebytes log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.09.19.07
Rootkit Database: v2016.08.15.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Lee
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 413340
Time Elapsed: 11 min, 44 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#8 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 19 September 2016 - 12:49 PM

If you can lets do a free online virus scan

 

 

3330203e-7304-4336-aa0a-eb3d8b6e3b35_zps
 
  •  
  • Please be patient, depending on your system the scan can complete in 30 minutes and on others much longer.
  • You want the Online One-Time Scan
  • Note: It will run using Internet Explorer, Firefox or Chome.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is NOT TICKED, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic
 


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#9 leeg100

leeg100

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 20 September 2016 - 07:19 AM

Hello,
The link to eset doesn't work for me but I navigated to their page and installed their virus scanner. The problem is, I've tried 5 times and my machine reboots itself before it has time to finish the scan, although the scan does show 1 potential issue. Is there another scaner or do I accept this as a hardware failure?
 
Thanks
 
Lee


#10 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 20 September 2016 - 07:55 AM

Hello Lee, you can give this a read 

 

http://smallbusiness...ling-75578.html

 

 

 

 

You can try this one by Trendmicro and if it fails to run before your system shuts down we can try another malware scanner that wont take as long. Actually if you can run both programs if you can

 

 

 
Running TrendMicro HouseCall:
  •  
  • Click Download HouseCall to begin. Please note that HouseCall requires a small download before it can scan your computer.
  • Download it to your desktop
  • Double click HousecallLauncher.exe
  • Select the Full Scan option.
  • Let the scan run then post the results to this thread.
 
 
 
 

RK2_zps0modv4gs.jpg
Download RogueKiller from Here or Here To your DESKTOP
  •  
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Windows Vista,  Windows 7, 8 or 10  right-click on RogueKiller and select "Run as  Administrator" to start the program.
  • For Windows XP, double-click on RogueKiller to start the program.
  • If the program has been blocked by malware, try to rename it to winlogon.exe, or change its file extension with .com (ex: Roguekiller.com)
  • If a message pops up telling you your running the 32 bit version just click on "Run Anyway"
  • The free version will not allow you to change any setting so just leave it all be.
  • The scan is triggered with the Start Scan button. The scan does not modify your system. 
  • Wait until the Status box shows "Scan Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller
 

 



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#11 leeg100

leeg100

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 21 September 2016 - 07:24 AM

Hello,
I managed to do the Trend Micro house call scan and this came back with no threats found.
 
I've tried running RougeKiller and so far my machine hasn't stay on long enough for the scan to finish, although it was disply 5 threats found.
 
I will keep trying but I do have slow boot up time and some cvlickign coming from the hard disk so I am thinking more and more it's a hard disk failure
 
Thanks
 
Lee


#12 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 21 September 2016 - 08:09 AM

If you can run Roguekiller that woudl be great but if you cant lets not worry about it.
 
 
Post in our Hardware Forum, describe  your symptoms in as much detail as you can. Link them to the Malware removal thread so they can see what we have done and tell them at this point we dont believe the issue is malware related. It would help them out  greatly if you can include the make/model of your computer.
 
 
 
https://forums.whatt...opic=130875&hl=   <---Your thread we are working on
 
 
 
 
Copy and paste this in and tell them that it was on your FRST64 Additions log
 
Error: (09/18/2016 01:38:13 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/18/2016 01:38:03 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/18/2016 01:38:01 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
Error: (09/18/2016 01:37:58 PM) (Source: disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk0\DR0, has a bad block.
 
 
 
After you post I will follow along and offer any info as needed
 
 
Good Luck
 
Ken :)


 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#13 leeg100

leeg100

    Authentic Member

  • Authentic Member
  • PipPip
  • 23 posts

Posted 22 September 2016 - 06:36 AM

Thanks for your help on this, the hard disk is now completely dead, won't boot up at all so I've simply bought a new disk.

Sorry if I've wasted your time but I wanted to be sure it wasn't malware.
Have created a flash disk so will build my new disk :)
 
Feel free to close this off
 
Thanks
 
Lee


#14 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 September 2016 - 07:22 AM

Good Mornong Lee,

 

Helping you was no problem, its what we do on this great forum.   Well, now you know what the problem was and it looks like your taking steps to correct it.  If you need help installng the new disk post in our hardware forum, they would be glad to help you

 

 

Take care my friend

 

Ken :)



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

#15 ken545

ken545

    Forum God

  • Retired Classroom Teacher
  • 23,225 posts
  • Interests:Fighting Malware and cooking some great Italian and TexMex food
  • MVP

Posted 22 September 2016 - 01:43 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.



 
 
The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.
donate.gif
 
Find us on Facebook
Please LIKE and SHARE
 
 
Just a reminder that threads will be closed if no reply in 3 days.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users