Hello again, Adam... Here are the two logs as requested. Thank you. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Home PC (administrator) on HOMEPC-PC (06-03-2016 01:26:10) Running from C:\Users\Home PC\Desktop Loaded Profiles: Home PC (Available Profiles: Home PC) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe () C:\Windows\system\HsMgr64.exe () C:\Windows\SysWOW64\HsMgr.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation) HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177600 2015-11-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-11-05] (NVIDIA Corporation) Startup: C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf [2013-05-06] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{8BA7393E-0780-4B97-9FDB-4BF899432702}: [DhcpNameServer] 194.168.4.100 194.168.8.100 Internet Explorer: ================== FireFox: ======== FF ProfilePath: C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\4oejxg99.default-1438663082380 FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.co.uk/ CHR StartupUrls: Default -> "hxxps://uk-mg42.mail.yahoo.com/neo/launch?.rand=ao9g3o57thql8","hxxp://ukradioplayer.radiocity.co.uk/","hxxp://productforums.google.com/forum/#!forum/chrome","hxxp://productforums.google.com/forum/#!category-topic/chrome/report-a-problem-and-get-troubleshooting-help/FTVGkp78ck4","hxxp://productforums.google.com/forum/#!forum/chrome/categories","hxxp://productforums.google.com/forum/#!categories/chrome/windows","hxxp://productforums.google.com/forum/#!category-topic/chrome/windows/r5pfBfBbN5U","hxxps://www.google.co.uk/" CHR Profile: C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Gmail) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-04] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc) S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair) S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-30] (Intel Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET) S3 etocdrv; C:\Windows\system32\etocdrv.sys [14928 2013-04-16] (Giga-Byte Technology CO., LTD.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-06 01:26 - 2016-03-06 01:26 - 00009541 _____ C:\Users\Home PC\Desktop\FRST.txt 2016-03-06 01:24 - 2016-03-06 01:24 - 02374144 _____ (Farbar) C:\Users\Home PC\Desktop\FRST64.exe 2016-03-05 12:47 - 2016-03-06 01:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-05 12:47 - 2016-03-05 12:47 - 00001106 _____ C:\Users\Home PC\Malwarebytes Anti-Malware.lnk 2016-03-05 12:47 - 2016-03-05 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-03-05 12:47 - 2016-03-05 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-03-05 12:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-05 12:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-05 12:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-02-27 18:07 - 2016-02-27 18:07 - 00000000 ____D C:\Users\Home PC\Desktop\LIFE 2016-02-26 00:45 - 2016-02-28 15:07 - 00000000 ____D C:\Users\Home PC\Desktop\Breadsall Priory - Derby - 25.02.2016 2016-02-22 23:10 - 2016-02-22 23:11 - 00000000 ____D C:\Users\Home PC\Desktop\Moon Feb 22nd 2016-02-19 17:52 - 2016-02-28 14:20 - 00000000 ____D C:\Users\Home PC\Desktop\ART 2016-02-14 17:00 - 2016-02-14 17:00 - 01377706 _____ C:\Users\Home PC\Downloads\IMG_0095.mp4 2016-02-13 01:13 - 2016-03-06 00:59 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-02-13 01:13 - 2016-02-13 01:13 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-13 01:13 - 2016-02-13 01:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-13 01:13 - 2016-02-13 01:13 - 00003892 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-02-12 22:16 - 2016-02-12 22:16 - 00331176 _____ C:\Windows\Minidump\021216-4586-01.dmp 2016-02-12 04:55 - 2016-02-12 04:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-11 15:48 - 2016-02-06 10:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-02-11 15:48 - 2016-02-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-02-11 15:48 - 2016-02-06 10:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-02-11 15:48 - 2016-02-06 10:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-02-11 15:48 - 2016-02-06 10:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-02-11 15:48 - 2016-02-06 10:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-02-11 15:48 - 2016-02-06 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-02-11 15:48 - 2016-02-06 09:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-02-11 15:48 - 2016-02-06 09:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-02-11 15:48 - 2016-02-06 09:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-02-11 15:48 - 2016-02-06 09:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-02-11 15:48 - 2016-02-06 09:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-02-11 15:48 - 2016-02-06 09:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-02-11 15:48 - 2016-02-06 08:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-02-11 15:48 - 2016-01-22 20:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-02-11 15:48 - 2016-01-22 20:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-02-11 15:48 - 2016-01-22 06:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-02-11 15:48 - 2016-01-22 06:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-02-11 15:48 - 2016-01-22 06:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-02-11 15:48 - 2016-01-22 06:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-02-11 15:48 - 2016-01-22 06:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-02-11 15:48 - 2016-01-22 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-02-11 15:48 - 2016-01-22 06:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-02-11 15:48 - 2016-01-22 06:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-02-11 15:48 - 2016-01-22 06:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-02-11 15:48 - 2016-01-22 06:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-02-11 15:48 - 2016-01-22 06:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-02-11 15:48 - 2016-01-22 06:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-02-11 15:48 - 2016-01-22 06:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-02-11 15:48 - 2016-01-22 06:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-02-11 15:48 - 2016-01-22 06:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-02-11 15:48 - 2016-01-22 06:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-02-11 15:48 - 2016-01-22 06:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-02-11 15:48 - 2016-01-22 06:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-02-11 15:48 - 2016-01-22 06:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-02-11 15:48 - 2016-01-22 06:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-02-11 15:48 - 2016-01-22 06:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-02-11 15:48 - 2016-01-22 06:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-02-11 15:48 - 2016-01-22 06:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-02-11 15:48 - 2016-01-22 06:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-02-11 15:48 - 2016-01-22 06:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-02-11 15:48 - 2016-01-22 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-02-11 15:48 - 2016-01-22 06:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-02-11 15:48 - 2016-01-22 06:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-02-11 15:48 - 2016-01-22 06:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-02-11 15:48 - 2016-01-22 06:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-02-11 15:48 - 2016-01-22 06:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-02-11 15:48 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-02-11 15:48 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-02-11 15:48 - 2016-01-22 06:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-02-11 15:48 - 2016-01-22 06:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-02-11 15:48 - 2016-01-22 06:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-02-11 15:48 - 2016-01-22 06:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-02-11 15:48 - 2016-01-22 06:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-02-11 15:48 - 2016-01-22 06:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-02-11 15:48 - 2016-01-22 06:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2016-02-11 15:48 - 2016-01-22 06:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-02-11 15:48 - 2016-01-22 06:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-02-11 15:48 - 2016-01-22 06:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-02-11 15:48 - 2016-01-22 06:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-02-11 15:48 - 2016-01-22 06:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-02-11 15:48 - 2016-01-22 06:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-02-11 15:48 - 2016-01-22 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-02-11 15:48 - 2016-01-22 05:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-02-11 15:48 - 2016-01-22 05:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-02-11 15:48 - 2016-01-22 05:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-02-11 15:48 - 2016-01-22 05:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-02-11 15:48 - 2016-01-22 05:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-02-11 15:48 - 2016-01-22 05:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-02-11 15:48 - 2016-01-22 05:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-02-11 15:48 - 2016-01-22 05:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-02-11 15:48 - 2016-01-22 05:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-02-11 15:48 - 2016-01-22 05:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-02-11 15:48 - 2016-01-22 05:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-02-11 15:48 - 2016-01-22 05:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-02-11 15:48 - 2016-01-22 05:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-02-11 15:48 - 2016-01-22 05:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-02-11 15:48 - 2016-01-22 05:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-02-11 15:48 - 2016-01-22 05:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-02-11 15:48 - 2016-01-22 05:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-02-11 15:48 - 2016-01-22 05:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-02-11 15:48 - 2016-01-22 05:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-02-11 15:48 - 2016-01-22 05:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-02-11 15:48 - 2016-01-22 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-02-11 15:48 - 2016-01-22 05:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-02-11 15:48 - 2016-01-22 05:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-02-11 15:48 - 2016-01-22 05:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-02-11 15:48 - 2016-01-22 05:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-02-11 15:48 - 2016-01-22 05:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-02-11 15:48 - 2016-01-22 05:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-02-11 15:48 - 2016-01-22 04:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-02-11 15:48 - 2016-01-22 04:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-02-11 15:48 - 2016-01-22 04:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-02-11 15:48 - 2016-01-22 04:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-02-11 15:48 - 2016-01-22 04:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-02-11 15:48 - 2016-01-22 04:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-02-11 15:48 - 2016-01-22 04:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-02-11 15:48 - 2016-01-22 04:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-02-11 15:48 - 2016-01-22 04:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-02-11 15:48 - 2016-01-22 04:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-02-11 15:48 - 2016-01-16 19:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-02-11 15:48 - 2016-01-16 18:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-02-11 15:48 - 2016-01-07 17:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-02-09 23:55 - 2016-02-09 23:56 - 00000000 ____D C:\Users\Home PC\Desktop\Lucifer ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-06 01:26 - 2015-12-22 17:46 - 00000000 ____D C:\FRST 2016-03-06 01:25 - 2009-07-14 04:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-06 01:25 - 2009-07-14 04:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-06 01:24 - 2009-07-14 05:13 - 00789610 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-06 01:24 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf 2016-03-06 01:18 - 2015-02-03 13:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376.job 2016-03-06 01:18 - 2014-10-29 23:45 - 00003028 _____ C:\Windows\System32\Tasks\EVGAPrecision 2016-03-06 01:18 - 2014-07-14 16:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26.job 2016-03-06 01:18 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-06 01:00 - 2014-10-18 10:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48.job 2016-03-06 00:53 - 2014-07-14 16:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99.job 2016-03-06 00:27 - 2015-02-03 13:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727.job 2016-03-05 17:25 - 2013-08-11 22:24 - 00000000 ____D C:\Users\Home PC\PICS 2016-03-05 14:54 - 2013-06-30 21:58 - 00000000 ____D C:\Users\Home PC\AppData\Roaming\foobar2000 2016-03-05 12:47 - 2013-07-05 16:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-05 12:47 - 2013-06-29 14:00 - 00000000 ____D C:\Users\Home PC 2016-03-02 15:53 - 2014-08-02 21:37 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1407015471 2016-03-02 15:53 - 2014-03-12 04:28 - 00000000 ____D C:\Program Files (x86)\Opera 2016-02-29 16:30 - 2015-05-04 03:24 - 00000000 ____D C:\Users\Home PC\AppData\Local\FirestormOS_x64 2016-02-29 03:57 - 2013-09-06 02:22 - 00347648 ___SH C:\Users\Home PC\Thumbs.db 2016-02-24 01:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF 2016-02-23 14:17 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-02-23 05:33 - 2014-05-25 13:07 - 00000000 ____D C:\Users\Home PC\AppData\Roaming\Skype 2016-02-23 04:46 - 2013-07-25 11:55 - 00000000 ____D C:\ProgramData\Skype 2016-02-21 23:41 - 2013-06-29 17:28 - 00000000 ____D C:\Users\Home PC\AppData\Local\ElevatedDiagnostics 2016-02-19 21:55 - 2013-06-29 17:50 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-19 21:55 - 2013-06-29 17:50 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-16 03:02 - 2015-09-20 12:51 - 00000000 ____D C:\Users\Home PC\Desktop\FACEBOOK PICS 2016-02-14 01:58 - 2014-01-27 17:39 - 00000193 _____ C:\Windows\WORDPAD.INI 2016-02-13 01:13 - 2014-10-18 22:18 - 00000000 ____D C:\Users\Home PC\AppData\Local\Adobe 2016-02-12 22:16 - 2015-01-05 13:41 - 544633137 _____ C:\Windows\MEMORY.DMP 2016-02-12 22:16 - 2013-06-29 19:53 - 00000000 ____D C:\Windows\Minidump 2016-02-12 14:11 - 2015-01-19 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-11 23:27 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache 2016-02-11 15:50 - 2013-06-30 17:10 - 00773592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-02-10 23:11 - 2015-11-08 23:20 - 00000000 ____D C:\Users\Home PC\Desktop\Desktop 4 ==================== Files in the root of some directories ======= 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 _____ () C:\Users\Home PC\AppData\Roaming\Smooth Strings 2013-07-17 16:48 - 2014-10-23 13:22 - 2128896 _____ () C:\Users\Home PC\AppData\Local\file__0.localstorage 2014-02-19 23:06 - 2014-08-18 22:55 - 0007597 _____ () C:\Users\Home PC\AppData\Local\Resmon.ResmonCfg 2014-11-29 01:14 - 2014-11-29 01:14 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{023F0BEF-D95F-4298-91A8-B169D8ED8EE0} 2014-09-24 01:41 - 2014-09-24 01:41 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{42E511C8-C4C3-42D5-87F6-92E2CB9B2351} 2014-09-01 11:19 - 2014-09-01 11:19 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{707D25D3-07BE-4D63-81D2-938D5629261C} 2014-10-12 23:55 - 2014-10-12 23:55 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{984BE194-3B5F-4125-8490-50790C07C753} 2015-03-22 22:38 - 2015-03-22 22:38 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{E7E98533-B635-4979-A907-0E55F0727869} 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT 2014-06-17 11:49 - 2014-06-17 11:49 - 0000000 _____ () C:\ProgramData\Robot ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-28 15:31 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Home PC (2016-03-06 01:26:21) Running from C:\Users\Home PC\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2013-06-29 14:00:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3075667534-3083555577-3039242665-500 - Administrator - Disabled) Guest (S-1-5-21-3075667534-3083555577-3039242665-501 - Limited - Disabled) Home PC (S-1-5-21-3075667534-3083555577-3039242665-1000 - Administrator - Enabled) => C:\Users\Home PC HomeGroupUser$ (S-1-5-21-3075667534-3083555577-3039242665-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS B13.0402.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 1.00.0000 - GIGABYTE) @BIOS B13.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.) App Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.00.0000 - Gigabyte) App Center B13.0408.1 (x32 Version: 1.00.0000 - Gigabyte) Hidden ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - ) Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) EasyTune B13.0525.1 (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0000 - GIGABYTE) EasyTune B13.0525.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Smart Security (HKLM\...\{92172C3C-7BCF-4DA3-8263-6617B13E897F}) (Version: 8.0.319.0 - ESET, spol s r. o.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation) Firestorm SecondLife and OpenSim viewer (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) Hidden Firestorm-Releasex64 x64 (HKLM-x32\...\{63667a72-ee55-4dac-b231-18e6773104d8}) (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) foobar2000 v1.2.8 (HKLM-x32\...\foobar2000) (Version: 1.2.8 - Peter Pawlowski) Fraps (HKLM-x32\...\Fraps) (Version: - ) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA) Opera Stable 35.0.2066.92 (HKLM-x32\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com) Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {171075D6-4341-4BE7-99AE-2B6E7C439FA4} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION Task: {1A866B31-D090-4B3F-B8EB-F2CCD718E638} - System32\Tasks\Opera scheduled Autoupdate 1407015471 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software) Task: {2060AB9F-8B18-4189-A56C-42A8A6D369AF} - \Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC -> No File <==== ATTENTION Task: {321C7F32-1B53-41C6-8D77-87175DF1BEC6} - System32\Tasks\{BC0B55BE-35C3-4D24-B2F5-6567289B287C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603 Task: {39374CCC-4687-49DF-8B0C-648AACD58281} - System32\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {39BBF7A0-9BF7-4691-A375-18392228235C} - System32\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6382E16F-55CD-4B23-9ECB-D96E21C8FAB2} - System32\Tasks\{3B7AA0CE-02CD-4616-98E9-6AE0A7EFF104} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {8465A3DD-B283-4D04-9117-C237BE87EFF0} - System32\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {87081DA2-1694-4B8D-9261-D92E5215E014} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-05-23] () Task: {8C21E72C-CBB4-4F70-B1BC-CC2E73AA0ECA} - System32\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9CF98260-6765-4D90-B9FA-807B54BF26B5} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION Task: {A4E083B9-E74A-45B9-AA1A-01FC9DB26144} - System32\Tasks\{6DA77A91-B241-4BAB-8899-B2C7415BB32B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {A5606071-A57C-4200-BFCE-5DF090BA90B6} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {A68C3CFC-E8E1-496F-9CCC-BFF722DC641F} - System32\Tasks\{F14B39BB-8DB1-4B94-9CC4-68BAC51884B2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {A69443CC-3D00-4749-9E9B-3669C968AA71} - \Opera scheduled Autoupdate 1394598523 -> No File <==== ATTENTION Task: {B60F1725-2855-48A8-90B9-A5478E0399AB} - System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => pcalua.exe -a "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2\Installer.exe" -d "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2" Task: {BC5C1F0B-E52D-4985-8E0A-114176CF4BC4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-13] (Adobe Systems Incorporated) Task: {BE59C5A7-7140-4E6D-9664-F261A24D8E78} - System32\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {BF503DDC-2C68-47CF-A12E-8F08ACBF3A90} - System32\Tasks\{1F0185AB-DC95-4957-8F19-3F64C9A051B7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {C1DC99C9-527C-4BBD-BD96-7C9FD5B340D3} - System32\Tasks\{84DC47B7-E647-4428-971F-BB08D6F4C478} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {C8BC61F2-4401-43EB-83FD-FC2706582018} - System32\Tasks\{F0FDDFCB-D2E3-4F24-9754-6681C4D1E3A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {CBAEEFFD-1DB0-4783-BA5B-F2F3C2AB4426} - System32\Tasks\{AB5E754E-22BF-45CE-86AC-6D2F63DDE0A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603 Task: {CF1AD925-D639-46A0-BD62-51292F064657} - System32\Tasks\{309C21B9-7470-46AA-8870-E84D82757F89} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {DC1F59A6-9C0E-48CD-B7D6-A63918709666} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION Task: {E4D655AA-7416-4347-A606-AA8D3DADD2A9} - System32\Tasks\{2B85B304-E4E7-4C4E-9DA9-1084207260FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {ECFDA69E-9C87-471B-9C42-DA8FD5A8CA6E} - System32\Tasks\{73EA96F4-A64E-4DD2-A33B-CA14A8D76C29} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {F959599F-F49E-4C36-B5ED-007ADE2374F9} - System32\Tasks\{81185AF3-2A8D-4E1E-9049-3B8FB57BBC22} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.60.105/en/abandoninstall?page=tsBing (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf275de3358540.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf275de360b491.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-11-11 14:19 - 2015-11-05 15:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-29 15:32 - 2008-07-11 14:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe 2013-06-29 15:32 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe 2013-07-04 02:40 - 2013-07-04 02:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-06-29 15:32 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll 2016-03-02 15:53 - 2016-03-02 15:53 - 62332456 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\opera.dll 2016-03-02 15:53 - 2016-03-02 15:53 - 02074664 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\libglesv2.dll 2016-03-02 15:53 - 2016-03-02 15:53 - 00081960 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\libegl.dll 2016-02-13 01:13 - 2016-02-13 01:13 - 16804032 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_20_0_0_306.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2014-02-21 20:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 194.168.4.100 - 194.168.8.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{01D6E323-A0AD-4E5D-9B59-21FF40EFFC0B}] => (Allow) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{3757B8A5-FD63-418E-B9C4-0603CFC8C12C}] => (Allow) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{A4CDCE5C-D3AA-4887-A484-D986F73DB605}] => (Allow) LPort=1542 FirewallRules: [{781EF7B5-D07C-49A7-8D9D-E4924E30F5AA}] => (Allow) LPort=1542 FirewallRules: [{70E11A54-C097-465D-9A14-55F9E1A8BA76}] => (Allow) LPort=53 FirewallRules: [{1FA14AFD-33ED-4621-83B6-CA147C7AFD41}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{F85307A8-B9E7-44B1-83E9-528493623279}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{92259821-E7A7-422C-AA9F-92977D1D67BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{63AC1E01-7A50-429D-864E-67883646FDE4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [uDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [{B629D784-D2A6-4956-9C07-BE915E9755C0}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [{C04977E2-4B9C-4E4B-9371-4852F08ECCD5}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [TCP Query User{1CD3A831-62CA-49F6-A64A-775E32212495}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe FirewallRules: [uDP Query User{3EBCEBCB-5268-4D8D-80FE-6A59E4789D81}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe FirewallRules: [{210F35D0-0DF7-4E00-A786-9CC852D636C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{515C97EF-ACCF-4C22-B8FE-52E131DBC1EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F7D9F6DE-7259-47C2-8ED8-E174D7651084}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\grid 2\grid2.exe FirewallRules: [{CF8C9855-ECB9-4FDE-94A4-5B693C6D098A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\grid 2\grid2.exe FirewallRules: [{FB90A093-4103-485B-88A8-F4B557B1738E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{3A51C45E-59D1-45EC-9566-4FAE9B21B6F1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{9CEB4346-C891-482F-8CFF-25779B6D9B92}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{79399ED9-F7AF-4940-BDE1-6BBB9FB6E460}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{CADAD30C-CD0B-4C8C-8C35-1046FA2BA995}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D60F7085-C91F-401E-8EE4-8E69DA932D6C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{2E006C80-6F50-479E-BF1D-9BBC86513D2A}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{442C6B45-D4AE-46E9-B9EF-87C8A0588E52}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{1B688A13-1C00-47BC-93BD-E98728CE98A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BFE22812-71D4-4352-BDA6-3C03B1B079E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{079FAA25-5316-4090-8A3B-05F7C0406170}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0A168D64-7148-415B-A4AD-D6F520D38C6B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6912F114-C145-4ADB-ABF1-67DC3E39904F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2FCC5108-324B-4F11-849F-944D61B864B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6822EF63-1ABB-4208-BF9A-AB2137149F13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BCE20A65-5DD1-4128-B8B1-862F855D831C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3BA5101F-992A-4586-9521-401CFA4FCAB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B5C5B09B-B566-48FE-85A5-B2C0A0EE0497}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{C7FAFC72-ED21-43C8-912B-75A38D3C4086}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{7C02DD14-83D8-4B3B-BA23-126CE7A2898F}] => (Allow) F:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{12476416-3601-4346-91D7-D3F26A4EA8AF}] => (Allow) F:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{D04FAE7A-66A3-458B-BA07-D59A4DC001B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-02-2016 12:38:42 NEW01 29-02-2016 12:22:08 NEW01 ==================== Faulty Device Manager Devices ============= Name: Standard VGA Graphics Adapter Description: Standard VGA Graphics Adapter Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard display types) Service: vga Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/23/2015 02:01:13 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {b7623c8d-0b76-4f11-85ea-5ec9054a69fb} System errors: ============= Error: (03/05/2016 10:47:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 10:47:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 04:03:53 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}. The backup browser is stopping. Error: (03/04/2016 11:50:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control. Error: (03/04/2016 02:54:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/04/2016 02:54:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/03/2016 02:40:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/03/2016 02:40:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/03/2016 03:40:57 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}. The backup browser is stopping. Error: (03/02/2016 04:01:02 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer TOMMY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}. The master browser is stopping or an election is being forced. CodeIntegrity: =================================== Date: 2014-08-07 12:51:38.356 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:38.319 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:37.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:37.575 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:33.034 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:32.999 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:43.256 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:43.218 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:40.620 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:40.582 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5-4670K CPU @ 3.40GHz Percentage of memory in use: 24% Total physical RAM: 8079.79 MB Available physical RAM: 6079.02 MB Total Virtual: 16157.78 MB Available Virtual: 14055.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:112.04 GB) NTFS Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:462.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 4075D2F5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================