PUP.Optional.ConduitTB.Gen

Swizz006 · March 5, 2016

Hello all and good evening...

I wonder if somebody could please check on this, I have just finished with my weekly scan and I came across the following. Would it be okay to safely delete?

Just to add my computer is running as normal with no problems.

Thank you.

Carl.

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2016.03.04.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.18204
Home PC :: HOMEPC-PC [administrator]

05/03/2016 00:15:04
MBAM-log-2016-03-05 (00-49-46).txt

Scan type: Full scan (C:\|F:\|)
Scan options enabled: Memory | Startup | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: Registry | P2P
Objects scanned: 619763
Time elapsed: 24 minute(s), 6 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\Software\Conduit (PUP.Optional.ConduitTB.Gen) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

LiquidTension · March 5, 2016

Hello Swizz006, welcome to Malwarebytes' Malware Removal forum!

My name is Adam. I will be assisting you with your malware-related problems.
If you would allow me to call you by your first name I would prefer that.

General P2P/Piracy Notice:

If you are using Peer to Peer (P2P) filesharing software such as uTorrent, BitTorrent or similar you must either fully uninstall or completely disable the programme(s) from running whilst receiving assistance at this forum.
Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
If you have illegal/cracked/keygen or similar software on the computer, please remove/uninstall the software now and read the policy on Piracy. Failure to do so will also result in your topic being closed.

======================================================

Yes, you are safe to remove the flagged registry key.

You are running an extremely outdated version of Malwarebytes Anti-Malware (MBAM): Malwarebytes Anti-Malware 1.75.0.1300
The latest version of MBAM available to install is 2.2.0.1024.

I strongly recommend installing the latest version, which can be done by downloading the setup file from here, and initiating the installation. The latest version of MBAM comes with additional functionality, stability and is better equipped to detect and remove malware.

Once done, I suggest rerunning a scan with the updated version, and checking the results afterwards.

Please let me know how you get on, or if you have any questions.

Swizz006 · March 5, 2016

HI Adam, and sure..Of course it's okay to call me by my name

I did what was instructed and installed the newer version of MB. It did come across something else..I was going to delete it on the spot..But I would rather if you checked on it first.

Cheers, Adam.

Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Home PC

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385507
Time Elapsed: 3 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\SOFTWARE\Conduit, , [ee3983015b3e54e280a6bbc006fea858],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.Spigot, C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\searchplugins\yahoo_ff.xml, , [0621760e0f8ac37352251b0290747888],

Physical Sectors: 0
(No malicious items detected)

(end)

Swizz006 · March 5, 2016

Would it be okay, again..to delete both with MB?

LiquidTension · March 6, 2016

Hi Carl,

Yes, those items are safe to remove. If you would like a more general check of your computer, please run the following scan:

Farbar Recovery Scan Tool (FRST) Scan

Please download Farbar Recovery Scan Tool (x64) and save the file to your Desktop.
Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.

Swizz006 · March 6, 2016

Hello again, Adam...

Here are the two logs as requested.

Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Home PC (administrator) on HOMEPC-PC (06-03-2016 01:26:10)
Running from C:\Users\Home PC\Desktop
Loaded Profiles: Home PC (Available Profiles: Home PC)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Windows\system\HsMgr64.exe
() C:\Windows\SysWOW64\HsMgr.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\35.0.2066.92\opera.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-07-08] (ESET)
HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [iSUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\...\Run: [iSUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2005-02-16] (InstallShield Software Corporation)
HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [177600 2015-11-05] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [155792 2015-11-05] (NVIDIA Corporation)
Startup: C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Desktop.scf [2013-05-06] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{8BA7393E-0780-4B97-9FDB-4BF899432702}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================

FireFox:
========
FF ProfilePath: C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\4oejxg99.default-1438663082380
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxps://uk-mg42.mail.yahoo.com/neo/launch?.rand=ao9g3o57thql8","hxxp://ukradioplayer.radiocity.co.uk/","hxxp://productforums.google.com/forum/#!forum/chrome","hxxp://productforums.google.com/forum/#!category-topic/chrome/report-a-problem-and-get-troubleshooting-help/FTVGkp78ck4","hxxp://productforums.google.com/forum/#!forum/chrome/categories","hxxp://productforums.google.com/forum/#!categories/chrome/windows","hxxp://productforums.google.com/forum/#!category-topic/chrome/windows/r5pfBfBbN5U","hxxps://www.google.co.uk/"
CHR Profile: C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-25]
CHR Extension: (Gmail) - C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1353720 2015-07-08] (ESET)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-07-04] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2734080 2013-04-11] (C-Media Inc)
S3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-10-30] (Corsair)
S3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-10-30] (Corsair)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [494864 2013-08-30] (Intel Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [255240 2015-07-13] (ESET)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [251632 2015-07-13] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [178520 2015-07-13] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [231520 2015-07-13] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [53360 2015-07-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [72400 2015-07-13] (ESET)
S3 etocdrv; C:\Windows\system32\etocdrv.sys [14928 2013-04-16] (Giga-Byte Technology CO., LTD.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [50472 2015-08-11] (NVIDIA Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-01-20] (Anchorfree Inc.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 01:26 - 2016-03-06 01:26 - 00009541 _____ C:\Users\Home PC\Desktop\FRST.txt
2016-03-06 01:24 - 2016-03-06 01:24 - 02374144 _____ (Farbar) C:\Users\Home PC\Desktop\FRST64.exe
2016-03-05 12:47 - 2016-03-06 01:13 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-05 12:47 - 2016-03-05 12:47 - 00001106 _____ C:\Users\Home PC\Malwarebytes Anti-Malware.lnk
2016-03-05 12:47 - 2016-03-05 12:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-05 12:47 - 2016-03-05 12:47 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-05 12:47 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-05 12:47 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-03-05 12:47 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-02-27 18:07 - 2016-02-27 18:07 - 00000000 ____D C:\Users\Home PC\Desktop\LIFE
2016-02-26 00:45 - 2016-02-28 15:07 - 00000000 ____D C:\Users\Home PC\Desktop\Breadsall Priory - Derby - 25.02.2016
2016-02-22 23:10 - 2016-02-22 23:11 - 00000000 ____D C:\Users\Home PC\Desktop\Moon Feb 22nd
2016-02-19 17:52 - 2016-02-28 14:20 - 00000000 ____D C:\Users\Home PC\Desktop\ART
2016-02-14 17:00 - 2016-02-14 17:00 - 01377706 _____ C:\Users\Home PC\Downloads\IMG_0095.mp4
2016-02-13 01:13 - 2016-03-06 00:59 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-02-13 01:13 - 2016-02-13 01:13 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-13 01:13 - 2016-02-13 01:13 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-13 01:13 - 2016-02-13 01:13 - 00003892 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-02-12 22:16 - 2016-02-12 22:16 - 00331176 _____ C:\Windows\Minidump\021216-4586-01.dmp
2016-02-12 04:55 - 2016-02-12 04:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-11 15:48 - 2016-02-06 10:48 - 25839104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-11 15:48 - 2016-02-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-02-11 15:48 - 2016-02-06 10:24 - 02887680 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-11 15:48 - 2016-02-06 10:11 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-11 15:48 - 2016-02-06 10:10 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-02-11 15:48 - 2016-02-06 10:01 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-11 15:48 - 2016-02-06 09:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-02-11 15:48 - 2016-02-06 09:43 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-11 15:48 - 2016-02-06 09:38 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-11 15:48 - 2016-02-06 09:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-02-11 15:48 - 2016-02-06 09:32 - 14458368 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-11 15:48 - 2016-02-06 09:16 - 12857856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-11 15:48 - 2016-02-06 09:09 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-11 15:48 - 2016-02-06 08:54 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-11 15:48 - 2016-01-22 20:31 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-02-11 15:48 - 2016-01-22 20:10 - 00341200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-02-11 15:48 - 2016-01-22 06:56 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-02-11 15:48 - 2016-01-22 06:41 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-02-11 15:48 - 2016-01-22 06:40 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-11 15:48 - 2016-01-22 06:40 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-02-11 15:48 - 2016-01-22 06:40 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-02-11 15:48 - 2016-01-22 06:40 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-02-11 15:48 - 2016-01-22 06:33 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-02-11 15:48 - 2016-01-22 06:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-02-11 15:48 - 2016-01-22 06:29 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-11 15:48 - 2016-01-22 06:27 - 05573056 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-11 15:48 - 2016-01-22 06:27 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-11 15:48 - 2016-01-22 06:27 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-02-11 15:48 - 2016-01-22 06:27 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-02-11 15:48 - 2016-01-22 06:27 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-02-11 15:48 - 2016-01-22 06:27 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-02-11 15:48 - 2016-01-22 06:24 - 01733592 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-02-11 15:48 - 2016-01-22 06:20 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-02-11 15:48 - 2016-01-22 06:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-02-11 15:48 - 2016-01-22 06:19 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-02-11 15:48 - 2016-01-22 06:19 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-11 15:48 - 2016-01-22 06:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-02-11 15:48 - 2016-01-22 06:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-02-11 15:48 - 2016-01-22 06:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-02-11 15:48 - 2016-01-22 06:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-02-11 15:48 - 2016-01-22 06:17 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-02-11 15:48 - 2016-01-22 06:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-11 15:48 - 2016-01-22 06:17 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-02-11 15:48 - 2016-01-22 06:17 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-11 15:48 - 2016-01-22 06:16 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-11 15:48 - 2016-01-22 06:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-02-11 15:48 - 2016-01-22 06:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-02-11 15:48 - 2016-01-22 06:15 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-02-11 15:48 - 2016-01-22 06:15 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-11 15:48 - 2016-01-22 06:15 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-11 15:48 - 2016-01-22 06:13 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-02-11 15:48 - 2016-01-22 06:13 - 03938752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-02-11 15:48 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-02-11 15:48 - 2016-01-22 06:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-02-11 15:48 - 2016-01-22 06:13 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00880128 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 06:09 - 01314328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-11 15:48 - 2016-01-22 06:09 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-02-11 15:48 - 2016-01-22 06:08 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-02-11 15:48 - 2016-01-22 06:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-02-11 15:48 - 2016-01-22 06:05 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-11 15:48 - 2016-01-22 06:05 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-02-11 15:48 - 2016-01-22 06:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-02-11 15:48 - 2016-01-22 06:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-02-11 15:48 - 2016-01-22 06:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-02-11 15:48 - 2016-01-22 06:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00114176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-02-11 15:48 - 2016-01-22 06:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-02-11 15:48 - 2016-01-22 06:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-02-11 15:48 - 2016-01-22 06:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-02-11 15:48 - 2016-01-22 06:00 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-02-11 15:48 - 2016-01-22 06:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 05:55 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-02-11 15:48 - 2016-01-22 05:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-02-11 15:48 - 2016-01-22 05:51 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-11 15:48 - 2016-01-22 05:51 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-02-11 15:48 - 2016-01-22 05:50 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-02-11 15:48 - 2016-01-22 05:48 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-02-11 15:48 - 2016-01-22 05:47 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-02-11 15:48 - 2016-01-22 05:46 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-02-11 15:48 - 2016-01-22 05:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-02-11 15:48 - 2016-01-22 05:43 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-02-11 15:48 - 2016-01-22 05:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-02-11 15:48 - 2016-01-22 05:38 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-02-11 15:48 - 2016-01-22 05:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-02-11 15:48 - 2016-01-22 05:35 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-11 15:48 - 2016-01-22 05:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-02-11 15:48 - 2016-01-22 05:34 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-02-11 15:48 - 2016-01-22 05:33 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-02-11 15:48 - 2016-01-22 05:31 - 02597376 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-11 15:48 - 2016-01-22 05:27 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-02-11 15:48 - 2016-01-22 05:25 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-02-11 15:48 - 2016-01-22 05:24 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-02-11 15:48 - 2016-01-22 05:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-02-11 15:48 - 2016-01-22 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-02-11 15:48 - 2016-01-22 05:08 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-02-11 15:48 - 2016-01-22 05:07 - 02120704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-11 15:48 - 2016-01-22 05:07 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-02-11 15:48 - 2016-01-22 05:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-02-11 15:48 - 2016-01-22 05:05 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-02-11 15:48 - 2016-01-22 05:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-02-11 15:48 - 2016-01-22 04:59 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-02-11 15:48 - 2016-01-22 04:58 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-02-11 15:48 - 2016-01-22 04:58 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-02-11 15:48 - 2016-01-22 04:57 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-02-11 15:48 - 2016-01-22 04:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-02-11 15:48 - 2016-01-22 04:53 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-02-11 15:48 - 2016-01-22 04:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-02-11 15:48 - 2016-01-22 04:53 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-02-11 15:48 - 2016-01-22 04:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-02-11 15:48 - 2016-01-22 04:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-02-11 15:48 - 2016-01-22 04:51 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 04:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 04:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-02-11 15:48 - 2016-01-22 04:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-02-11 15:48 - 2016-01-16 19:01 - 02085888 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-02-11 15:48 - 2016-01-16 18:36 - 01413632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-02-11 15:48 - 2016-01-07 17:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-09 23:55 - 2016-02-09 23:56 - 00000000 ____D C:\Users\Home PC\Desktop\Lucifer

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-06 01:26 - 2015-12-22 17:46 - 00000000 ____D C:\FRST
2016-03-06 01:25 - 2009-07-14 04:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-06 01:25 - 2009-07-14 04:45 - 00017168 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-06 01:24 - 2009-07-14 05:13 - 00789610 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-06 01:24 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\inf
2016-03-06 01:18 - 2015-02-03 13:55 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376.job
2016-03-06 01:18 - 2014-10-29 23:45 - 00003028 _____ C:\Windows\System32\Tasks\EVGAPrecision
2016-03-06 01:18 - 2014-07-14 16:42 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26.job
2016-03-06 01:18 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-06 01:00 - 2014-10-18 10:48 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48.job
2016-03-06 00:53 - 2014-07-14 16:42 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99.job
2016-03-06 00:27 - 2015-02-03 13:55 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727.job
2016-03-05 17:25 - 2013-08-11 22:24 - 00000000 ____D C:\Users\Home PC\PICS
2016-03-05 14:54 - 2013-06-30 21:58 - 00000000 ____D C:\Users\Home PC\AppData\Roaming\foobar2000
2016-03-05 12:47 - 2013-07-05 16:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:47 - 2013-06-29 14:00 - 00000000 ____D C:\Users\Home PC
2016-03-02 15:53 - 2014-08-02 21:37 - 00003848 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1407015471
2016-03-02 15:53 - 2014-03-12 04:28 - 00000000 ____D C:\Program Files (x86)\Opera
2016-02-29 16:30 - 2015-05-04 03:24 - 00000000 ____D C:\Users\Home PC\AppData\Local\FirestormOS_x64
2016-02-29 03:57 - 2013-09-06 02:22 - 00347648 ___SH C:\Users\Home PC\Thumbs.db
2016-02-24 01:53 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2016-02-23 14:17 - 2009-07-14 05:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-02-23 05:33 - 2014-05-25 13:07 - 00000000 ____D C:\Users\Home PC\AppData\Roaming\Skype
2016-02-23 04:46 - 2013-07-25 11:55 - 00000000 ____D C:\ProgramData\Skype
2016-02-21 23:41 - 2013-06-29 17:28 - 00000000 ____D C:\Users\Home PC\AppData\Local\ElevatedDiagnostics
2016-02-19 21:55 - 2013-06-29 17:50 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-19 21:55 - 2013-06-29 17:50 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-16 03:02 - 2015-09-20 12:51 - 00000000 ____D C:\Users\Home PC\Desktop\FACEBOOK PICS
2016-02-14 01:58 - 2014-01-27 17:39 - 00000193 _____ C:\Windows\WORDPAD.INI
2016-02-13 01:13 - 2014-10-18 22:18 - 00000000 ____D C:\Users\Home PC\AppData\Local\Adobe
2016-02-12 22:16 - 2015-01-05 13:41 - 544633137 _____ C:\Windows\MEMORY.DMP
2016-02-12 22:16 - 2013-06-29 19:53 - 00000000 ____D C:\Windows\Minidump
2016-02-12 14:11 - 2015-01-19 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-11 23:27 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2016-02-11 15:50 - 2013-06-30 17:10 - 00773592 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-02-10 23:11 - 2015-11-08 23:20 - 00000000 ____D C:\Users\Home PC\Desktop\Desktop 4

==================== Files in the root of some directories =======

2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 _____ () C:\Users\Home PC\AppData\Roaming\Smooth Strings
2013-07-17 16:48 - 2014-10-23 13:22 - 2128896 _____ () C:\Users\Home PC\AppData\Local\file__0.localstorage
2014-02-19 23:06 - 2014-08-18 22:55 - 0007597 _____ () C:\Users\Home PC\AppData\Local\Resmon.ResmonCfg
2014-11-29 01:14 - 2014-11-29 01:14 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{023F0BEF-D95F-4298-91A8-B169D8ED8EE0}
2014-09-24 01:41 - 2014-09-24 01:41 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{42E511C8-C4C3-42D5-87F6-92E2CB9B2351}
2014-09-01 11:19 - 2014-09-01 11:19 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{707D25D3-07BE-4D63-81D2-938D5629261C}
2014-10-12 23:55 - 2014-10-12 23:55 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{984BE194-3B5F-4125-8490-50790C07C753}
2015-03-22 22:38 - 2015-03-22 22:38 - 0000000 _____ () C:\Users\Home PC\AppData\Local\{E7E98533-B635-4979-A907-0E55F0727869}
2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLes.DAT
2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLet.DAT
2014-06-17 11:22 - 2014-06-17 11:49 - 0000000 ____H () C:\ProgramData\PKP_DLev.DAT
2014-06-17 11:49 - 2014-06-17 11:49 - 0000000 _____ () C:\ProgramData\Robot

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-28 15:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Home PC (2016-03-06 01:26:21)
Running from C:\Users\Home PC\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2013-06-29 14:00:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3075667534-3083555577-3039242665-500 - Administrator - Disabled)
Guest (S-1-5-21-3075667534-3083555577-3039242665-501 - Limited - Disabled)
Home PC (S-1-5-21-3075667534-3083555577-3039242665-1000 - Administrator - Enabled) => C:\Users\Home PC
HomeGroupUser$ (S-1-5-21-3075667534-3083555577-3039242665-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS B13.0402.1 (HKLM-x32\...\InstallShield_{C9D46F25-5F9D-4E25-B24F-BC00E9EDF529}) (Version: 1.00.0000 - GIGABYTE)
@BIOS B13.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
App Center (HKLM-x32\...\InstallShield_{F3D47276-0E35-42CF-A677-B45118470E21}) (Version: 1.00.0000 - Gigabyte)
App Center B13.0408.1 (x32 Version: 1.00.0000 - Gigabyte) Hidden
ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Core Temp 1.0 RC5 (HKLM\...\{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1) (Version: 1.0 - Alcpu)
CPUID HWMonitor 1.23 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
EasyTune B13.0525.1 (HKLM-x32\...\InstallShield_{7F635314-EE21-4E4B-A68D-69AE70BA0E9B}) (Version: 1.00.0000 - GIGABYTE)
EasyTune B13.0525.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version: - Lars Hederer)
ESET Smart Security (HKLM\...\{92172C3C-7BCF-4DA3-8263-6617B13E897F}) (Version: 8.0.319.0 - ESET, spol s r. o.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
EVGA Precision X 4.2.0 (HKLM-x32\...\PrecisionX) (Version: 4.2.0 - EVGA Corporation)
Firestorm SecondLife and OpenSim viewer (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.) Hidden
Firestorm-Releasex64 x64 (HKLM-x32\...\{63667a72-ee55-4dac-b231-18e6773104d8}) (Version: 4.7.47975 - The Phoenix Firestorm Project, Inc.)
foobar2000 v1.2.8 (HKLM-x32\...\foobar2000) (Version: 1.2.8 - Peter Pawlowski)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel® Network Connections 18.8.136.0 (HKLM\...\PROSetDX) (Version: 18.8.136.0 - Intel)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Games for Windows - LIVE (HKLM-x32\...\{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}) (Version: 3.1.186.0 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}) (Version: 3.1.99.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-GB)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
NVIDIA Graphics Driver 358.91 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 358.91 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
OCCT 4.4.0 (HKLM-x32\...\OCCT) (Version: 4.4.0 - Ocbase.com)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA)
Opera Stable 35.0.2066.92 (HKLM-x32\...\Opera 35.0.2066.92) (Version: 35.0.2066.92 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picture Control Utility x64 (HKLM\...\{11953C65-BB4E-4CA4-B0F0-2600A4B20040}) (Version: 1.5.1 - Nikon)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.5.1 - Samsung Electronics)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version: - Seagate Technology)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
SpeedFan (remove only) (HKLM-x32\...\SpeedFan) (Version: - )
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1170 - SUPERAntiSpyware.com)
Tom Clancy's Rainbow Six Siege (HKLM-x32\...\Uplay Install 635) (Version: - Ubisoft)
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uplay (HKLM-x32\...\Uplay) (Version: 3.0 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VirtualDJ PRO Full (HKLM-x32\...\{C515E2A3-4878-4C85-A519-52630C7AB08B}) (Version: 7.3 - Atomix Productions)
Windows Installer Clean Up (HKLM-x32\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {171075D6-4341-4BE7-99AE-2B6E7C439FA4} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {1A866B31-D090-4B3F-B8EB-F2CCD718E638} - System32\Tasks\Opera scheduled Autoupdate 1407015471 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-01] (Opera Software)
Task: {2060AB9F-8B18-4189-A56C-42A8A6D369AF} - \Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC -> No File <==== ATTENTION
Task: {321C7F32-1B53-41C6-8D77-87175DF1BEC6} - System32\Tasks\{BC0B55BE-35C3-4D24-B2F5-6567289B287C} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603
Task: {39374CCC-4687-49DF-8B0C-648AACD58281} - System32\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {39BBF7A0-9BF7-4691-A375-18392228235C} - System32\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {6382E16F-55CD-4B23-9ECB-D96E21C8FAB2} - System32\Tasks\{3B7AA0CE-02CD-4616-98E9-6AE0A7EFF104} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {8465A3DD-B283-4D04-9117-C237BE87EFF0} - System32\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {87081DA2-1694-4B8D-9261-D92E5215E014} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe [2013-05-23] ()
Task: {8C21E72C-CBB4-4F70-B1BC-CC2E73AA0ECA} - System32\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {9CF98260-6765-4D90-B9FA-807B54BF26B5} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION
Task: {A4E083B9-E74A-45B9-AA1A-01FC9DB26144} - System32\Tasks\{6DA77A91-B241-4BAB-8899-B2C7415BB32B} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {A5606071-A57C-4200-BFCE-5DF090BA90B6} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2014-09-28] (Samsung Electronics.)
Task: {A68C3CFC-E8E1-496F-9CCC-BFF722DC641F} - System32\Tasks\{F14B39BB-8DB1-4B94-9CC4-68BAC51884B2} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {A69443CC-3D00-4749-9E9B-3669C968AA71} - \Opera scheduled Autoupdate 1394598523 -> No File <==== ATTENTION
Task: {B60F1725-2855-48A8-90B9-A5478E0399AB} - System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => pcalua.exe -a "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2\Installer.exe" -d "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2"
Task: {BC5C1F0B-E52D-4985-8E0A-114176CF4BC4} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe [2016-02-13] (Adobe Systems Incorporated)
Task: {BE59C5A7-7140-4E6D-9664-F261A24D8E78} - System32\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376 => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {BF503DDC-2C68-47CF-A12E-8F08ACBF3A90} - System32\Tasks\{1F0185AB-DC95-4957-8F19-3F64C9A051B7} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {C1DC99C9-527C-4BBD-BD96-7C9FD5B340D3} - System32\Tasks\{84DC47B7-E647-4428-971F-BB08D6F4C478} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {C8BC61F2-4401-43EB-83FD-FC2706582018} - System32\Tasks\{F0FDDFCB-D2E3-4F24-9754-6681C4D1E3A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?source=lightinstaller&LastError=1603
Task: {CBAEEFFD-1DB0-4783-BA5B-F2F3C2AB4426} - System32\Tasks\{AB5E754E-22BF-45CE-86AC-6D2F63DDE0A3} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.59.105/en/go/help.faq.installer?LastError=1603
Task: {CF1AD925-D639-46A0-BD62-51292F064657} - System32\Tasks\{309C21B9-7470-46AA-8870-E84D82757F89} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {DC1F59A6-9C0E-48CD-B7D6-A63918709666} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
Task: {E4D655AA-7416-4347-A606-AA8D3DADD2A9} - System32\Tasks\{2B85B304-E4E7-4C4E-9DA9-1084207260FB} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {ECFDA69E-9C87-471B-9C42-DA8FD5A8CA6E} - System32\Tasks\{73EA96F4-A64E-4DD2-A33B-CA14A8D76C29} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.0.105/en/go/help.faq.installer?LastError=1603
Task: {F959599F-F49E-4C36-B5ED-007ADE2374F9} - System32\Tasks\{81185AF3-2A8D-4E1E-9049-3B8FB57BBC22} => Chrome.exe hxxp://ui.skype.com/ui/0/6.16.60.105/en/abandoninstall?page=tsBing

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_306_pepper.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec8dd80f75b26.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cf275de3358540.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d03fb9c4c8376.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1ceeadafc57ac99.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf275de360b491.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfeac117fe1b48.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA1d03fb9c6f2727.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-11 14:19 - 2015-11-05 15:13 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-06-29 15:32 - 2008-07-11 14:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2013-06-29 15:32 - 2008-07-11 14:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2013-07-04 02:40 - 2013-07-04 02:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-29 15:32 - 2012-06-06 08:56 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll
2016-03-02 15:53 - 2016-03-02 15:53 - 62332456 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\opera.dll
2016-03-02 15:53 - 2016-03-02 15:53 - 02074664 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\libglesv2.dll
2016-03-02 15:53 - 2016-03-02 15:53 - 00081960 _____ () C:\Program Files (x86)\Opera\35.0.2066.92\libegl.dll
2016-02-13 01:13 - 2016-02-13 01:13 - 16804032 _____ () C:\Windows\SysWOW64\Macromed\Flash\pepflashplayer32_20_0_0_306.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 02:34 - 2014-02-21 20:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3075667534-3083555577-3039242665-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Home PC\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 194.168.4.100 - 194.168.8.100
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{01D6E323-A0AD-4E5D-9B59-21FF40EFFC0B}] => (Allow) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{3757B8A5-FD63-418E-B9C4-0603CFC8C12C}] => (Allow) C:\Program Files (x86)\B-Link\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{A4CDCE5C-D3AA-4887-A484-D986F73DB605}] => (Allow) LPort=1542
FirewallRules: [{781EF7B5-D07C-49A7-8D9D-E4924E30F5AA}] => (Allow) LPort=1542
FirewallRules: [{70E11A54-C097-465D-9A14-55F9E1A8BA76}] => (Allow) LPort=53
FirewallRules: [{1FA14AFD-33ED-4621-83B6-CA147C7AFD41}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{F85307A8-B9E7-44B1-83E9-528493623279}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{92259821-E7A7-422C-AA9F-92977D1D67BF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{63AC1E01-7A50-429D-864E-67883646FDE4}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
FirewallRules: [uDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
FirewallRules: [{B629D784-D2A6-4956-9C07-BE915E9755C0}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
FirewallRules: [{C04977E2-4B9C-4E4B-9371-4852F08ECCD5}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
FirewallRules: [TCP Query User{1CD3A831-62CA-49F6-A64A-775E32212495}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [uDP Query User{3EBCEBCB-5268-4D8D-80FE-6A59E4789D81}C:\program files (x86)\gigabyte\appcenter\gbupdate.exe] => (Allow) C:\program files (x86)\gigabyte\appcenter\gbupdate.exe
FirewallRules: [{210F35D0-0DF7-4E00-A786-9CC852D636C7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{515C97EF-ACCF-4C22-B8FE-52E131DBC1EF}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F7D9F6DE-7259-47C2-8ED8-E174D7651084}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\grid 2\grid2.exe
FirewallRules: [{CF8C9855-ECB9-4FDE-94A4-5B693C6D098A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\grid 2\grid2.exe
FirewallRules: [{FB90A093-4103-485B-88A8-F4B557B1738E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{3A51C45E-59D1-45EC-9566-4FAE9B21B6F1}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{9CEB4346-C891-482F-8CFF-25779B6D9B92}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{79399ED9-F7AF-4940-BDE1-6BBB9FB6E460}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{CADAD30C-CD0B-4C8C-8C35-1046FA2BA995}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{D60F7085-C91F-401E-8EE4-8E69DA932D6C}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{2E006C80-6F50-479E-BF1D-9BBC86513D2A}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{442C6B45-D4AE-46E9-B9EF-87C8A0588E52}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{1B688A13-1C00-47BC-93BD-E98728CE98A0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BFE22812-71D4-4352-BDA6-3C03B1B079E5}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{079FAA25-5316-4090-8A3B-05F7C0406170}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0A168D64-7148-415B-A4AD-D6F520D38C6B}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6912F114-C145-4ADB-ABF1-67DC3E39904F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2FCC5108-324B-4F11-849F-944D61B864B8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6822EF63-1ABB-4208-BF9A-AB2137149F13}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{BCE20A65-5DD1-4128-B8B1-862F855D831C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3BA5101F-992A-4586-9521-401CFA4FCAB6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B5C5B09B-B566-48FE-85A5-B2C0A0EE0497}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{C7FAFC72-ED21-43C8-912B-75A38D3C4086}] => (Allow) F:\Steam\Steam.exe
FirewallRules: [{7C02DD14-83D8-4B3B-BA23-126CE7A2898F}] => (Allow) F:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{12476416-3601-4346-91D7-D3F26A4EA8AF}] => (Allow) F:\Tom Clancy's Rainbow Six Siege\RainbowSix.exe
FirewallRules: [{D04FAE7A-66A3-458B-BA07-D59A4DC001B0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

22-02-2016 12:38:42 NEW01
29-02-2016 12:22:08 NEW01

==================== Faulty Device Manager Devices =============

Name: Standard VGA Graphics Adapter
Description: Standard VGA Graphics Adapter
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: vga
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/23/2015 02:01:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {b7623c8d-0b76-4f11-85ea-5ec9054a69fb}

System errors:
=============
Error: (03/05/2016 10:47:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/05/2016 10:47:53 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/05/2016 04:03:53 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}.
The backup browser is stopping.

Error: (03/04/2016 11:50:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

Error: (03/04/2016 02:54:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/04/2016 02:54:55 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/03/2016 02:40:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/03/2016 02:40:08 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 10. The internal error state is 10.

Error: (03/03/2016 03:40:57 AM) (Source: BROWSER) (EventID: 8032) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}.
The backup browser is stopping.

Error: (03/02/2016 04:01:02 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TOMMY
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8BA7393E-0780-4B97-9FDB-4BF899432702}.
The master browser is stopping or an election is being forced.

CodeIntegrity:
===================================
Date: 2014-08-07 12:51:38.356
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-07 12:51:38.319
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-07 12:51:37.613
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-07 12:51:37.575
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-07 12:51:33.034
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-07 12:51:32.999
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-05 17:51:43.256
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-05 17:51:43.218
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-05 17:51:40.620
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2014-08-05 17:51:40.582
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

Processor: Intel® Core i5-4670K CPU @ 3.40GHz
Percentage of memory in use: 24%
Total physical RAM: 8079.79 MB
Available physical RAM: 6079.02 MB
Total Virtual: 16157.78 MB
Available Virtual: 14055.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:112.04 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:2794.39 GB) (Free:462.5 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 4075D2F5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

LiquidTension · March 6, 2016

Hello Carl,

Let's run through a couple more scans.

STEP 1
Farbar Recovery Scan Tool (FRST) Script

Press the Windows Key + r on your keyboard at the same time. Type Notepad and click OK.

Copy the entire contents of the codebox below and paste into the Notepad document.

startCreateRestorePoint:Task: {171075D6-4341-4BE7-99AE-2B6E7C439FA4} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTIONTask: {2060AB9F-8B18-4189-A56C-42A8A6D369AF} - \Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC -> No File <==== ATTENTIONTask: {9CF98260-6765-4D90-B9FA-807B54BF26B5} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTIONTask: {A69443CC-3D00-4749-9E9B-3669C968AA71} - \Opera scheduled Autoupdate 1394598523 -> No File <==== ATTENTIONTask: {B60F1725-2855-48A8-90B9-A5478E0399AB} - System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => pcalua.exe -a "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2\Installer.exe" -d "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2"Task: {DC1F59A6-9C0E-48CD-B7D6-A63918709666} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTIONFirewallRules: [TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exeFirewallRules: [UDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exeFirewallRules: [{B629D784-D2A6-4956-9C07-BE915E9755C0}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exeFirewallRules: [{C04977E2-4B9C-4E4B-9371-4852F08ECCD5}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exeCMD: ipconfig /flushdnsEmptyTemp:end

Click File, Save As and type fixlist.txt as the File Name.
Important: The file must be saved in the same location as FRST64.exe.

NOTICE: This script is intended for use on this particular machine. Do not use this script on any other machine; doing so may cause damage to your Operating System.

Right-Click FRST64.exe and select Run as administrator to run the programme.
Click Fix.
A log (Fixlog.txt) will open on your desktop. Copy the contents of the log and paste in your next reply.

STEP 2
Junkware Removal Tool (JRT)

Please download Junkware Removal Tool and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Right-Click JRT.exe and select Run as administrator to run the programme.
Follow the prompts and allow the scan to run uninterrupted.
Upon completion, a log (JRT.txt) will open on your desktop.
Re-enable your anti-virus software.
Copy the contents of JRT.txt and paste in your next reply.

STEP 3
AdwCleaner

Please download AdwCleaner and save the file to your Desktop.
Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Logfile. A log (AdwCleaner[s1].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab, and click Cleaning.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this tool. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[s1].txt.

======================================================

STEP 4
Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.

Fixlog.txt
JRT.txt
AdwCleaner[C1].txt

Swizz006 · March 6, 2016

Thank you, Adam for your time, I appreciate it. Here are the logs that you asked for.

Just to add, straight after using Junkware Removal Tool (JRT) My Firefox browser wasn't Responding, and it would hang, once it was loaded up. Should I of closed Firefox prior to using JRT? I received a message stating do I want to start Firefox in Safe Mode. Or would I prefer to Restart Firefox on the spot. After clicking "Restart" I had to reboot, for the reason Firefox would not load up a browser. So, I rebooted again, and once more it was behaving in the exact same manner. I left it for 20 minutes and strangely enough it was working as normal, like nothing had happened.

Would that be a normal occurrence after using that particular tool?

Thank you.

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Home PC (2016-03-06 17:01:35) Run:2
Running from C:\Users\Home PC\Desktop\FRST64
Loaded Profiles: Home PC (Available Profiles: Home PC)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
Task: {171075D6-4341-4BE7-99AE-2B6E7C439FA4} - \Microsoft\Office\OfficeTelemetryAgentFallBack -> No File <==== ATTENTION
Task: {2060AB9F-8B18-4189-A56C-42A8A6D369AF} - \Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC -> No File <==== ATTENTION
Task: {9CF98260-6765-4D90-B9FA-807B54BF26B5} - \Microsoft\Office\Office 15 Subscription Heartbeat -> No File <==== ATTENTION
Task: {A69443CC-3D00-4749-9E9B-3669C968AA71} - \Opera scheduled Autoupdate 1394598523 -> No File <==== ATTENTION
Task: {B60F1725-2855-48A8-90B9-A5478E0399AB} - System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => pcalua.exe -a "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2\Installer.exe" -d "F:\Napoleon Total War-Razor1911\Napoleon_Total_War-Razor1911\2"
Task: {DC1F59A6-9C0E-48CD-B7D6-A63918709666} - \Microsoft\Office\OfficeTelemetryAgentLogOn -> No File <==== ATTENTION
FirewallRules: [TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
FirewallRules: [uDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe] => (Allow) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
FirewallRules: [{B629D784-D2A6-4956-9C07-BE915E9755C0}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
FirewallRules: [{C04977E2-4B9C-4E4B-9371-4852F08ECCD5}] => (Block) E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe
CMD: ipconfig /flushdns
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{171075D6-4341-4BE7-99AE-2B6E7C439FA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{171075D6-4341-4BE7-99AE-2B6E7C439FA4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentFallBack" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2060AB9F-8B18-4189-A56C-42A8A6D369AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2060AB9F-8B18-4189-A56C-42A8A6D369AF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft Office 15 Sync Maintenance for HomePC-PC-Home PC HomePC-PC" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9CF98260-6765-4D90-B9FA-807B54BF26B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9CF98260-6765-4D90-B9FA-807B54BF26B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\Office 15 Subscription Heartbeat" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{A69443CC-3D00-4749-9E9B-3669C968AA71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A69443CC-3D00-4749-9E9B-3669C968AA71}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Opera scheduled Autoupdate 1394598523" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B60F1725-2855-48A8-90B9-A5478E0399AB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B60F1725-2855-48A8-90B9-A5478E0399AB}" => key removed successfully
C:\Windows\System32\Tasks\{84601787-27B5-4ECF-B984-E192666D06D8} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{84601787-27B5-4ECF-B984-E192666D06D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DC1F59A6-9C0E-48CD-B7D6-A63918709666}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC1F59A6-9C0E-48CD-B7D6-A63918709666}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Office\OfficeTelemetryAgentLogOn" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{50D88CE6-5DB5-485A-9D2B-0A64087E3262}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{0ED97338-FBCE-4AE3-89CE-C72F59E0A976}E:\microsoft office 2013 32 and 64 bit with activator\activator\qemu\qemu.exe => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B629D784-D2A6-4956-9C07-BE915E9755C0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C04977E2-4B9C-4E4B-9371-4852F08ECCD5} => value removed successfully

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 1.9 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 17:01:54 ====

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 7 Ultimate x64
Ran by Home PC (Administrator) on 06/03/2016 at 17:11:03.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 1

Successfully deleted: C:\Users\Home PC\AppData\Roaming\Mozilla\Firefox\Profiles\rr07ro2j.default\user.js (File)

user_pref(browser.search.order.1, Secure Search);

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06/03/2016 at 17:12:06.35
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v5.100 - Logfile created 06/03/2016 at 18:05:51
# Updated 06/03/2016 by Xplode
# Database : 2016-03-06.3 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Home PC - HOMEPC-PC
# Running from : C:\Users\Home PC\Desktop\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Device

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[#] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[#] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[#] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion
[-] Key Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.x264-LiViDiTY

***** [ Web browsers ] *****

[-] [C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com
[-] [C:\Users\Home PC\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Deleted : yahoo.com Search
[-] [C:\Users\Home PC\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data] [search Provider] Deleted : uk.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [1830 bytes] - [06/03/2016 18:05:51]
C:\Program Files (x86)\AdwCleaner\AdwCleaner[s1].txt - [1855 bytes] - [06/03/2016 18:00:05]

########## EOF - C:\Program Files (x86)\AdwCleaner\AdwCleaner[C1].txt - [2016 bytes] ##########

Swizz006 · March 6, 2016

According to the scans from above, does everything look good to you?

Cheers, Adam.

LiquidTension · March 7, 2016

Hi Carl,

Would that be a normal occurrence after using that particular tool?

Yes, this can occur - unresponsiveness in particular is not uncommon immediately after.

According to the scans from above, does everything look good to you?

Your logs look OK. The items removed by JRT and AdwCleaner are not of huge concern or considered malicious. They fall under the category of potentially unwanted programme (PUP)/adware. You can read about PUPs here.

Let's run one final scan to double-check for the presence of malware:

ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

Please download ESET Online Scan and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link.
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
- Scan archives
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click . If no threats were found, skip the next two bullet points.
Click and save the file to your Desktop, naming it something such as "ESET Scan".
Push the Back button.
Place a checkmark next to and click .
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.

Swizz006 · March 7, 2016

Will do..Scanning now.

LiquidTension · March 7, 2016

Okay - let me know how you get on.

Swizz006 · March 7, 2016

Hello, Adam...

There was no log when Eset Online Scanner finished. Nothing was found. I attached a photo of the scanner showing the finalizing results.

Thanks.

Swizz006 · March 7, 2016

The attachment of the results.

LiquidTension · March 7, 2016

That's OK - no log is necessary if no threats were found.

At this point in time, I do not believe any further action is required. Your computer appears free of malware.

Is there anything else I can assist with? If not, I will provide instructions on how to remove the tools we've used.

Swizz006 · March 7, 2016

Yes, there is one last thing..If you can provide me with this weeks lottery numbers, that would be great! Ha..

Thank you again, Adam. I greatly appreciate it.

LiquidTension · March 7, 2016

Yes, there is one last thing..If you can provide me with this weeks lottery numbers, that would be great! Ha..

I'm not sure I can help with this, but if that changes I'll be sure to let you know.

All Clean!

Congratulations, your computer appears clean!

I see no signs of malware on your computer, and feel satisfied our work here is done. The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of resources that you may find useful.

DelFix

Please download DelFix and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
- Remove disinfection tools
- Create registry backup
- Purge system restore (creates a Restore Point/removes all but the most recent)
- Reset system settings
Click the Run button.

-- DelFix will remove the specialised tools we used to clean your computer. Any leftover logs, files, folders or tools remaining on your computer which were not removed can be deleted manually (right-click the file + delete).

======================================================

I have compiled below a list of resources you may find useful. The articles document information on computer security, common attack vectors and how you can stay safe on the Internet.

Answers to common security questions - Best Practices by quietman7, MVP
How Malware Spreads - How did I get infected? by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet by Lawrence Abrams, MVP
How to Prevent Malware by miekiemoes, MVP
How to backup and restore your data using Cobian Backup by YourHighness
Slow Computer/browser? It May Not Be Malware by quietman7, MVP

-- Please feel free to ask if you have any questions or concerns on computer security.

======================================================

Please confirm you have no outstanding issues, and feel happy with the state of your computer. Once I have confirmation, we can wrap things up and I will close this topic.

Thank you for using Malwarebytes.

Safe Surfing.

Adam

Swizz006 · March 7, 2016

# DelFix v1.012 - Logfile created 07/03/2016 at 16:41:06
# Updated 04/03/2015 by Xplode
# Username : Home PC - HOMEPC-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\Swearware
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #638 [NEW01 | 02/29/2016 12:22:08]
Deleted : RP #640 [Restore Point Created by FRST | 03/06/2016 17:01:36]
Deleted : RP #641 [JRT Pre-Junkware Removal | 03/06/2016 17:11:03]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

Thanks once more, Adam...

Just one more thing before this is closed..Since using Delfix. My saved Wordpads and any new ones that I have saved now have .rtf, at the end. Same with Notepad. At the end, there is txt.

Is there a way to make them as normal again, like they were originally?

Thank you.

Swizz006 · March 7, 2016

I just noticed that my photos are more the less the same, as well. But it's showing as, jpg. After what desciption I have typed in them

LiquidTension · March 7, 2016

File extensions now visible. To revert the change, you can do the following:

Folder Options

Press the Windows Key + r on your keyboard at the same time. Type Control Folders and click OK.
Click View.
Place a checkmark next to Hide extensions for known file types.
Click Apply followed by OK.

One thing to be aware of - having extensions visible as they are now can help mitigate an attack vector commonly used by malware. You can read about this here. However, it is personal choice, so if you wish to hide extensions follow the instructions above.

Swizz006 · March 7, 2016

That was very informative I never knew that.

Thank you, Adam, for everything. *two thumbs up*

LiquidTension · March 8, 2016

That's quite alright, you're welcome.

Take care.

Naathim · March 8, 2016

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

PUP.Optional.ConduitTB.Gen

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information