Jump to content

New Logs


Skuffone
 Share

Recommended Posts

Hi please can you tell me if I need to remove any malware, I ran the scan following an alert about malicious malware - "s3.amazonaws malicious website blocked" 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-09-2016
Ran by test (administrator) on CARPE_DIEM (16-09-2016 00:23:40)
Running from C:\Users\test\Downloads
Loaded Profiles: test (Available Profiles: test)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\n360.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 6\CyberGhost.Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\n360.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberGhost S.R.L.) C:\Program Files\CyberGhost 6\CyberGhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(LG Electronics) C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook64App.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(The OpenVPN Project) C:\Program Files\CyberGhost 6\Data\OpenVPN\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\HxTsr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [14040296 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242712 2015-10-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1412840 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_SRSSA] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1412840 2015-08-28] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-14] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-15] (Symantec Corporation)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [6215288 2012-10-15] (Telstra)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [DualControl] => C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualControlStartupApp.exe [1770480 2015-09-28] (LG Electronics Inc)
HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\Run: [ScreenSplitter] => C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplit.exe [1964528 2015-09-24] (LG Electronics)
HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23375200 2016-07-29] (Google)
HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 6\CyberGhost.exe [1156656 2016-08-18] (CyberGhost S.R.L.)
HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\PhotoScreensaver.scr [583680 2016-07-01] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-07-29] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\buShell.dll [2016-08-15] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-03-30]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-03-30]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2014-01-23]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.187.251.67 185.93.180.131 38.132.106.139
Tcpip\..\Interfaces\{05f178c3-8e88-4efa-8552-f3d7a4449bc7}: [NameServer] 194.187.251.67,185.93.180.131
Tcpip\..\Interfaces\{05f178c3-8e88-4efa-8552-f3d7a4449bc7}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8bd4373a-b9a4-4452-abd0-696d3d74fa9d}: [DhcpNameServer] 194.187.251.67 185.93.180.131 38.132.106.139
Tcpip\..\Interfaces\{b9db4093-4047-439a-bcb3-bbe169f525de}: [DhcpNameServer] 192.168.1.1 0.0.0.0

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.sky.com/live
HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com
HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.microsoft.com/getsilverlight/Get-Started/Install/Default.aspx
SearchScopes: HKU\S-1-5-21-1420643821-590855252-3859466403-1005 -> {44E2BC98-15C3-477D-AC4D-F87A4826D34E} URL = 
SearchScopes: HKU\S-1-5-21-1420643821-590855252-3859466403-1005 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=AU&ver=22&locale=en_AU&gct=kwd&qsrc=2869
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-30] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-27] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-30] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-27] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-03-30] (LastPass)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-03-30] (LastPass)
Toolbar: HKU\S-1-5-21-1420643821-590855252-3859466403-1005 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.7.1.32\coIEPlg.dll [2016-08-05] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\yv5vzwdn.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-01-21] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-30] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-01-21] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-27] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-03-30] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-22] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-08] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-25] (Adobe Systems Inc.)
FF Extension: (Skype) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-05-25]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon
FF Extension: (Norton Identity Safe) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon [2016-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFAddon

Chrome: 
=======
CHR StartupUrls: Default -> "hxxp://www.theaustralian.com.au/business","hxxps://cryptowat.ch/bitfinex/btcusd","hxxps://www.coinigy.com/","hxxps://bittrex.com/","hxxps://poloniex.com/","hxxp://www.bbc.com/","hxxp://altcoinpro.bullbearanalytics.com/index.php?page=distribution"
CHR Profile: C:\Users\test\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Easy Auto Refresh) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aabcgdmkeabbnleenpncegpcngjpnjkc [2016-07-17]
CHR Extension: (Google Slides) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-04]
CHR Extension: (Google Docs) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-04]
CHR Extension: (One Click Google Hangout) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\aokjakdncnbbfhhammcdkbblmcglpobn [2016-08-21]
CHR Extension: (Google Drive) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-04]
CHR Extension: (CryptoTicker by Coinigy) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjmoeebomokfcfmopbappgncbhppmec [2016-02-04]
CHR Extension: (YouTube) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-04]
CHR Extension: (Adblock Plus) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-24]
CHR Extension: (Norton Security Toolbar) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-02]
CHR Extension: (Google Search) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-04]
CHR Extension: (Norton Home Page for Chrome) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-22]
CHR Extension: (Google Sheets) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-04]
CHR Extension: (Chrome Remote Desktop) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-07-17]
CHR Extension: (GoToMeeting Pro Screensharing) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcgikpombjkodabhbdalkcdhmllafipp [2016-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-09-08]
CHR Extension: (Ledger Wallet Bitcoin) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdpmhnladdopljabkgpacgpliggeeaf [2016-08-19]
CHR Extension: (Skype) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-09-08]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-06-21]
CHR Extension: (UltraWide Video) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\lngfncacljheahfpahadgipefkbagpdl [2016-04-03]
CHR Extension: (Save to Pocket) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2016-09-08]
CHR Extension: (Norton Safe) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-03]
CHR Extension: (Universe) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\oecmlnmneeeeiccpcohlffnipjhngmdk [2016-02-04]
CHR Extension: (TradingView Free Quotes and Chat) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\ommjfbdmijjlbhlhnnnfkmbnkpnjpipj [2016-02-04]
CHR Extension: (TeamViewer) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\oooiobdokpcfdlahlmcddobejikcmkfo [2016-03-06]
CHR Extension: (Gmail) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-04]
CHR Extension: (Chrome Media Router) - C:\Users\test\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-08]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-25]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1420643821-590855252-3859466403-1005\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\Exts\Chrome.crx [2016-08-25]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-27] (Adobe Systems Incorporated)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 CG6Service; C:\Program Files\CyberGhost 6\CyberGhost.Service.exe [71728 2016-08-18] (CyberGhost S.R.L)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe [76616 2016-06-20] (Google Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
S4 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593152 2014-01-29] (Samsung Electronics CO., LTD.)
S4 ETDService; C:\Program Files\Elantech\ETDService.exe [131288 2015-10-04] (ELAN Microelectronics Corp.)
S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
S4 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-24] (Intel Corporation)
S4 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S4 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
S4 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-16] (Intel Corporation)
S4 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-18] (Intel Corporation)
S4 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\N360.exe [289080 2016-08-17] (Symantec Corporation)
S4 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-15] (Symantec Corporation)
S4 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [326544 2012-06-04] (Sierra Wireless, Inc.)
S4 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3196768 2015-09-25] (Samsung Electronics CO., LTD.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20160907.004\BHDrvx64.sys [1854712 2016-08-19] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1607010.020\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-26] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-23] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-06-12] (Symantec Corporation)
R3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [32328 2015-10-04] (ELAN Microelectronic Corp.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20160914.001\IDSvia64.sys [876760 2016-07-16] (Symantec Corporation)
S3 massfilter_lte; C:\WINDOWS\system32\drivers\massfilter_lte.sys [18456 2012-01-04] (HandSet Incorporated)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-15] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402960 2015-05-14] (Realsil Semiconductor Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1607010.020\SRTSP64.SYS [773360 2016-08-10] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1607010.020\SRTSPX64.SYS [48888 2016-06-02] (Symantec Corporation)
S3 swg3kser00; C:\Windows\system32\DRIVERS\swg3kser00.sys [259328 2012-09-05] (Sierra Wireless Incorporated)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx64.sys [108800 2012-09-05] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\system32\DRIVERS\swnc8ua3.sys [300544 2012-09-05] (Sierra Wireless Inc.)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1607010.020\SYMEFASI64.SYS [1627352 2016-06-02] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1607010.020\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-08-08] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1607010.020\Ironx64.SYS [291056 2016-06-02] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1607010.020\SYMNETS.SYS [567536 2016-06-02] (Symantec Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160823.022\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\SDSDefs\20160823.022\EX64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-16 00:23 - 2016-09-16 00:24 - 00032031 _____ C:\Users\test\Downloads\FRST.txt
2016-09-16 00:23 - 2016-09-16 00:23 - 00000000 ____D C:\FRST
2016-09-16 00:22 - 2016-09-16 00:23 - 02398720 _____ (Farbar) C:\Users\test\Downloads\FRST64.exe
2016-09-15 22:27 - 2016-09-15 22:27 - 00294111 _____ C:\Users\test\Downloads\BoardingPass.pdf
2016-09-15 20:55 - 2016-09-15 20:55 - 00000000 ___HD C:\OneDriveTemp
2016-09-13 09:42 - 2016-09-15 20:55 - 00000000 ____D C:\Users\test\AppData\Local\CyberGhost
2016-09-13 09:42 - 2016-09-13 09:42 - 00002071 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberGhost 6.lnk
2016-09-13 09:40 - 2016-09-13 09:41 - 00000000 ____D C:\Program Files\TAP-Windows
2016-09-13 09:39 - 2016-09-13 09:41 - 00000000 ____D C:\Program Files\CyberGhost 6
2016-09-13 09:39 - 2016-09-13 09:39 - 00001769 _____ C:\Users\test\Desktop\CyberGhost 6.lnk
2016-09-13 09:39 - 2016-09-13 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 6
2016-09-13 09:38 - 2016-09-13 09:38 - 15951272 _____ (CyberGhost S.R.L. ) C:\Users\test\Downloads\CyberGhost_6.0.2.1985.exe
2016-09-08 19:07 - 2016-09-08 19:07 - 00028636 _____ C:\Users\test\Downloads\cyber-essentials-benefits-sep16 (1).xlsx
2016-09-08 19:06 - 2016-09-08 19:06 - 00028636 _____ C:\Users\test\Downloads\cyber-essentials-benefits-sep16.xlsx
2016-08-28 19:30 - 2016-08-28 19:30 - 00003328 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-28 19:29 - 2016-09-15 23:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-08-28 19:24 - 2016-08-28 19:24 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-08-24 21:49 - 2016-08-24 21:49 - 01053272 _____ C:\Users\test\Downloads\Cardinal Summary July 2016.pdf
2016-08-24 19:57 - 2016-08-28 19:24 - 00002314 _____ C:\Users\Public\Desktop\Norton 360.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-16 00:08 - 2014-09-06 14:15 - 00000958 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001UA.job
2016-09-15 23:53 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-15 23:46 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-15 23:45 - 2016-04-03 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-15 23:44 - 2014-05-27 10:47 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-09-15 23:42 - 2016-04-03 22:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-15 23:42 - 2016-04-03 22:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-15 23:41 - 2013-08-19 18:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-09-15 23:36 - 2016-02-12 06:25 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-15 23:29 - 2014-10-16 12:36 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-15 23:24 - 2013-08-19 18:59 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-09-15 21:57 - 2016-03-18 10:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-09-15 21:55 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-15 21:55 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-15 21:00 - 2016-04-03 22:28 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{11DBF7D3-2CE0-4E48-B59C-81BCB0D6517F}
2016-09-15 21:00 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-15 21:00 - 2015-10-04 11:05 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-15 20:57 - 2013-04-02 19:51 - 00000000 ____D C:\ProgramData\WinClon
2016-09-15 20:55 - 2016-06-21 18:31 - 00000000 ___RD C:\Users\test\Google Drive
2016-09-15 20:55 - 2016-02-04 16:26 - 00000000 ___RD C:\Users\test\OneDrive
2016-09-15 20:54 - 2015-12-19 08:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-15 20:54 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-09-15 20:54 - 2014-10-16 12:36 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-15 20:53 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-09-13 09:42 - 2016-02-04 16:24 - 00000000 ____D C:\Users\test\AppData\Local\VirtualStore
2016-09-13 09:03 - 2015-12-20 03:17 - 00000000 ___DC C:\WINDOWS\Panther
2016-09-13 02:03 - 2016-02-04 16:24 - 00000000 ____D C:\Users\test\AppData\Local\Packages
2016-09-13 01:57 - 2016-02-04 16:42 - 00000000 ____D C:\Users\test\AppData\Local\CrashDumps
2016-09-12 17:51 - 2016-07-17 01:17 - 00000000 ___HD C:\$WINDOWS.~BT
2016-09-08 20:08 - 2014-09-06 14:15 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001Core.job
2016-09-08 19:53 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache
2016-09-08 19:18 - 2016-02-12 06:25 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-07 11:00 - 2015-10-30 17:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-07 11:00 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-08-28 19:30 - 2016-02-04 16:27 - 00002400 _____ C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-28 19:24 - 2015-07-08 19:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-08-28 19:24 - 2014-09-07 09:40 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-08-24 20:03 - 2015-09-10 15:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-24 19:57 - 2016-02-04 16:24 - 00000000 ____D C:\Users\test
2016-08-24 19:55 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-21 19:53 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-20 07:32 - 2014-10-16 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-08-19 22:19 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-19 22:18 - 2013-08-15 18:32 - 00000000 ____D C:\Program Files\Microsoft Office 15

==================== Files in the root of some directories =======

2016-03-30 18:51 - 2016-03-30 18:51 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2015-12-19 08:19 - 2015-12-19 08:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-02 19:56 - 2013-02-19 17:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-04-02 19:56 - 2013-01-13 00:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2016-03-28 16:00 - 2016-03-28 16:00 - 0000113 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2016-03-26 14:27 - 2016-03-26 14:27 - 0000115 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-09-08 19:28

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2016
Ran by test (16-09-2016 00:25:18)
Running from C:\Users\test\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-18 22:36:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1420643821-590855252-3859466403-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1420643821-590855252-3859466403-503 - Limited - Disabled)
Guest (S-1-5-21-1420643821-590855252-3859466403-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1420643821-590855252-3859466403-1003 - Limited - Enabled)
Sonos (S-1-5-21-1420643821-590855252-3859466403-1004 - Limited - Enabled)
test (S-1-5-21-1420643821-590855252-3859466403-1005 - Administrator - Enabled) => C:\Users\test

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton 360 Premier (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 Premier (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 Premier (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Absolute Reminder (HKLM-x32\...\{40F4FF7A-B214-4453-B973-080B09CED019}) (Version: 2.1.0.8 - Absolute Software)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{649A1FD9-5892-46AD-8DF0-C4A43FF61CB7}) (Version: 4.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DE0A178-AC7B-4650-806C-CF226DE03766}) (Version: 4.1 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.18.1 - Asmedia Technology)
BitShares2-light (HKLM-x32\...\BitShares2-light) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version:  - )
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
Citrix Presentation Server Client - Web Only (HKLM-x32\...\{E9459BCF-0982-498B-ABA7-26C34323493F}) (Version: 10.200.2650 - Citrix Systems, Inc.)
CyberGhost 6 (HKLM\...\CyberGhost 6_is1) (Version:  - CyberGhost S.R.L.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dual Controller (HKLM-x32\...\{0C021556-694B-43A1-9A60-2BAA870B792A}) (Version: 1.35 - LG Electronics Inc)
Dual Controller (HKLM-x32\...\{BFF9E0A4-2669-4139-8320-9C5F76727DAA}) (Version: 1.54 - LG Electronics Inc)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
ETDWare X64 15.7.0.1_WHQL (HKLM\...\Elantech) (Version: 15.7.0.1 - ELAN Microelectronic Corp.)
Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galeria fotografii (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Drive (HKLM-x32\...\{459CE109-4E46-4340-92BC-054642BC3BC2}) (Version: 1.31.2873.2758 - Google, Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
I/O Coin HTML5 Wallet (HKLM-x32\...\IOCoinHTML5) (Version: 1.1.8 - I/O Coin Team)
iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
IncredibleCharts Pro (HKLM-x32\...\{134959C1-E63F-11D5-87EF-444553540000}_is1) (Version:  - Incredible Charts Pty Ltd)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1309-148929CC1385}) (Version: 3.1.1309.0390 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{e144fbd2-bf87-445f-b40b-93d61ca6bb7d}) (Version: 15.6.1 - Intel Corporation)
IntelliMemory (HKLM\...\{40320F22-7D70-49DB-9D66-B6FAE5F36B47}) (Version: 1.0.32.0 - Condusiv Technologies)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MetaTrader 4 (HKLM-x32\...\MetaTrader 4) (Version: 4.00 - MetaQuotes Software Corp.)
MetaTrader 4 IC Markets (HKLM-x32\...\MetaTrader 4 IC Markets) (Version: 4.00 - MetaQuotes Software Corp.)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50709.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Broadband Manager (x32 Version: 3.15.20905 - Telstra) Hidden
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Mozilla Firefox 42.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 42.0 (x86 en-US)) (Version: 42.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 42.0.0.5780 - Mozilla)
NinjaTrader 7 (HKLM-x32\...\{79D6E936-FD0C-4213-9A2B-3955CE618101}) (Version: 7.0.1031 - NinjaTrader)
Norton 360 Premier (HKLM-x32\...\N360) (Version: 22.7.1.32 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Online Support(S Service) (HKLM-x32\...\{C8996970-A56E-4659-B01B-CCB7097C4E59}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 2.0.0.21 - RSUPPORT)
Plants vs. Zombies (HKLM-x32\...\Plants vs. Zombies) (Version:  - PopCap Games)
Podstawowe programy Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Podstawowe programy Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Quant Analyzer 4 version 4.10.01 (HKLM-x32\...\{1779267B-D4AC-3A34-8906-24444F59568A}_is1) (Version: 4.10.01 - StrategyQuant Com Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7543 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.12.20 - Samsung Electronics CO., LTD.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
Samsung Update (HKLM-x32\...\{A9D16B9C-AA6D-4154-80CA-17099A2C308F}) (Version: 2.2.16 - Samsung Electronics CO., LTD.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)
Screen Split (HKLM-x32\...\{7F0C2357-33B0-4408-A9AD-A7623FAA22B1}) (Version: 6.57 - LG Electronics Inc.)
SDFormatter (HKLM-x32\...\{179324FF-7B16-4BA8-9836-055CAAEE4F08}) (Version: 4.0.0 - SD Association)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
SideSync (HKLM-x32\...\{59687468-8CE9-4ABF-9C6A-5C31F0E09F8B}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.3.0.9150 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
Slack (HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\slack) (Version: 2.0.0 - Slack Technologies)
Sonos Controller (HKLM-x32\...\{7BBA9BF8-05DF-47D8-8880-82A9B99505B9}) (Version: 31.9.27151 - Sonos, Inc.)
SRS Premium Sound (HKLM-x32\...\{E44F8A34-529E-4318-A0E1-1893C337A47F}) (Version: 1.00.4700 - DTS, Inc.)
TAP-Windows 9.21.2 (HKLM\...\TAP-Windows) (Version: 9.21.2 - )
Telegram Desktop version 0.9.32 (HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.9.32 - Telegram Messenger LLP)
Telstra Mobile Broadband Manager (HKLM-x32\...\Mobile Broadband Manager) (Version: 3.15.20905 - Telstra)
Texas Instruments TUSB3410 drivers. (HKLM-x32\...\InstallShield_{FA66245E-0E77-40D5-94A4-CB7AB753034F}) (Version: 6.5.9019.1 - Texas Instruments Inc.)
TUSB3410 (x32 Version: 6.5.9019.1 - Texas Instruments Inc.) Hidden
User Guide (HKLM-x32\...\{491C3106-0333-4CC0-8085-7F82065FBFA4}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (01/27/2014 9.0.0000.00000) (HKLM\...\9CA77E2A8332A0824C54DA611BBE4CA24AB1F750) (Version: 01/27/2014 9.0.0000.00000 - Google, Inc.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)
XChat 2 (remove only) (HKLM-x32\...\xchat) (Version:  - )
ZTE LTE Device USB Driver (HKLM\...\{00C1EF09-B5B7-4082-B1F4-C35CE7A7FCA9}) (Version:  - ZTE Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1420643821-590855252-3859466403-1005_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0207EAD0-7ECF-49AD-8A71-2613E64E9B42} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {09EDF7F4-433C-4C6D-B27D-3B4027FCDD6E} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {13411419-E75D-41F1-B19C-01A91CDB79AA} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\WSCStub.exe [2016-08-16] (Symantec Corporation)
Task: {18883B08-EE57-4861-9AE1-8CC0AE0BD04C} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2015-04-10] (SEC)
Task: {1AD8C874-F0FF-4711-B9E9-7ADC92BE006E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {20818784-A371-4284-B1E6-F94589EE735C} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {2A58F836-3DB1-4ADC-9A1A-747EBC2A2C2E} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-08-28] (Realtek Semiconductor)
Task: {2BDE182B-9F3E-48A7-ABBE-3607350D18E0} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {2F358BCE-5222-4350-B77C-8206D1CB8E62} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe
Task: {3C3F8235-3D75-492D-97DC-BDC1F0D7EA8C} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2014-01-29] (Samsung Electronics CO., LTD.)
Task: {3C700CDD-1647-4A8D-B548-977823D49B62} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3DE25988-EB18-4B71-B0E8-15CFB214AF14} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {52E666B3-E5D8-4D1F-9512-4E56D78492D1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {5732D05C-9993-4C5A-999D-4F484CD9EBB4} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe [2016-08-28] (Microsoft Corporation)
Task: {5A0FBA54-C749-4FB5-A710-6F473AFAF422} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5DB1BDCB-9BC1-4126-96C5-0EBBBD77D444} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {63D42F72-3874-47E7-AA46-1BDD6CD09105} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001UA => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {688B5B0E-80B9-402F-906F-9E686F40B9A3} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360 Premier\Upgrade.exe [2016-08-16] (Symantec Corporation)
Task: {74A82F4D-5C3D-4D8C-B7C3-B467254747C5} - System32\Tasks\RtHDVBg_SRSSA => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-08-28] (Realtek Semiconductor)
Task: {7A85E5DF-2EC0-40C1-8755-2F3148EBD51D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {8E920FEF-9C91-40DC-8F7C-F69FA910DD7A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001Core => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {965E8506-C044-49C8-AAA0-747CCBD90F08} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {A18529B6-8205-4F49-9699-71697856B4E5} - System32\Tasks\{733227B8-FDDD-4166-9243-68849CD98FF7} => pcalua.exe -a "C:\Program Files\REGSERVO\uninst.exe"
Task: {A62980E2-74C4-411F-8A98-46A71CE2FEF2} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {AB606355-1C08-4A44-B28D-5392DDB89528} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {BC13182B-C357-4C87-9500-94085E4829A4} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {BE2A5A8C-0328-4018-9E83-5458B3C7CC21} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.7.1.32\SymErr.exe [2016-05-23] (Symantec Corporation)
Task: {C4999A33-1864-409E-AB34-78679CD166EE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-13] (Adobe Systems Incorporated)
Task: {C8DCA1A6-4326-4E07-9A1C-1D388D8FE5ED} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {CE8C1C30-9938-40BA-9343-9C2CC2DB7BFA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-09-15] (Microsoft Corporation)
Task: {DBA0B03E-46D1-48AF-98C6-BE065E19795C} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2015-12-01] (Apple Inc.)
Task: {DC3AC342-D9C1-4D7D-81A3-8AABD8530097} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {E87FF530-6182-4646-B431-DC195AD6F085} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EAB6881E-8C53-4F1E-A215-014D7EE46065} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {EB10D6D9-0049-4A9D-9F6E-4782A406442D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {EC10A7E6-AA51-480E-8FB0-DB333E9EFF84} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-skuffone@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)
Task: {ED47063E-7695-44E2-80A1-E28C937A6FF9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {FE98D78C-883D-4106-B9D9-CBCB94132704} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-21] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001Core.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1420643821-590855252-3859466403-1001UA.job => C:\Users\James\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Chrome Remote Desktop.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=gbchcmhmhahfdphkhkmpfmihenigjmpp
ShortcutWithArgument: C:\Users\test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Ledger Wallet Bitcoin.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --profile-directory=Default --app-id=kkdpmhnladdopljabkgpacgpliggeeaf

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 17:17 - 2015-10-30 17:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-08-22 10:51 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-07-17 10:43 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-03 08:54 - 2015-04-13 15:07 - 00066048 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook64.dll
2016-04-23 16:48 - 2016-04-23 16:49 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-07-17 10:43 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-08-28 19:29 - 2016-08-28 19:29 - 01864384 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\amd64\ClientTelemetry.dll
2016-08-08 18:05 - 2016-05-25 02:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-20 03:14 - 2015-12-20 03:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-17 10:45 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-17 10:43 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-17 10:43 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-17 10:43 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-17 10:43 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-28 19:36 - 2016-08-28 19:37 - 00071872 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\icui18n56.dll
2016-08-28 19:36 - 2016-08-28 19:36 - 04028608 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.7167.40721.0_x64__8wekyb3d8bbwe\gfxim.dll
2016-08-28 19:33 - 2016-08-28 19:34 - 03763712 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1608.2213.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-04-23 16:48 - 2016-04-23 16:49 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-23 16:48 - 2016-04-23 16:49 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00025920 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2014-01-29 13:20 - 2014-01-29 13:20 - 00109888 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2016-08-28 19:29 - 2016-08-28 19:29 - 01383616 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\ClientTelemetry.dll
2016-08-28 19:29 - 2016-08-28 19:29 - 00118976 _____ () C:\Users\test\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\FileSyncViews.dll
2016-04-03 08:54 - 2015-04-13 15:07 - 00063488 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\ScreenSplitterHook.dll
2016-04-03 08:54 - 2015-04-13 15:07 - 06296064 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\SoftwareAutoUpdates.dll
2016-04-03 08:34 - 2015-04-14 12:15 - 00005120 _____ () C:\Program Files (x86)\LG Electronics\Screen Split\bin\EngRes.dll
2016-09-15 20:54 - 2016-09-15 20:54 - 00098816 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32api.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00110080 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pywintypes27.dll
2016-09-15 20:54 - 2016-09-15 20:54 - 00364544 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pythoncom27.dll
2016-09-15 20:54 - 2016-09-15 20:54 - 00320512 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32com.shell.shell.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00776704 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_hashlib.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 01176576 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._core_.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00806400 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._gdi_.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00816128 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._windows_.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 01067008 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._controls_.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00733184 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._misc_.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00682496 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pysqlite2._sqlite.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00088064 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_ctypes.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00119808 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32file.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00108544 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32security.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00007168 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\hashobjs_ext.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00017920 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\thumbnails_ext.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00088064 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\usb_ext.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00012800 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\common.time34.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00018432 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32event.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00167936 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32gui.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00046080 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_socket.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 01208320 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_ssl.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00128512 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_elementtree.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00127488 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\pyexpat.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00038912 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32inet.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00036864 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_psutil_windows.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00525208 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\windows._lib_cacheinvalidation.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00011264 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32crypt.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00077312 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._html2.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00027136 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_multiprocessing.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00020480 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\_yappi.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00035840 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32process.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00686080 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\unicodedata.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00078848 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._animate.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00123392 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\wx._wizard.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00024064 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32pipe.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00010240 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\select.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00025600 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32pdh.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00017408 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32profile.pyd
2016-09-15 20:54 - 2016-09-15 20:54 - 00022528 ____R () C:\Users\test\AppData\Local\Temp\_MEI54882\win32ts.pyd
2016-02-27 19:19 - 2016-02-27 19:19 - 00325824 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2016-09-13 09:39 - 2016-08-18 14:22 - 00174448 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\liblzo2-2.dll
2016-09-13 09:39 - 2016-08-18 14:22 - 00112040 _____ () C:\Program Files\CyberGhost 6\Data\OpenVPN\libpkcs11-helper-1.dll
2016-08-13 22:32 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-13 22:32 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1420643821-590855252-3859466403-1005\...\incrediblecharts.com -> *.incrediblecharts.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1420643821-590855252-3859466403-1005\Control Panel\Desktop\\Wallpaper -> C:\Users\test\Pictures\Backgrounds\city_view_from_the_top_beautifully_86861_2560x1080.jpg
DNS Servers: 194.187.251.67 - 185.93.180.131
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeActiveFileMonitor11.0 => 2
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: APNMCP => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: Easy Launcher => 2
MSCONFIG\Services: ETDService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: Intel(R) ME Service => 2
MSCONFIG\Services: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management => 2
MSCONFIG\Services: iumsvc => 3
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NOBU => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: SwiCardDetectSvc => 2
MSCONFIG\Services: SWUpdateService => 2
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "Intel AppUp(SM) center"
HKLM\...\StartupApproved\Run32: => "BigPondWirelessBroadbandCM"
HKLM\...\StartupApproved\Run32: => "ApnTBMon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{3370B8EC-6D61-4C5C-AD6F-C81F82741F86}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FF6EC60E-268D-4386-9459-99D12F9C9C7A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D7A889DF-162D-4B07-AA49-9E18504E6CEA}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{4627F474-B16F-40A4-BC82-5F6522D87A06}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AE85BC7D-8BE1-404E-A5A7-05605EBC8871}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{72E946A9-A980-4EDE-B95A-987A6ED30842}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{FBA588AA-5D8E-41A2-8795-0DF1F2DAD1AD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ECBCC812-C6F4-4B10-B263-9A83F848719A}] => (Allow) C:\Users\James\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{0B20265D-C455-4F2F-B1E6-A77F9FED2178}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
FirewallRules: [{2180C8BF-54F2-4A1E-B989-5574A9E941C8}] => (Allow) C:\Program Files\Condusiv Technologies\IntelliMemory\IntelliMem.exe
FirewallRules: [{7DC97C51-E630-41B0-B897-73F0A1A395D6}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{2FE79B97-EB32-44C1-A1E4-FCE419AB95A5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{CC7BBA7D-0C7E-4EA6-B2F1-1BF86A3CAE02}] => (Allow) LPort=1900
FirewallRules: [{8D0EBB9B-B4D5-4190-B001-10977AA1CFF6}] => (Allow) LPort=2869
FirewallRules: [{D89052A6-CB7B-4E7D-8F4A-7DA10110EB16}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BEBCAF1D-7D27-44B0-B0A3-625FB035E179}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [TCP Query User{487F9996-362A-4137-9B6D-90C85A694CC1}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [UDP Query User{A0DCDFB2-DC5D-41A0-8D28-4E56F6ED778E}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [TCP Query User{C48C1421-5065-4D9A-BB73-20FDCEE391BA}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [UDP Query User{09FA1B19-0218-4EDF-8D9F-9E67B97DCE93}C:\program files (x86)\xchat\xchat.exe] => (Allow) C:\program files (x86)\xchat\xchat.exe
FirewallRules: [TCP Query User{A7256A71-6867-4426-B6FF-88E8382BF863}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C3227A43-CDC8-42D8-A232-D89CEC1CA23F}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe
FirewallRules: [{73676FE4-72BE-4DC2-9CC0-F66D9FE7C950}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [{267015F6-0441-4F38-B6E9-99A136860C78}] => (Allow) C:\Program Files (x86)\Sonos\Sonos.exe
FirewallRules: [TCP Query User{0D64F59C-E88B-4076-BF22-C18308050ABD}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{420F7AC5-618C-46AB-AF8F-8440C98D1196}C:\users\james\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\james\appdata\roaming\spotify\spotify.exe
FirewallRules: [{E288B471-78A9-45DB-8F36-08AE096987AE}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe
FirewallRules: [{73AEE252-B5EC-4685-B5A4-7BD44B8E34C3}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe
FirewallRules: [{997A1F16-EA91-4FA2-B662-365143A1CD25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{55C1FB06-B04C-41B4-B5AA-94D286616802}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{05F68DF3-BE5E-434E-A6A9-456BCEABB902}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{0A2D3070-C21E-42BA-872B-9D78883843A6}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{488B5D3C-F3E7-4344-B8F6-DD4759CAA5A0}C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe] => (Block) C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe
FirewallRules: [UDP Query User{B7A93B30-BAD5-41B3-B85C-B0D11E11ACAC}C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe] => (Block) C:\users\james\downloads\shadow_1.3.1.0_win32\shadow\shadow.exe
FirewallRules: [TCP Query User{FB8F49FD-478F-43F0-A833-D2B362AC0CEB}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{B98F337B-1A48-4141-AD50-BE43F2C37198}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{14B1BE3A-4ABD-4F04-BC6B-F5DFFDA55C93}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe
FirewallRules: [{33DC719B-1839-4F3C-BFE6-2E4137DF7CA1}] => (Allow) C:\Program Files (x86)\IncredibleCharts\IncredibleCharts.exe
FirewallRules: [{73CA5BDB-E6EE-41E4-A45D-38CE1F73FBBD}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe
FirewallRules: [{4D5A5AD3-8000-4AAE-9EDE-0663A5B04988}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe
FirewallRules: [{3E43D6D5-2511-4FE1-9C3D-673B620FE09C}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe
FirewallRules: [{C29558B5-BD64-4929-A5C1-57E8F72AA645}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe
FirewallRules: [{BC12924D-8CEA-4031-AB2D-76AB85C519A8}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe
FirewallRules: [{213C0134-88AC-4E1C-B815-A6230DE654E4}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualControlFileTransferSession.exe
FirewallRules: [{75A1B271-459E-4769-929E-04B638CC83A6}] => (Allow) C:\Program Files (x86)\LG Electronics\Dual Controller\bin\DualController.exe
FirewallRules: [{3EDC9295-0D1B-4C26-ACC0-5ED9D2CC239D}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe
FirewallRules: [{72CE78C6-18A1-45D0-ACD1-7C998E54AC7D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\xchat\xchat.exe] => Enabled:XChat IRC Client
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiApiMuxX.exe] => Enabled:SwiApiMuxX.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/15/2016 11:35:20 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {e1c33a5b-c6d2-405b-be85-cfd15e408371}

Error: (09/13/2016 01:57:34 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: LockApp.exe, version: 0.0.0.0, time stamp: 0x5632d5a5
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.494, time stamp: 0x5775e2d9
Exception code: 0xc000027b
Fault offset: 0x000000000004b1c9
Faulting process id: 0x1f98
Faulting application start time: 0x01d20ccb4f4fae41
Faulting application path: C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: 8da6a586-5fec-4a55-aa93-8e8247f11f57
Faulting package full name: Microsoft.LockApp_10.0.10586.0_neutral__cw5n1h2txyewy
Faulting package-relative application ID: WindowsDefaultLockScreen

Error: (09/12/2016 05:57:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARPE_DIEM)
Description: Activation of app Microsoft.WindowsFeedback_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2016 05:43:47 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CARPE_DIEM)
Description: Activation of app Microsoft.AccountsControl_cw5n1h2txyewy!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/12/2016 05:43:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AccountsControlHost.exe, version: 10.0.10586.122, time stamp: 0x56cc1660
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.545, time stamp: 0x57a1bca1
Exception code: 0xc000027b
Fault offset: 0x00000000006fd01b
Faulting process id: 0x2c0c
Faulting application start time: 0x01d20cc95f93f2e3
Faulting application path: C:\Windows\SystemApps\Microsoft.AccountsControl_cw5n1h2txyewy\AccountsControlHost.exe
Faulting module path: C:\Windows\System32\Windows.UI.Xaml.dll
Report Id: c0f1489d-3e1d-4232-9c3d-a644f886c943
Faulting package full name: Microsoft.AccountsControl_10.0.10586.0_neutral__cw5n1h2txyewy
Faulting package-relative application ID: App

Error: (09/10/2016 10:38:08 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code.

Error: (09/08/2016 07:46:41 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c520b965-5d97-4499-b1a1-52e78a347e33}

Error: (09/08/2016 07:24:34 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.


Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {c520b965-5d97-4499-b1a1-52e78a347e33}

Error: (08/25/2016 04:43:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98
Faulting module name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98
Exception code: 0xe0464645
Fault offset: 0x000000000000a6d6
Faulting process id: 0x2a60
Faulting application start time: 0x01d1fe9bddb75e28
Faulting application path: C:\WINDOWS\System32\NetworkUXBroker.exe
Faulting module path: C:\WINDOWS\System32\NetworkUXBroker.exe
Report Id: 04c76a20-9c3b-49ea-9667-e8d7beca9d7c
Faulting package full name: 
Faulting package-relative application ID:

Error: (08/25/2016 04:42:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98
Faulting module name: NetworkUXBroker.exe, version: 10.0.10586.420, time stamp: 0x57491d98
Exception code: 0xe0464645
Fault offset: 0x000000000000a6d6
Faulting process id: 0x2a60
Faulting application start time: 0x01d1fe9bddb75e28
Faulting application path: C:\WINDOWS\System32\NetworkUXBroker.exe
Faulting module path: C:\WINDOWS\System32\NetworkUXBroker.exe
Report Id: 1a289621-87b6-4c7d-b000-b21a52f7f96e
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (09/15/2016 11:24:20 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/15/2016 08:57:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/15/2016 08:51:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_d8ca2 service to connect.

Error: (09/15/2016 08:51:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_d8ca2 service to connect.

Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_d8ca2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_d8ca2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_d8ca2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/15/2016 08:51:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_d8ca2 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/15/2016 08:50:27 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 8 0x0 0x0

Error: (09/15/2016 08:50:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

 Code: 2 0xdeaddeed 0xeeec


CodeIntegrity:
===================================
  Date: 2016-09-08 19:31:24.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-24 20:50:50.277
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-24 19:57:30.949
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-21 19:57:35.367
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-25 03:05:15.144
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-20 20:54:19.641
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-17 12:03:36.485
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-20 19:23:30.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-20 18:18:18.711
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-06-19 13:31:46.442
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 88%
Total physical RAM: 3980.52 MB
Available physical RAM: 458.96 MB
Total Virtual: 7692.52 MB
Available Virtual: 2130.58 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:94.15 GB) (Free:37.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 119.2 GB) (Disk ID: EA5C454A)

Partition: GPT.

==================== End of Addition.txt ============================

Link to post
Share on other sites

Hi Skuffone :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.

  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on Malwarebytes Forums, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against Malwarebytes Forums's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
    This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;


This being said, it's time to clean-up some malware, so let's get started, shall we? :)

I don't see anything bad really in your logs. The alert you're referring to is due to a false positive that occurred earlier this week and was fixed quickly in a database update. Please update Malwarebytes' database to the latest version, and let me know if you still get these alerts. 

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.