Jump to content

Skuffone

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Skuffone
    Hi please can you tell me if I need to remove any malware, I ran the scan following an alert about malicious malware - "s3.amazonaws malicious website blocked" Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016 Ran by test (administrator) on CARPE_DIEM (16-09-2016 00:23:40) Running from C:\Users\test\Downloads Loaded Profiles: test (Available Profiles: test) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\n360.exe (CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\n360.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (LG Electronics) C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (TODO: <Company name>) C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook64App.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (The OpenVPN Project) C:\Program Files\CyberGhost 6\Data\OpenVPN\openvpn.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\conathst.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxMail.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxTsr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242712 2015-10-04] (ELAN Microelectronics Corp.) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1412840 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1412840 2015-08-28] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-14] (Intel Corporation) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation) HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra) HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" HKLM-x32\...\Run: [DualControl] => C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualControlStartupApp.exe [1770480 2015-09-28] (LG Electronics Inc) HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\Run: [ScreenSplitter] => C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe [1964528 2015-09-24] (LG Electronics) HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google) HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1156656 2016-08-18] (CyberGhost S.R.L.) HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-07-01] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-30] ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-30] ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-01-23] ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 194.187.251.67 185.93.180.131 38.132.106.139 Tcpip\..\Interfaces\{05f178c3-8e88-4efa-8552-f3d7a4449bc7}: [NameServer] 194.187.251.67,185.93.180.131 Tcpip\..\Interfaces\{05f178c3-8e88-4efa-8552-f3d7a4449bc7}: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{8bd4373a-b9a4-4452-abd0-696d3d74fa9d}: [DhcpNameServer] 194.187.251.67 185.93.180.131 38.132.106.139 Tcpip\..\Interfaces\{b9db4093-4047-439a-bcb3-bbe169f525de}: [DhcpNameServer] 192.168.1.1 0.0.0.0 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.sky.com/live HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx SearchScopes: HKU\S-1-5-21-1420643821-590855252-3859466403-1005 -> {44E2BC98-15C3-477D-AC4D-F87A4826D34E} URL = SearchScopes: HKU\S-1-5-21-1420643821-590855252-3859466403-1005 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=AU&ver=22&locale=en_AU&gct=kwd&qsrc=2869 BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation) BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-30] (LastPass) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-27] (Oracle Corporation) BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-30] (LastPass) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-27] (Oracle Corporation) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-30] (LastPass) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-30] (LastPass) Toolbar: HKU\S-1-5-21-1420643821-590855252-3859466403-1005 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\yv5vzwdn.default FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] () FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-30] (LastPass) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-27] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-27] (Oracle Corporation) FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-30] (LastPass) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-22] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-25] (Adobe Systems Inc.) FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-08-24] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon Chrome: ======= CHR StartupUrls: Default -> "hxxp://www.theaustralian.com.au/business","hxxps://cryptowat.ch/bitfinex/btcusd","hxxps://www.coinigy.com/","hxxps://bittrex.com/","hxxps://poloniex.com/","hxxp://www.bbc.com/","hxxp://altcoinpro.bullbearanalytics.com/index.php?page=distribution" CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Easy Auto Refresh) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-07-17] CHR Extension: (Google Slides) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-04] CHR Extension: (Google Docs) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-04] CHR Extension: (One Click Google Hangout) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokjakdncnbbfhhammcdkbblmcglpobn [2016-08-21] CHR Extension: (Google Drive) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-04] CHR Extension: (CryptoTicker by Coinigy) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjmoeebomokfcfmopbappgncbhppmec [2016-02-04] CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-04] CHR Extension: (Adblock Plus) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24] CHR Extension: (Norton Security Toolbar) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-02] CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04] CHR Extension: (Norton Home Page for Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-22] CHR Extension: (Google Sheets) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-04] CHR Extension: (Chrome Remote Desktop) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-17] CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-02-04] CHR Extension: (Google Docs Offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (LastPass: Free Password Manager) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-08] CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2016-08-19] CHR Extension: (Skype) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-08] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-06-21] CHR Extension: (UltraWide Video) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lngfncacljheahfpahadgipefkbagpdl [2016-04-03] CHR Extension: (Save to Pocket) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-08] CHR Extension: (Norton Safe) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-08] CHR Extension: (Chrome Web Store Payments) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03] CHR Extension: (Universe) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2016-02-04] CHR Extension: (TradingView Free Quotes and Chat) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommjfbdmijjlbhlhnnnfkmbnkpnjpipj [2016-02-04] CHR Extension: (TeamViewer) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\oooiobdokpcfdlahlmcddobejikcmkfo [2016-03-06] CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-04] CHR Extension: (Chrome Media Router) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-08] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-25] CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKU\S-1-5-21-1420643821-590855252-3859466403-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-25] CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-27] (Adobe Systems Incorporated) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation) R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L) R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation) S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.) S4 ETDService; C:\Program Files\Elantech\ETDService.exe [131288 2015-10-04] (ELAN Microelectronics Corp.) S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation) S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-24] (Intel Corporation) S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation) S4 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation) S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation) S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\N360.exe [289080 2016-08-17] (Symantec Corporation) S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation) S4 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.) S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.) S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160907.004\BHDrvx64.sys [1854712 2016-08-19] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-23] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-06-12] (Symantec Corporation) R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [32328 2015-10-04] (ELAN Microelectronic Corp.) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160914.001\IDSvia64.sys [876760 2016-07-16] (Symantec Corporation) S3 massfilter_lte; C:\WINDOWS\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-15] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation) R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation) R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation) S3 swg3kser00; C:\Windows\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated) S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.) S3 SWNC8UA3; C:\Windows\system32\DRIVERS\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607010.020\SymELAM.sys [24192 2015-07-11] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-08-08] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation) R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160823.022\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160823.022\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-16 00:23 - 2016-09-16 00:24 - 00032031 _____ C:\Users\test\Downloads\FRST.txt 2016-09-16 00:23 - 2016-09-16 00:23 - 00000000 ____D C:\FRST 2016-09-16 00:22 - 2016-09-16 00:23 - 02398720 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe 2016-09-15 22:27 - 2016-09-15 22:27 - 00294111 _____ C:\Users\test\Downloads\BoardingPass.pdf 2016-09-15 20:55 - 2016-09-15 20:55 - 00000000 ___HD C:\OneDriveTemp 2016-09-13 09:42 - 2016-09-15 20:55 - 00000000 ____D C:\Users\test\AppData\Local\CyberGhost 2016-09-13 09:42 - 2016-09-13 09:42 - 00002071 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk 2016-09-13 09:40 - 2016-09-13 09:41 - 00000000 ____D C:\Program Files\TAP-Windows 2016-09-13 09:39 - 2016-09-13 09:41 - 00000000 ____D C:\Program Files\CyberGhost 6 2016-09-13 09:39 - 2016-09-13 09:39 - 00001769 _____ C:\Users\test\Desktop\CyberGhost 6.lnk 2016-09-13 09:39 - 2016-09-13 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6 2016-09-13 09:38 - 2016-09-13 09:38 - 15951272 _____ (CyberGhost S.R.L. ) C:\Users\test\Downloads\CyberGhost_6.0.2.1985.exe 2016-09-08 19:07 - 2016-09-08 19:07 - 00028636 _____ C:\Users\test\Downloads\cyber-essentials-benefits-sep16 (1).xlsx 2016-09-08 19:06 - 2016-09-08 19:06 - 00028636 _____ C:\Users\test\Downloads\cyber-essentials-benefits-sep16.xlsx 2016-08-28 19:30 - 2016-08-28 19:30 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task 2016-08-28 19:29 - 2016-09-15 23:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360 2016-08-28 19:24 - 2016-08-28 19:24 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2016-08-24 21:49 - 2016-08-24 21:49 - 01053272 _____ C:\Users\test\Downloads\Cardinal Summary July 2016.pdf 2016-08-24 19:57 - 2016-08-28 19:24 - 00002314 _____ C:\Users\Public\Desktop\Norton 360.lnk ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-16 00:08 - 2014-09-06 14:15 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001UA.job 2016-09-15 23:53 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-15 23:46 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-15 23:45 - 2016-04-03 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-15 23:44 - 2014-05-27 10:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-09-15 23:42 - 2016-04-03 22:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-15 23:42 - 2016-04-03 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-15 23:41 - 2013-08-19 18:59 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-15 23:36 - 2016-02-12 06:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-15 23:29 - 2014-10-16 12:36 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-15 23:24 - 2013-08-19 18:59 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-15 21:57 - 2016-03-18 10:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2016-09-15 21:55 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-15 21:55 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-15 21:00 - 2016-04-03 22:28 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{11DBF7D3-2CE0-4E48-B59C-81BCB0D6517F} 2016-09-15 21:00 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF 2016-09-15 21:00 - 2015-10-04 11:05 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-15 20:57 - 2013-04-02 19:51 - 00000000 ____D C:\ProgramData\WinClon 2016-09-15 20:55 - 2016-06-21 18:31 - 00000000 ___RD C:\Users\test\Google Drive 2016-09-15 20:55 - 2016-02-04 16:26 - 00000000 ___RD C:\Users\test\OneDrive 2016-09-15 20:54 - 2015-12-19 08:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-15 20:54 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-09-15 20:54 - 2014-10-16 12:36 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-15 20:53 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-09-13 09:42 - 2016-02-04 16:24 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore 2016-09-13 09:03 - 2015-12-20 03:17 - 00000000 ___DC C:\WINDOWS\Panther 2016-09-13 02:03 - 2016-02-04 16:24 - 00000000 ____D C:\Users\test\AppData\Local\Packages 2016-09-13 01:57 - 2016-02-04 16:42 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps 2016-09-12 17:51 - 2016-07-17 01:17 - 00000000 ___HD C:\$WINDOWS.~BT 2016-09-08 20:08 - 2014-09-06 14:15 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001Core.job 2016-09-08 19:53 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache 2016-09-08 19:18 - 2016-02-12 06:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-09-07 11:00 - 2015-10-30 17:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-07 11:00 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-08-28 19:30 - 2016-02-04 16:27 - 00002400 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-08-28 19:24 - 2015-07-08 19:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-08-28 19:24 - 2014-09-07 09:40 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64 2016-08-24 20:03 - 2015-09-10 15:42 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-08-24 19:57 - 2016-02-04 16:24 - 00000000 ____D C:\Users\test 2016-08-24 19:55 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-08-21 19:53 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates 2016-08-20 07:32 - 2014-10-16 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-08-19 22:19 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-08-19 22:18 - 2013-08-15 18:32 - 00000000 ____D C:\Program Files\Microsoft Office 15 ==================== Files in the root of some directories ======= 2016-03-30 18:51 - 2016-03-30 18:51 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe 2015-12-19 08:19 - 2015-12-19 08:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-04-02 19:56 - 2013-02-19 17:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-04-02 19:56 - 2013-01-13 00:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml 2016-03-28 16:00 - 2016-03-28 16:00 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc 2016-03-26 14:27 - 2016-03-26 14:27 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-08 19:28 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016 Ran by test (16-09-2016 00:25:18) Running from C:\Users\test\Downloads Windows 10 Home Version 1511 (X64) (2015-12-18 22:36:58) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1420643821-590855252-3859466403-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1420643821-590855252-3859466403-503 - Limited - Disabled) Guest (S-1-5-21-1420643821-590855252-3859466403-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1420643821-590855252-3859466403-1003 - Limited - Enabled) Sonos (S-1-5-21-1420643821-590855252-3859466403-1004 - Limited - Enabled) test (S-1-5-21-1420643821-590855252-3859466403-1005 - Administrator - Enabled) => C:\Users\test ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software) Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.18.1 - Asmedia Technology) BitShares2-light (HKLM-x32\...\BitShares2-light) (Version: - ) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - ) Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.) Citrix Presentation Server Client - Web Only (HKLM-x32\...\{E9459BCF-0982-498B-ABA7-26C34323493F}) (Version: 10.200.2650 - Citrix Systems, Inc.) CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version: - CyberGhost S.R.L.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Dual Controller (HKLM-x32\...\{0C021556-694B-43A1-9A60-2BAA870B792A}) (Version: 1.35 - LG Electronics Inc) Dual Controller (HKLM-x32\...\{BFF9E0A4-2669-4139-8320-9C5F76727DAA}) (Version: 1.54 - LG Electronics Inc) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) ETDWare X64 15.7.0.1_WHQL (HKLM\...\Elantech) (Version: 15.7.0.1 - ELAN Microelectronic Corp.) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.) Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.) Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.) I/O Coin HTML5 Wallet (HKLM-x32\...\IOCoinHTML5) (Version: 1.1.8 - I/O Coin Team) iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.) IncredibleCharts Pro (HKLM-x32\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version: - Incredible Charts Pty Ltd) Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation) Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation) Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation) Intel® PROSet/Wireless Software (HKLM-x32\...\{e144fbd2-bf87-445f-b40b-93d61ca6bb7d}) (Version: 15.6.1 - Intel Corporation) IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies) Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation) Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) MetaTrader 4 (HKLM-x32\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.) MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Mobile Broadband Manager (x32 Version: 3.15.20905 - Telstra) Hidden Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla) NinjaTrader 7 (HKLM-x32\...\{79D6E936-FD0C-4213-9A2B-3955CE618101}) (Version: 7.0.1031 - NinjaTrader) Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.7.1.32 - Symantec Corporation) Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation) Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.) Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT) Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version: - PopCap Games) Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation) Quant Analyzer 4 version 4.10.01 (HKLM-x32\...\{1779267B-D4AC-3A34-8906-24444F59568A}_is1) (Version: 4.10.01 - StrategyQuant Com Ltd) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.) Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.20 - Samsung Electronics CO., LTD.) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Screen Split (HKLM-x32\...\{7F0C2357-33B0-4408-A9AD-A7623FAA22B1}) (Version: 6.57 - LG Electronics Inc.) SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association) Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation) Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.) Slack (HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\slack) (Version: 2.0.0 - Slack Technologies) Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 31.9.27151 - Sonos, Inc.) SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.) TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - ) Telegram Desktop version 0.9.32 (HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.32 - Telegram Messenger LLP) Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.15.20905 - Telstra) Texas Instruments TUSB3410 drivers. (HKLM-x32\...\InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}) (Version: 6.5.9019.1 - Texas Instruments Inc.) TUSB3410 (x32 Version: 6.5.9019.1 - Texas Instruments Inc.) Hidden User Guide (HKLM-x32\...\{491C3106-0333-4CC0-8085-7F82065FBFA4}) (Version: 1.2.00 - Samsung Electronics CO., LTD.) Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.) XChat 2 (remove only) (HKLM-x32\...\xchat) (Version: - ) ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version: - ZTE Corporation) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1420643821-590855252-3859466403-1005_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {0207EAD0-7ECF-49AD-8A71-2613E64E9B42} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {09EDF7F4-433C-4C6D-B27D-3B4027FCDD6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {13411419-E75D-41F1-B19C-01A91CDB79AA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation) Task: {18883B08-EE57-4861-9AE1-8CC0AE0BD04C} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2015-04-10] (SEC) Task: {1AD8C874-F0FF-4711-B9E9-7ADC92BE006E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {20818784-A371-4284-B1E6-F94589EE735C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {2A58F836-3DB1-4ADC-9A1A-747EBC2A2C2E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-28] (Realtek Semiconductor) Task: {2BDE182B-9F3E-48A7-ABBE-3607350D18E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation) Task: {2F358BCE-5222-4350-B77C-8206D1CB8E62} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe Task: {3C3F8235-3D75-492D-97DC-BDC1F0D7EA8C} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.) Task: {3C700CDD-1647-4A8D-B548-977823D49B62} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {3DE25988-EB18-4B71-B0E8-15CFB214AF14} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION Task: {52E666B3-E5D8-4D1F-9512-4E56D78492D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {5732D05C-9993-4C5A-999D-4F484CD9EBB4} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-28] (Microsoft Corporation) Task: {5A0FBA54-C749-4FB5-A710-6F473AFAF422} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {5DB1BDCB-9BC1-4126-96C5-0EBBBD77D444} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {63D42F72-3874-47E7-AA46-1BDD6CD09105} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001UA => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {688B5B0E-80B9-402F-906F-9E686F40B9A3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-08-16] (Symantec Corporation) Task: {74A82F4D-5C3D-4D8C-B7C3-B467254747C5} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-28] (Realtek Semiconductor) Task: {7A85E5DF-2EC0-40C1-8755-2F3148EBD51D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION Task: {8E920FEF-9C91-40DC-8F7C-F69FA910DD7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001Core => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.) Task: {965E8506-C044-49C8-AAA0-747CCBD90F08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {A18529B6-8205-4F49-9699-71697856B4E5} - System32\Tasks\{733227B8-FDDD-4166-9243-68849CD98FF7} => pcalua.exe -a "C:\Program Files\REGSERVO\uninst.exe" Task: {A62980E2-74C4-411F-8A98-46A71CE2FEF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {AB606355-1C08-4A44-B28D-5392DDB89528} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation) Task: {BC13182B-C357-4C87-9500-94085E4829A4} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {BE2A5A8C-0328-4018-9E83-5458B3C7CC21} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation) Task: {C4999A33-1864-409E-AB34-78679CD166EE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated) Task: {C8DCA1A6-4326-4E07-9A1C-1D388D8FE5ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {CE8C1C30-9938-40BA-9343-9C2CC2DB7BFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-15] (Microsoft Corporation) Task: {DBA0B03E-46D1-48AF-98C6-BE065E19795C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.) Task: {DC3AC342-D9C1-4D7D-81A3-8AABD8530097} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation) Task: {E87FF530-6182-4646-B431-DC195AD6F085} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {EAB6881E-8C53-4F1E-A215-014D7EE46065} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {EB10D6D9-0049-4A9D-9F6E-4782A406442D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {EC10A7E6-AA51-480E-8FB0-DB333E9EFF84} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-skuffone@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated) Task: {ED47063E-7695-44E2-80A1-E28C937A6FF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {FE98D78C-883D-4106-B9D9-CBCB94132704} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001Core.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001UA.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll 2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-08-22 10:51 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2016-07-17 10:43 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-03 08:54 - 2015-04-13 15:07 - 00066048 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook64.dll 2016-04-23 16:48 - 2016-04-23 16:49 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-07-17 10:43 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-08-28 19:29 - 2016-08-28 19:29 - 01864384 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll 2016-08-08 18:05 - 2016-05-25 02:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-12-20 03:14 - 2015-12-20 03:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-07-17 10:45 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-07-17 10:43 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-07-17 10:43 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-07-17 10:43 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-07-17 10:43 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-08-28 19:36 - 2016-08-28 19:37 - 00071872 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\icui18n56.dll 2016-08-28 19:36 - 2016-08-28 19:36 - 04028608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\gfxim.dll 2016-08-28 19:33 - 2016-08-28 19:34 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe 2016-04-23 16:48 - 2016-04-23 16:49 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-23 16:48 - 2016-04-23 16:49 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2016-08-28 19:29 - 2016-08-28 19:29 - 01383616 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll 2016-08-28 19:29 - 2016-08-28 19:29 - 00118976 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll 2016-04-03 08:54 - 2015-04-13 15:07 - 00063488 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook.dll 2016-04-03 08:54 - 2015-04-13 15:07 - 06296064 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\SoftwareAutoUpdates.dll 2016-04-03 08:34 - 2015-04-14 12:15 - 00005120 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\EngRes.dll 2016-09-15 20:54 - 2016-09-15 20:54 - 00098816 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32api.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00110080 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pywintypes27.dll 2016-09-15 20:54 - 2016-09-15 20:54 - 00364544 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pythoncom27.dll 2016-09-15 20:54 - 2016-09-15 20:54 - 00320512 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32com.shell.shell.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00776704 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_hashlib.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 01176576 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._core_.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00806400 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._gdi_.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00816128 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._windows_.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 01067008 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._controls_.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00733184 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._misc_.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00682496 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pysqlite2._sqlite.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00088064 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_ctypes.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00119808 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32file.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00108544 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32security.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00007168 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\hashobjs_ext.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00017920 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\thumbnails_ext.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00088064 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\usb_ext.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00012800 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\common.time34.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00018432 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32event.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00167936 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32gui.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00046080 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_socket.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 01208320 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_ssl.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00128512 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_elementtree.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00127488 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pyexpat.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00038912 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32inet.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00036864 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_psutil_windows.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00525208 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\windows._lib_cacheinvalidation.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00011264 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32crypt.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00077312 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._html2.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00027136 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_multiprocessing.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00020480 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_yappi.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00035840 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32process.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00686080 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\unicodedata.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00078848 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._animate.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00123392 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._wizard.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00024064 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32pipe.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00010240 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\select.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00025600 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32pdh.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00017408 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32profile.pyd 2016-09-15 20:54 - 2016-09-15 20:54 - 00022528 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32ts.pyd 2016-02-27 19:19 - 2016-02-27 19:19 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll 2016-09-13 09:39 - 2016-08-18 14:22 - 00174448 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\liblzo2-2.dll 2016-09-13 09:39 - 2016-08-18 14:22 - 00112040 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\libpkcs11-helper-1.dll 2016-08-13 22:32 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll 2016-08-13 22:32 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\incrediblecharts.com -> *.incrediblecharts.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\test\Pictures\Backgrounds\city_view_from_the_top_beautifully_86861_2560x1080.jpg DNS Servers: 194.187.251.67 - 185.93.180.131 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2 MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: APNMCP => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: cphs => 3 MSCONFIG\Services: Easy Launcher => 2 MSCONFIG\Services: ETDService => 2 MSCONFIG\Services: gupdate => 2 MSCONFIG\Services: gupdatem => 3 MSCONFIG\Services: IAStorDataMgrSvc => 2 MSCONFIG\Services: ICCS => 3 MSCONFIG\Services: igfxCUIService1.0.0.0 => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2 MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3 MSCONFIG\Services: Intel(R) ME Service => 2 MSCONFIG\Services: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management => 2 MSCONFIG\Services: iumsvc => 3 MSCONFIG\Services: jhi_service => 2 MSCONFIG\Services: LMS => 2 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NOBU => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: SwiCardDetectSvc => 2 MSCONFIG\Services: SWUpdateService => 2 HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "BTMTrayAgent" HKLM\...\StartupApproved\Run: => "IAStorIcon" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "Adobe ARM" HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center" HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{3370B8EC-6D61-4C5C-AD6F-C81F82741F86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{FF6EC60E-268D-4386-9459-99D12F9C9C7A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{D7A889DF-162D-4B07-AA49-9E18504E6CEA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe FirewallRules: [{4627F474-B16F-40A4-BC82-5F6522D87A06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{AE85BC7D-8BE1-404E-A5A7-05605EBC8871}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{72E946A9-A980-4EDE-B95A-987A6ED30842}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FBA588AA-5D8E-41A2-8795-0DF1F2DAD1AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{ECBCC812-C6F4-4B10-B263-9A83F848719A}] => (Allow) C:\Users\James\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{0B20265D-C455-4F2F-B1E6-A77F9FED2178}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe FirewallRules: [{2180C8BF-54F2-4A1E-B989-5574A9E941C8}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe FirewallRules: [{7DC97C51-E630-41B0-B897-73F0A1A395D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{2FE79B97-EB32-44C1-A1E4-FCE419AB95A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [{CC7BBA7D-0C7E-4EA6-B2F1-1BF86A3CAE02}] => (Allow) LPort=1900 FirewallRules: [{8D0EBB9B-B4D5-4190-B001-10977AA1CFF6}] => (Allow) LPort=2869 FirewallRules: [{D89052A6-CB7B-4E7D-8F4A-7DA10110EB16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{BEBCAF1D-7D27-44B0-B0A3-625FB035E179}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe FirewallRules: [TCP Query User{487F9996-362A-4137-9B6D-90C85A694CC1}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe FirewallRules: [UDP Query User{A0DCDFB2-DC5D-41A0-8D28-4E56F6ED778E}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe FirewallRules: [TCP Query User{C48C1421-5065-4D9A-BB73-20FDCEE391BA}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe FirewallRules: [UDP Query User{09FA1B19-0218-4EDF-8D9F-9E67B97DCE93}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe FirewallRules: [TCP Query User{A7256A71-6867-4426-B6FF-88E8382BF863}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{C3227A43-CDC8-42D8-A232-D89CEC1CA23F}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe FirewallRules: [{73676FE4-72BE-4DC2-9CC0-F66D9FE7C950}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe FirewallRules: [{267015F6-0441-4F38-B6E9-99A136860C78}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe FirewallRules: [TCP Query User{0D64F59C-E88B-4076-BF22-C18308050ABD}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe FirewallRules: [UDP Query User{420F7AC5-618C-46AB-AF8F-8440C98D1196}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe FirewallRules: [{E288B471-78A9-45DB-8F36-08AE096987AE}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe FirewallRules: [{73AEE252-B5EC-4685-B5A4-7BD44B8E34C3}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe FirewallRules: [{997A1F16-EA91-4FA2-B662-365143A1CD25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{55C1FB06-B04C-41B4-B5AA-94D286616802}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [TCP Query User{05F68DF3-BE5E-434E-A6A9-456BCEABB902}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [UDP Query User{0A2D3070-C21E-42BA-872B-9D78883843A6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{488B5D3C-F3E7-4344-B8F6-DD4759CAA5A0}C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe] => (Block) C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe FirewallRules: [UDP Query User{B7A93B30-BAD5-41B3-B85C-B0D11E11ACAC}C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe] => (Block) C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe FirewallRules: [TCP Query User{FB8F49FD-478F-43F0-A833-D2B362AC0CEB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{B98F337B-1A48-4141-AD50-BE43F2C37198}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{14B1BE3A-4ABD-4F04-BC6B-F5DFFDA55C93}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe FirewallRules: [{33DC719B-1839-4F3C-BFE6-2E4137DF7CA1}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe FirewallRules: [{73CA5BDB-E6EE-41E4-A45D-38CE1F73FBBD}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe FirewallRules: [{4D5A5AD3-8000-4AAE-9EDE-0663A5B04988}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe FirewallRules: [{3E43D6D5-2511-4FE1-9C3D-673B620FE09C}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe FirewallRules: [{C29558B5-BD64-4929-A5C1-57E8F72AA645}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe FirewallRules: [{BC12924D-8CEA-4031-AB2D-76AB85C519A8}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe FirewallRules: [{213C0134-88AC-4E1C-B815-A6230DE654E4}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualControlFileTransferSession.exe FirewallRules: [{75A1B271-459E-4769-929E-04B638CC83A6}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe FirewallRules: [{3EDC9295-0D1B-4C26-ACC0-5ED9D2CC239D}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe FirewallRules: [{72CE78C6-18A1-45D0-ACD1-7C998E54AC7D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiApiMuxX.exe] => Enabled:SwiApiMuxX.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (09/15/2016 11:35:20 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {e1c33a5b-c6d2-405b-be85-cfd15e408371} Error: (09/13/2016 01:57:34 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: LockApp.exe, version: 0.0.0.0, time stamp: 0x5632d5a5 Faulting module name: twinapi.appcore.dll, version: 10.0.10586.494, time stamp: 0x5775e2d9 Exception code: 0xc000027b Fault offset: 0x000000000004b1c9 Faulting process id: 0x1f98 Faulting application start time: 0x01d20ccb4f4fae41 Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe Faulting module path: C:\Windows\System32\twinapi.appcore.dll Report Id: 8da6a586-5fec-4a55-aa93-8e8247f11f57 Faulting package full name: Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy Faulting package-relative application ID: WindowsDefaultLockScreen Error: (09/12/2016 05:57:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARPE_DIEM) Description: Activation of app Microsoft.WindowsFeedback_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/12/2016 05:43:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARPE_DIEM) Description: Activation of app Microsoft.AccountsControl_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (09/12/2016 05:43:40 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: AccountsControlHost.exe, version: 10.0.10586.122, time stamp: 0x56cc1660 Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.545, time stamp: 0x57a1bca1 Exception code: 0xc000027b Fault offset: 0x00000000006fd01b Faulting process id: 0x2c0c Faulting application start time: 0x01d20cc95f93f2e3 Faulting application path: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll Report Id: c0f1489d-3e1d-4232-9c3d-a644f886c943 Faulting package full name: Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy Faulting package-relative application ID: App Error: (09/10/2016 10:38:08 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (09/08/2016 07:46:41 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c520b965-5d97-4499-b1a1-52e78a347e33} Error: (09/08/2016 07:24:34 PM) (Source: VSS) (EventID: 8194) (User: ) Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied. . This is often caused by incorrect security settings in either the writer or requestor process. Operation: Gathering Writer Data Context: Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220} Writer Name: System Writer Writer Instance ID: {c520b965-5d97-4499-b1a1-52e78a347e33} Error: (08/25/2016 04:43:07 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98 Faulting module name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98 Exception code: 0xe0464645 Fault offset: 0x000000000000a6d6 Faulting process id: 0x2a60 Faulting application start time: 0x01d1fe9bddb75e28 Faulting application path: C:\WINDOWS\System32\NetworkUXBroker.exe Faulting module path: C:\WINDOWS\System32\NetworkUXBroker.exe Report Id: 04c76a20-9c3b-49ea-9667-e8d7beca9d7c Faulting package full name: Faulting package-relative application ID: Error: (08/25/2016 04:42:58 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98 Faulting module name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98 Exception code: 0xe0464645 Fault offset: 0x000000000000a6d6 Faulting process id: 0x2a60 Faulting application start time: 0x01d1fe9bddb75e28 Faulting application path: C:\WINDOWS\System32\NetworkUXBroker.exe Faulting module path: C:\WINDOWS\System32\NetworkUXBroker.exe Report Id: 1a289621-87b6-4c7d-b000-b21a52f7f96e Faulting package full name: Faulting package-relative application ID: System errors: ============= Error: (09/15/2016 11:24:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout. Error: (09/15/2016 08:57:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY) Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout. Error: (09/15/2016 08:51:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_d8ca2 service to connect. Error: (09/15/2016 08:51:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_d8ca2 service to connect. Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Access_d8ca2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The User Data Storage_d8ca2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Contact Data_d8ca2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_d8ca2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (09/15/2016 08:50:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 8 0x0 0x0 Error: (09/15/2016 08:50:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY) Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter. Code: 2 0xdeaddeed 0xeeec CodeIntegrity: =================================== Date: 2016-09-08 19:31:24.448 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 20:50:50.277 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-24 19:57:30.949 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-08-21 19:57:35.367 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-25 03:05:15.144 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-20 20:54:19.641 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-07-17 12:03:36.485 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-20 19:23:30.039 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-20 18:18:18.711 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-06-19 13:31:46.442 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz Percentage of memory in use: 88% Total physical RAM: 3980.52 MB Available physical RAM: 458.96 MB Total Virtual: 7692.52 MB Available Virtual: 2130.58 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:94.15 GB) (Free:37.95 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 119.2 GB) (Disk ID: EA5C454A) Partition: GPT. ==================== End of Addition.txt ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.