Jump to content

Swizz006

Honorary Members
 View Profile  See their activity

  • Posts

    73

  • Joined

  • Last visited

 Content Type 

Everything posted by Swizz006

  1. Swizz006
    Thank you kindly for advising me throughout instruction. I clicked on Threat Scan to scan but this time around and strangly enough it didn't pick up the alleged infection, which was UpdateStar Drivers. like it wasn't there. Very strange.
  2. Swizz006
    Will do, Yoan. Both files have been attached. FRST.txt Addition.txt
  3. Swizz006
    Hello and good afternoon to one and all.. I performed a threat scan no more than 20 minutes ago and it detected a threat My last custom scan was landed on the 11th Sunday, with no sign of infection. Today I pulled up Malwarebytes as usual, as part of my three times a week routine, in which it came back with the following that has been attached. To add the computer is running like a dream with no sign of slowing down Or suspicious activity that I'm aware of. Should I simply delete? By the choosen action Or pass it off as a false positive? Furthermore between the space of Sunday, gone and today. Nothing at all has been downloaded on my system. Thank you for your time. Possible Infection.txt
  4. Swizz006
    That was very informative I never knew that. Thank you, Adam, for everything. *two thumbs up*
  5. Swizz006
    I just noticed that my photos are more the less the same, as well. But it's showing as, jpg. After what desciption I have typed in them
  6. Swizz006
    # DelFix v1.012 - Logfile created 07/03/2016 at 16:41:06 # Updated 04/03/2015 by Xplode # Username : Home PC - HOMEPC-PC # Operating System : Windows 7 Ultimate Service Pack 1 (64 bits) ~ Removing disinfection tools ... Deleted : C:\FRST Deleted : HKLM\SOFTWARE\AdwCleaner Deleted : HKLM\SOFTWARE\Swearware Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe ~ Creating registry backup ... OK ~ Cleaning system restore ... Deleted : RP #638 [NEW01 | 02/29/2016 12:22:08] Deleted : RP #640 [Restore Point Created by FRST | 03/06/2016 17:01:36] Deleted : RP #641 [JRT Pre-Junkware Removal | 03/06/2016 17:11:03] New restore point created ! ~ Resetting system settings ... OK ########## - EOF - ########## Thanks once more, Adam... Just one more thing before this is closed..Since using Delfix. My saved Wordpads and any new ones that I have saved now have .rtf, at the end. Same with Notepad. At the end, there is txt. Is there a way to make them as normal again, like they were originally? Thank you.
  7. Swizz006
    Yes, there is one last thing..If you can provide me with this weeks lottery numbers, that would be great! Ha.. Thank you again, Adam. I greatly appreciate it.
  8. Swizz006
    The attachment of the results.
  9. Swizz006
    Hello, Adam... There was no log when Eset Online Scanner finished. Nothing was found. I attached a photo of the scanner showing the finalizing results. Thanks.
  10. Swizz006
    Will do..Scanning now.
  11. Swizz006
    According to the scans from above, does everything look good to you? Cheers, Adam.
  12. Swizz006
    Thank you, Adam for your time, I appreciate it. Here are the logs that you asked for. Just to add, straight after using Junkware Removal Tool (JRT) My Firefox browser wasn't Responding, and it would hang, once it was loaded up. Should I of closed Firefox prior to using JRT? I received a message stating do I want to start Firefox in Safe Mode. Or would I prefer to Restart Firefox on the spot. After clicking "Restart" I had to reboot, for the reason Firefox would not load up a browser. So, I rebooted again, and once more it was behaving in the exact same manner. I left it for 20 minutes and strangely enough it was working as normal, like nothing had happened. Would that be a normal occurrence after using that particular tool? Thank you. Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Home PC (2016-03-06 17:01:35) Run:2 Running from C:\Users\Home PC\Desktop\FRST64 Loaded Profiles: Home PC (Available Profiles: Home PC) Boot Mode: Normal ============================================== fixlist content: ***************** start CreateRestorePoint: Task: {171075D6-4341-4BE7-99AE-2B6E7C439FA4} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION Task: {2060AB9F-8B18-4189-A56C-42A8A6D369AF} - \Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC -> No File <==== ATTENTION Task: {9CF98260-6765-4D90-B9FA-807B54BF26B5} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION Task: {A69443CC-3D00-4749-9E9B-3669C968AA71} - \Opera scheduled Autoupdate 1394598523 -> No File <==== ATTENTION Task: {B60F1725-2855-48A8-90B9-A5478E0399AB} - System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => pcalua.exe -a "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2\Installer.exe" -d "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2" Task: {DC1F59A6-9C0E-48CD-B7D6-A63918709666} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION FirewallRules: [TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [uDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [{B629D784-D2A6-4956-9C07-BE915E9755C0}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [{C04977E2-4B9C-4E4B-9371-4852F08ECCD5}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe CMD: ipconfig /flushdns EmptyTemp: end ***************** Restore point was successfully created. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{171075D6-4341-4BE7-99AE-2B6E7C439FA4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{171075D6-4341-4BE7-99AE-2B6E7C439FA4}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2060AB9F-8B18-4189-A56C-42A8A6D369AF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2060AB9F-8B18-4189-A56C-42A8A6D369AF}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CF98260-6765-4D90-B9FA-807B54BF26B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CF98260-6765-4D90-B9FA-807B54BF26B5}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A69443CC-3D00-4749-9E9B-3669C968AA71}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A69443CC-3D00-4749-9E9B-3669C968AA71}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1394598523" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B60F1725-2855-48A8-90B9-A5478E0399AB}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B60F1725-2855-48A8-90B9-A5478E0399AB}" => key removed successfully C:\Windows\System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84601787-27B5-4ECF-B984-E192666D06D8}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC1F59A6-9C0E-48CD-B7D6-A63918709666}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC1F59A6-9C0E-48CD-B7D6-A63918709666}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => key removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B629D784-D2A6-4956-9C07-BE915E9755C0} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C04977E2-4B9C-4E4B-9371-4852F08ECCD5} => value removed successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= EmptyTemp: => 1.9 GB temporary data Removed. The system needed a reboot. ==== End of Fixlog 17:01:54 ==== ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.3 (02.09.2016) Operating System: Windows 7 Ultimate x64 Ran by Home PC (Administrator) on 06/03/2016 at 17:11:03.21 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 1 Successfully deleted: C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\user.js (File) user_pref(browser.search.order.1, Secure Search); Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 06/03/2016 at 17:12:06.35 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.100 - Logfile created 06/03/2016 at 18:05:51 # Updated 06/03/2016 by Xplode # Database : 2016-03-06.3 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : Home PC - HOMEPC-PC # Running from : C:\Users\Home PC\Desktop\AdwCleaner.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder Deleted : C:\Device ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D} [#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [-] Key Deleted : HKCU\Software\Yahoo\Companion [-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar [-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion [#] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion [-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-LiViDiTY ***** [ Web browsers ] ***** [-] [C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com [-] [C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : yahoo.com Search [-] [C:\Users\Home PC\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com ************************* :: "Tracing" keys removed :: Winsock settings cleared ************************* C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1830 bytes] - [06/03/2016 18:05:51] C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [1855 bytes] - [06/03/2016 18:00:05] ########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2016 bytes] ##########
  13. Swizz006
    Hello again, Adam... Here are the two logs as requested. Thank you. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01 Ran by Home PC (administrator) on HOMEPC-PC (06-03-2016 01:26:10) Running from C:\Users\Home PC\Desktop Loaded Profiles: Home PC (Available Profiles: Home PC) Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe () C:\Windows\system\HsMgr64.exe () C:\Windows\SysWOW64\HsMgr.exe (ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] () HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] () HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation) HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation) HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation) AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177600 2015-11-05] (NVIDIA Corporation) AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-11-05] (NVIDIA Corporation) Startup: C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf [2013-05-06] () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100 Tcpip\..\Interfaces\{8BA7393E-0780-4B97-9FDB-4BF899432702}: [DhcpNameServer] 194.168.4.100 194.168.8.100 Internet Explorer: ================== FireFox: ======== FF ProfilePath: C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\4oejxg99.default-1438663082380 FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN) Chrome: ======= CHR HomePage: Default -> hxxp://www.google.co.uk/ CHR StartupUrls: Default -> "hxxps://uk-mg42.mail.yahoo.com/neo/launch?.rand=ao9g3o57thql8","hxxp://ukradioplayer.radiocity.co.uk/","hxxp://productforums.google.com/forum/#!forum/chrome","hxxp://productforums.google.com/forum/#!category-topic/chrome/report-a-problem-and-get-troubleshooting-help/FTVGkp78ck4","hxxp://productforums.google.com/forum/#!forum/chrome/categories","hxxp://productforums.google.com/forum/#!categories/chrome/windows","hxxp://productforums.google.com/forum/#!category-topic/chrome/windows/r5pfBfBbN5U","hxxps://www.google.co.uk/" CHR Profile: C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21] CHR Extension: (YouTube) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24] CHR Extension: (Google Search) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27] CHR Extension: (Google Docs Offline) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25] CHR Extension: (Gmail) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET) S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-04] () R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc) S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair) S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair) R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-30] (Intel Corporation) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET) S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation) U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET) R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET) R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET) R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET) R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET) S3 etocdrv; C:\Windows\system32\etocdrv.sys [14928 2013-04-16] (Giga-Byte Technology CO., LTD.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation) R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-06 01:26 - 2016-03-06 01:26 - 00009541 _____ C:\Users\Home PC\Desktop\FRST.txt 2016-03-06 01:24 - 2016-03-06 01:24 - 02374144 _____ (Farbar) C:\Users\Home PC\Desktop\FRST64.exe 2016-03-05 12:47 - 2016-03-06 01:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-03-05 12:47 - 2016-03-05 12:47 - 00001106 _____ C:\Users\Home PC\Malwarebytes Anti-Malware.lnk 2016-03-05 12:47 - 2016-03-05 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-03-05 12:47 - 2016-03-05 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-03-05 12:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys 2016-03-05 12:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2016-03-05 12:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-02-27 18:07 - 2016-02-27 18:07 - 00000000 ____D C:\Users\Home PC\Desktop\LIFE 2016-02-26 00:45 - 2016-02-28 15:07 - 00000000 ____D C:\Users\Home PC\Desktop\Breadsall Priory - Derby - 25.02.2016 2016-02-22 23:10 - 2016-02-22 23:11 - 00000000 ____D C:\Users\Home PC\Desktop\Moon Feb 22nd 2016-02-19 17:52 - 2016-02-28 14:20 - 00000000 ____D C:\Users\Home PC\Desktop\ART 2016-02-14 17:00 - 2016-02-14 17:00 - 01377706 _____ C:\Users\Home PC\Downloads\IMG_0095.mp4 2016-02-13 01:13 - 2016-03-06 00:59 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2016-02-13 01:13 - 2016-02-13 01:13 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-02-13 01:13 - 2016-02-13 01:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-02-13 01:13 - 2016-02-13 01:13 - 00003892 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2016-02-12 22:16 - 2016-02-12 22:16 - 00331176 _____ C:\Windows\Minidump\021216-4586-01.dmp 2016-02-12 04:55 - 2016-02-12 04:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-02-11 15:48 - 2016-02-06 10:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2016-02-11 15:48 - 2016-02-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2016-02-11 15:48 - 2016-02-06 10:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2016-02-11 15:48 - 2016-02-06 10:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2016-02-11 15:48 - 2016-02-06 10:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2016-02-11 15:48 - 2016-02-06 10:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2016-02-11 15:48 - 2016-02-06 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2016-02-11 15:48 - 2016-02-06 09:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2016-02-11 15:48 - 2016-02-06 09:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2016-02-11 15:48 - 2016-02-06 09:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2016-02-11 15:48 - 2016-02-06 09:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2016-02-11 15:48 - 2016-02-06 09:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2016-02-11 15:48 - 2016-02-06 09:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2016-02-11 15:48 - 2016-02-06 08:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2016-02-11 15:48 - 2016-01-22 20:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2016-02-11 15:48 - 2016-01-22 20:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2016-02-11 15:48 - 2016-01-22 06:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2016-02-11 15:48 - 2016-01-22 06:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2016-02-11 15:48 - 2016-01-22 06:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2016-02-11 15:48 - 2016-01-22 06:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2016-02-11 15:48 - 2016-01-22 06:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2016-02-11 15:48 - 2016-01-22 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2016-02-11 15:48 - 2016-01-22 06:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2016-02-11 15:48 - 2016-01-22 06:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2016-02-11 15:48 - 2016-01-22 06:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2016-02-11 15:48 - 2016-01-22 06:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2016-02-11 15:48 - 2016-01-22 06:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2016-02-11 15:48 - 2016-01-22 06:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2016-02-11 15:48 - 2016-01-22 06:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2016-02-11 15:48 - 2016-01-22 06:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2016-02-11 15:48 - 2016-01-22 06:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2016-02-11 15:48 - 2016-01-22 06:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2016-02-11 15:48 - 2016-01-22 06:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2016-02-11 15:48 - 2016-01-22 06:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2016-02-11 15:48 - 2016-01-22 06:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2016-02-11 15:48 - 2016-01-22 06:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2016-02-11 15:48 - 2016-01-22 06:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2016-02-11 15:48 - 2016-01-22 06:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll 2016-02-11 15:48 - 2016-01-22 06:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll 2016-02-11 15:48 - 2016-01-22 06:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2016-02-11 15:48 - 2016-01-22 06:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll 2016-02-11 15:48 - 2016-01-22 06:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2016-02-11 15:48 - 2016-01-22 06:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2016-02-11 15:48 - 2016-01-22 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2016-02-11 15:48 - 2016-01-22 06:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2016-02-11 15:48 - 2016-01-22 06:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2016-02-11 15:48 - 2016-01-22 06:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2016-02-11 15:48 - 2016-01-22 06:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2016-02-11 15:48 - 2016-01-22 06:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2016-02-11 15:48 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2016-02-11 15:48 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2016-02-11 15:48 - 2016-01-22 06:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 06:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2016-02-11 15:48 - 2016-01-22 06:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2016-02-11 15:48 - 2016-01-22 06:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2016-02-11 15:48 - 2016-01-22 06:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2016-02-11 15:48 - 2016-01-22 06:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2016-02-11 15:48 - 2016-01-22 06:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2016-02-11 15:48 - 2016-01-22 06:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2016-02-11 15:48 - 2016-01-22 06:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll 2016-02-11 15:48 - 2016-01-22 06:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll 2016-02-11 15:48 - 2016-01-22 06:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2016-02-11 15:48 - 2016-01-22 06:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2016-02-11 15:48 - 2016-01-22 06:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2016-02-11 15:48 - 2016-01-22 06:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2016-02-11 15:48 - 2016-01-22 06:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2016-02-11 15:48 - 2016-01-22 06:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 05:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2016-02-11 15:48 - 2016-01-22 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2016-02-11 15:48 - 2016-01-22 05:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2016-02-11 15:48 - 2016-01-22 05:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2016-02-11 15:48 - 2016-01-22 05:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2016-02-11 15:48 - 2016-01-22 05:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2016-02-11 15:48 - 2016-01-22 05:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2016-02-11 15:48 - 2016-01-22 05:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2016-02-11 15:48 - 2016-01-22 05:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2016-02-11 15:48 - 2016-01-22 05:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2016-02-11 15:48 - 2016-01-22 05:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2016-02-11 15:48 - 2016-01-22 05:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2016-02-11 15:48 - 2016-01-22 05:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2016-02-11 15:48 - 2016-01-22 05:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2016-02-11 15:48 - 2016-01-22 05:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2016-02-11 15:48 - 2016-01-22 05:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2016-02-11 15:48 - 2016-01-22 05:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2016-02-11 15:48 - 2016-01-22 05:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2016-02-11 15:48 - 2016-01-22 05:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2016-02-11 15:48 - 2016-01-22 05:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2016-02-11 15:48 - 2016-01-22 05:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2016-02-11 15:48 - 2016-01-22 05:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2016-02-11 15:48 - 2016-01-22 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2016-02-11 15:48 - 2016-01-22 05:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2016-02-11 15:48 - 2016-01-22 05:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2016-02-11 15:48 - 2016-01-22 05:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2016-02-11 15:48 - 2016-01-22 05:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2016-02-11 15:48 - 2016-01-22 05:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2016-02-11 15:48 - 2016-01-22 05:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2016-02-11 15:48 - 2016-01-22 04:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2016-02-11 15:48 - 2016-01-22 04:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2016-02-11 15:48 - 2016-01-22 04:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2016-02-11 15:48 - 2016-01-22 04:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2016-02-11 15:48 - 2016-01-22 04:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2016-02-11 15:48 - 2016-01-22 04:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2016-02-11 15:48 - 2016-01-22 04:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2016-02-11 15:48 - 2016-01-22 04:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2016-02-11 15:48 - 2016-01-22 04:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2016-02-11 15:48 - 2016-01-22 04:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2016-02-11 15:48 - 2016-01-22 04:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2016-02-11 15:48 - 2016-01-16 19:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll 2016-02-11 15:48 - 2016-01-16 18:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll 2016-02-11 15:48 - 2016-01-07 17:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2016-02-09 23:55 - 2016-02-09 23:56 - 00000000 ____D C:\Users\Home PC\Desktop\Lucifer ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-03-06 01:26 - 2015-12-22 17:46 - 00000000 ____D C:\FRST 2016-03-06 01:25 - 2009-07-14 04:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-03-06 01:25 - 2009-07-14 04:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-03-06 01:24 - 2009-07-14 05:13 - 00789610 _____ C:\Windows\system32\PerfStringBackup.INI 2016-03-06 01:24 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf 2016-03-06 01:18 - 2015-02-03 13:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376.job 2016-03-06 01:18 - 2014-10-29 23:45 - 00003028 _____ C:\Windows\System32\Tasks\EVGAPrecision 2016-03-06 01:18 - 2014-07-14 16:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26.job 2016-03-06 01:18 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-03-06 01:00 - 2014-10-18 10:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48.job 2016-03-06 00:53 - 2014-07-14 16:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99.job 2016-03-06 00:27 - 2015-02-03 13:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727.job 2016-03-05 17:25 - 2013-08-11 22:24 - 00000000 ____D C:\Users\Home PC\PICS 2016-03-05 14:54 - 2013-06-30 21:58 - 00000000 ____D C:\Users\Home PC\AppData\Roaming\foobar2000 2016-03-05 12:47 - 2013-07-05 16:40 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-03-05 12:47 - 2013-06-29 14:00 - 00000000 ____D C:\Users\Home PC 2016-03-02 15:53 - 2014-08-02 21:37 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1407015471 2016-03-02 15:53 - 2014-03-12 04:28 - 00000000 ____D C:\Program Files (x86)\Opera 2016-02-29 16:30 - 2015-05-04 03:24 - 00000000 ____D C:\Users\Home PC\AppData\Local\FirestormOS_x64 2016-02-29 03:57 - 2013-09-06 02:22 - 00347648 ___SH C:\Users\Home PC\Thumbs.db 2016-02-24 01:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF 2016-02-23 14:17 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-02-23 05:33 - 2014-05-25 13:07 - 00000000 ____D C:\Users\Home PC\AppData\Roaming\Skype 2016-02-23 04:46 - 2013-07-25 11:55 - 00000000 ____D C:\ProgramData\Skype 2016-02-21 23:41 - 2013-06-29 17:28 - 00000000 ____D C:\Users\Home PC\AppData\Local\ElevatedDiagnostics 2016-02-19 21:55 - 2013-06-29 17:50 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-02-19 21:55 - 2013-06-29 17:50 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-02-16 03:02 - 2015-09-20 12:51 - 00000000 ____D C:\Users\Home PC\Desktop\FACEBOOK PICS 2016-02-14 01:58 - 2014-01-27 17:39 - 00000193 _____ C:\Windows\WORDPAD.INI 2016-02-13 01:13 - 2014-10-18 22:18 - 00000000 ____D C:\Users\Home PC\AppData\Local\Adobe 2016-02-12 22:16 - 2015-01-05 13:41 - 544633137 _____ C:\Windows\MEMORY.DMP 2016-02-12 22:16 - 2013-06-29 19:53 - 00000000 ____D C:\Windows\Minidump 2016-02-12 14:11 - 2015-01-19 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-02-11 23:27 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache 2016-02-11 15:50 - 2013-06-30 17:10 - 00773592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI 2016-02-10 23:11 - 2015-11-08 23:20 - 00000000 ____D C:\Users\Home PC\Desktop\Desktop 4 ==================== Files in the root of some directories ======= 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 _____ () C:\Users\Home PC\AppData\Roaming\Smooth Strings 2013-07-17 16:48 - 2014-10-23 13:22 - 2128896 _____ () C:\Users\Home PC\AppData\Local\file__0.localstorage 2014-02-19 23:06 - 2014-08-18 22:55 - 0007597 _____ () C:\Users\Home PC\AppData\Local\Resmon.ResmonCfg 2014-11-29 01:14 - 2014-11-29 01:14 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{023F0BEF-D95F-4298-91A8-B169D8ED8EE0} 2014-09-24 01:41 - 2014-09-24 01:41 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{42E511C8-C4C3-42D5-87F6-92E2CB9B2351} 2014-09-01 11:19 - 2014-09-01 11:19 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{707D25D3-07BE-4D63-81D2-938D5629261C} 2014-10-12 23:55 - 2014-10-12 23:55 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{984BE194-3B5F-4125-8490-50790C07C753} 2015-03-22 22:38 - 2015-03-22 22:38 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{E7E98533-B635-4979-A907-0E55F0727869} 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT 2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT 2014-06-17 11:49 - 2014-06-17 11:49 - 0000000 _____ () C:\ProgramData\Robot ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-02-28 15:31 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01 Ran by Home PC (2016-03-06 01:26:21) Running from C:\Users\Home PC\Desktop Windows 7 Ultimate Service Pack 1 (X64) (2013-06-29 14:00:22) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3075667534-3083555577-3039242665-500 - Administrator - Disabled) Guest (S-1-5-21-3075667534-3083555577-3039242665-501 - Limited - Disabled) Home PC (S-1-5-21-3075667534-3083555577-3039242665-1000 - Administrator - Enabled) => C:\Users\Home PC HomeGroupUser$ (S-1-5-21-3075667534-3083555577-3039242665-1005 - Limited - Enabled) ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) @BIOS B13.0402.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 1.00.0000 - GIGABYTE) @BIOS B13.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated) AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.) App Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.00.0000 - Gigabyte) App Center B13.0408.1 (x32 Version: 1.00.0000 - Gigabyte) Hidden ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - ) Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu) CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - ) EasyTune B13.0525.1 (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0000 - GIGABYTE) EasyTune B13.0525.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer) ESET Smart Security (HKLM\...\{92172C3C-7BCF-4DA3-8263-6617B13E897F}) (Version: 8.0.319.0 - ESET, spol s r. o.) ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation) Firestorm SecondLife and OpenSim viewer (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) Hidden Firestorm-Releasex64 x64 (HKLM-x32\...\{63667a72-ee55-4dac-b231-18e6773104d8}) (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) foobar2000 v1.2.8 (HKLM-x32\...\foobar2000) (Version: 1.2.8 - Peter Pawlowski) Fraps (HKLM-x32\...\Fraps) (Version: - ) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.) Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation) Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla) NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation) NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation) OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com) OpenAL (HKLM-x32\...\OpenAL) (Version: - ) Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA) Opera Stable 35.0.2066.92 (HKLM-x32\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software) Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics) SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology) Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.) SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - ) Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation) SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com) Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft) VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions) Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {171075D6-4341-4BE7-99AE-2B6E7C439FA4} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION Task: {1A866B31-D090-4B3F-B8EB-F2CCD718E638} - System32\Tasks\Opera scheduled Autoupdate 1407015471 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software) Task: {2060AB9F-8B18-4189-A56C-42A8A6D369AF} - \Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC -> No File <==== ATTENTION Task: {321C7F32-1B53-41C6-8D77-87175DF1BEC6} - System32\Tasks\{BC0B55BE-35C3-4D24-B2F5-6567289B287C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603 Task: {39374CCC-4687-49DF-8B0C-648AACD58281} - System32\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {39BBF7A0-9BF7-4691-A375-18392228235C} - System32\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {6382E16F-55CD-4B23-9ECB-D96E21C8FAB2} - System32\Tasks\{3B7AA0CE-02CD-4616-98E9-6AE0A7EFF104} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {8465A3DD-B283-4D04-9117-C237BE87EFF0} - System32\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {87081DA2-1694-4B8D-9261-D92E5215E014} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-05-23] () Task: {8C21E72C-CBB4-4F70-B1BC-CC2E73AA0ECA} - System32\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {9CF98260-6765-4D90-B9FA-807B54BF26B5} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION Task: {A4E083B9-E74A-45B9-AA1A-01FC9DB26144} - System32\Tasks\{6DA77A91-B241-4BAB-8899-B2C7415BB32B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {A5606071-A57C-4200-BFCE-5DF090BA90B6} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.) Task: {A68C3CFC-E8E1-496F-9CCC-BFF722DC641F} - System32\Tasks\{F14B39BB-8DB1-4B94-9CC4-68BAC51884B2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {A69443CC-3D00-4749-9E9B-3669C968AA71} - \Opera scheduled Autoupdate 1394598523 -> No File <==== ATTENTION Task: {B60F1725-2855-48A8-90B9-A5478E0399AB} - System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => pcalua.exe -a "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2\Installer.exe" -d "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2" Task: {BC5C1F0B-E52D-4985-8E0A-114176CF4BC4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-13] (Adobe Systems Incorporated) Task: {BE59C5A7-7140-4E6D-9664-F261A24D8E78} - System32\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.) Task: {BF503DDC-2C68-47CF-A12E-8F08ACBF3A90} - System32\Tasks\{1F0185AB-DC95-4957-8F19-3F64C9A051B7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {C1DC99C9-527C-4BBD-BD96-7C9FD5B340D3} - System32\Tasks\{84DC47B7-E647-4428-971F-BB08D6F4C478} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {C8BC61F2-4401-43EB-83FD-FC2706582018} - System32\Tasks\{F0FDDFCB-D2E3-4F24-9754-6681C4D1E3A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603 Task: {CBAEEFFD-1DB0-4783-BA5B-F2F3C2AB4426} - System32\Tasks\{AB5E754E-22BF-45CE-86AC-6D2F63DDE0A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603 Task: {CF1AD925-D639-46A0-BD62-51292F064657} - System32\Tasks\{309C21B9-7470-46AA-8870-E84D82757F89} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {DC1F59A6-9C0E-48CD-B7D6-A63918709666} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION Task: {E4D655AA-7416-4347-A606-AA8D3DADD2A9} - System32\Tasks\{2B85B304-E4E7-4C4E-9DA9-1084207260FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {ECFDA69E-9C87-471B-9C42-DA8FD5A8CA6E} - System32\Tasks\{73EA96F4-A64E-4DD2-A33B-CA14A8D76C29} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603 Task: {F959599F-F49E-4C36-B5ED-007ADE2374F9} - System32\Tasks\{81185AF3-2A8D-4E1E-9049-3B8FB57BBC22} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.60.105/en/abandoninstall?page=tsBing (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf275de3358540.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf275de360b491.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-11-11 14:19 - 2015-11-05 15:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-29 15:32 - 2008-07-11 14:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe 2013-06-29 15:32 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe 2013-07-04 02:40 - 2013-07-04 02:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2013-06-29 15:32 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll 2016-03-02 15:53 - 2016-03-02 15:53 - 62332456 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\opera.dll 2016-03-02 15:53 - 2016-03-02 15:53 - 02074664 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\libglesv2.dll 2016-03-02 15:53 - 2016-03-02 15:53 - 00081960 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\libegl.dll 2016-02-13 01:13 - 2016-02-13 01:13 - 16804032 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_20_0_0_306.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 02:34 - 2014-02-21 20:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 194.168.4.100 - 194.168.8.100 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{01D6E323-A0AD-4E5D-9B59-21FF40EFFC0B}] => (Allow) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{3757B8A5-FD63-418E-B9C4-0603CFC8C12C}] => (Allow) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe FirewallRules: [{A4CDCE5C-D3AA-4887-A484-D986F73DB605}] => (Allow) LPort=1542 FirewallRules: [{781EF7B5-D07C-49A7-8D9D-E4924E30F5AA}] => (Allow) LPort=1542 FirewallRules: [{70E11A54-C097-465D-9A14-55F9E1A8BA76}] => (Allow) LPort=53 FirewallRules: [{1FA14AFD-33ED-4621-83B6-CA147C7AFD41}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{F85307A8-B9E7-44B1-83E9-528493623279}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe FirewallRules: [{92259821-E7A7-422C-AA9F-92977D1D67BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [{63AC1E01-7A50-429D-864E-67883646FDE4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe FirewallRules: [TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [uDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [{B629D784-D2A6-4956-9C07-BE915E9755C0}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [{C04977E2-4B9C-4E4B-9371-4852F08ECCD5}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe FirewallRules: [TCP Query User{1CD3A831-62CA-49F6-A64A-775E32212495}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe FirewallRules: [uDP Query User{3EBCEBCB-5268-4D8D-80FE-6A59E4789D81}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe FirewallRules: [{210F35D0-0DF7-4E00-A786-9CC852D636C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{515C97EF-ACCF-4C22-B8FE-52E131DBC1EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{F7D9F6DE-7259-47C2-8ED8-E174D7651084}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\grid 2\grid2.exe FirewallRules: [{CF8C9855-ECB9-4FDE-94A4-5B693C6D098A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\grid 2\grid2.exe FirewallRules: [{FB90A093-4103-485B-88A8-F4B557B1738E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{3A51C45E-59D1-45EC-9566-4FAE9B21B6F1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe FirewallRules: [{9CEB4346-C891-482F-8CFF-25779B6D9B92}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{79399ED9-F7AF-4940-BDE1-6BBB9FB6E460}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe FirewallRules: [{CADAD30C-CD0B-4C8C-8C35-1046FA2BA995}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{D60F7085-C91F-401E-8EE4-8E69DA932D6C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe FirewallRules: [{2E006C80-6F50-479E-BF1D-9BBC86513D2A}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{442C6B45-D4AE-46E9-B9EF-87C8A0588E52}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe FirewallRules: [{1B688A13-1C00-47BC-93BD-E98728CE98A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{BFE22812-71D4-4352-BDA6-3C03B1B079E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe FirewallRules: [{079FAA25-5316-4090-8A3B-05F7C0406170}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{0A168D64-7148-415B-A4AD-D6F520D38C6B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{6912F114-C145-4ADB-ABF1-67DC3E39904F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe FirewallRules: [{2FCC5108-324B-4F11-849F-944D61B864B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{6822EF63-1ABB-4208-BF9A-AB2137149F13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{BCE20A65-5DD1-4128-B8B1-862F855D831C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3BA5101F-992A-4586-9521-401CFA4FCAB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B5C5B09B-B566-48FE-85A5-B2C0A0EE0497}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{C7FAFC72-ED21-43C8-912B-75A38D3C4086}] => (Allow) F:\Steam\Steam.exe FirewallRules: [{7C02DD14-83D8-4B3B-BA23-126CE7A2898F}] => (Allow) F:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{12476416-3601-4346-91D7-D3F26A4EA8AF}] => (Allow) F:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe FirewallRules: [{D04FAE7A-66A3-458B-BA07-D59A4DC001B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 22-02-2016 12:38:42 NEW01 29-02-2016 12:22:08 NEW01 ==================== Faulty Device Manager Devices ============= Name: Standard VGA Graphics Adapter Description: Standard VGA Graphics Adapter Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard display types) Service: vga Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (12/23/2015 02:01:13 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {b7623c8d-0b76-4f11-85ea-5ec9054a69fb} System errors: ============= Error: (03/05/2016 10:47:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 10:47:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/05/2016 04:03:53 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}. The backup browser is stopping. Error: (03/04/2016 11:50:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: ) Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control. Error: (03/04/2016 02:54:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/04/2016 02:54:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/03/2016 02:40:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/03/2016 02:40:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY) Description: The following fatal alert was generated: 10. The internal error state is 10. Error: (03/03/2016 03:40:57 AM) (Source: BROWSER) (EventID: 8032) (User: ) Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}. The backup browser is stopping. Error: (03/02/2016 04:01:02 PM) (Source: bowser) (EventID: 8003) (User: ) Description: The master browser has received a server announcement from the computer TOMMY that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}. The master browser is stopping or an election is being forced. CodeIntegrity: =================================== Date: 2014-08-07 12:51:38.356 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:38.319 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:37.613 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:37.575 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:33.034 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-07 12:51:32.999 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:43.256 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:43.218 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:40.620 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2014-08-05 17:51:40.582 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel® Core i5-4670K CPU @ 3.40GHz Percentage of memory in use: 24% Total physical RAM: 8079.79 MB Available physical RAM: 6079.02 MB Total Virtual: 16157.78 MB Available Virtual: 14055.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:238.37 GB) (Free:112.04 GB) NTFS Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:462.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 4075D2F5) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================
  14. Swizz006
    Would it be okay, again..to delete both with MB?
  15. Swizz006
    HI Adam, and sure..Of course it's okay to call me by my name I did what was instructed and installed the newer version of MB. It did come across something else..I was going to delete it on the spot..But I would rather if you checked on it first. Cheers, Adam. Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Home PC Scan Type: Threat Scan Result: Completed Objects Scanned: 385507 Time Elapsed: 3 min, 16 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\SOFTWARE\Conduit, , [ee3983015b3e54e280a6bbc006fea858], Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.Spigot, C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\searchplugins\yahoo_ff.xml, , [0621760e0f8ac37352251b0290747888], Physical Sectors: 0 (No malicious items detected) (end)
  16. Swizz006
    Hello all and good evening... I wonder if somebody could please check on this, I have just finished with my weekly scan and I came across the following. Would it be okay to safely delete? Just to add my computer is running as normal with no problems. Thank you. Carl. Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Database version: v2016.03.04.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.18204 Home PC :: HOMEPC-PC [administrator] 05/03/2016 00:15:04 MBAM-log-2016-03-05 (00-49-46).txt Scan type: Full scan (C:\|F:\|) Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: Registry | P2P Objects scanned: 619763 Time elapsed: 24 minute(s), 6 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKCU\Software\Conduit (PUP.Optional.ConduitTB.Gen) -> No action taken. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  17. Swizz006
    Cheers dude! *Two thumbs up*
  18. Swizz006
    I would like to add the message from above^ has only appeared the once. I have rebooted 2/3 times since and not seen the message reappear.
  19. Swizz006
    Just one last thing I opened I.E...I open it at least 2/3 times a month to check on the news articles on the front page but nothing else. But as soon as I opened it but only a few minutes ago I received this on screen message. Is that normal? I just wanted to be double sure, from after that scan and all. thank you.
  20. Swizz006
    Just one last thing I opened I.E...I open it at least 2/3 times a month to check on the news articles on the front page but nothing else. But as soon as I opened it but only a few minutes ago I received this on screen message. Is that normal? I just wanted to be double sure, from after that scan and all. thank you.
  21. Swizz006
    It's running like a dream, with no flaws what so ever. Saying that it was also running great prior as well. But I want to thank you greatly for your time and effort that you have put into this. I'm going to report back to my Internet provider now and explain in a few words that my computer is not infected. Merry Christmas!
  22. Swizz006
    All has been completed as instructed. Cheers. Fixlog.txt
  23. Swizz006
    Sorry about that, the FRST.txt is now attached.. Thank you again. FRST.txt
  24. Swizz006
    Hello and sorry for the long delay, and thank you again for responding. The following as instructed has been attached for inspection. Just to add I have informed my family about the possible infection and they are looking into it. Also..My own computer is still running silky smooth with no problems what so ever. Thank you, Sir. Carl. Addition.txt
  25. Swizz006
    Hello and sorry for the long delay, and thank you again for responding. The following as instructed has been attached for inspection. Just to add I have informed my family about the possible infection and they are looking into it. Also..My own computer is still running silky smooth with no problems what so ever. Thank you, Sir. Carl.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.