Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HKCU\SOFTWARE\Conduit\


  • This topic is locked This topic is locked
9 replies to this topic

#1 greysmouth

greysmouth

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Italy
  • Local time:10:49 AM

Posted 05 March 2015 - 05:15 PM

Hello. Here attached the two FRST logs after running the application on my PC. Please, let me know...Many thanks, greysmouth BO IT.Attached File  FRST.txt   47.63KB   5 downloadsAttached File  Addition.txt   38.39KB   3 downloads



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:49 AM

Posted 11 March 2015 - 08:50 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/569202 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 greysmouth

greysmouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Italy
  • Local time:10:49 AM

Posted 11 March 2015 - 10:29 AM

Attached File  Addition.txt   38.39KB   1 downloadsAttached File  FRST.txt   59.33KB   2 downloads
New logs after running FRST a few minutes ago. The main problem is "Conduit" in my Registry and also "Bonjour". It seems they came into my PC both at the same time. That's all. Thanks in adv. Best regards, greysmouth BO IT.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by greysmouth (administrator) on GREYSMOUTH-PC on 11-03-2015 16:00:14
Running from C:\Users\greysmouth\Desktop
Loaded Profiles: greysmouth (Available profiles: greysmouth & Administrator & DefaultAppPool)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files\Maxthon\Bin\Maxthon.exe" "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\HP\Common\HPSupportSolutionsFrameworkService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\obexsrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynToshiba.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe
(Logitech Inc.) C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\Utilities\KeNotify.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Motorola Solutions, Inc.) C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe
(Elgato Systems) C:\Program Files\Common Files\TERRATEC\Remote\TTTvRc.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Privax) C:\Program Files\HMA! Pro VPN\bin\HMA! Pro VPN.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPNetworkCommunicatorCom.exe
(The OpenVPN Project) C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
(The OpenVPN Project) C:\Program Files\HMA! Pro VPN\bin\openvpn.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1316136 2008-06-20] (Synaptics, Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-08-03] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files\Malwarebytes Anti-Exploit\mbae.exe [2561848 2014-12-10] (Malwarebytes Corporation)
HKLM\...\Run: [LWS] => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [KeNotify] => C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [34088 2009-01-13] (TOSHIBA CORPORATION)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [798544 2015-03-05] (Webroot)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files\Intel\Bluetooth\BleServicesCtrl.exe [161592 2013-11-13] (Motorola Solutions, Inc.)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Remote Control Editor] => C:\Program Files\Common Files\TerraTec\Remote\TTTVRC.exe [1844296 2011-11-09] (Elgato Systems)
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Run: [SRS Audio Sandbox] => C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [3216664 2010-01-07] (SRS Labs, Inc.)
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot FF RunOnce.lnk
ShortcutTarget: Install Webroot FF RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install Webroot IE RunOnce.lnk
ShortcutTarget: Install Webroot IE RunOnce.lnk -> C:\Program Files\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\greysmouth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Photosmart 6520 series (Network).lnk -> C:\Program Files\HP\HP Photosmart 6520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ ] -> {1914B27A-33C8-46F8-A1C2-F993268D4564} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {C14874EA-ACE4-4A47-8A81-18C4D1C40868} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {6DA1ED92-315E-4D0B-B354-9D5F519DBA95} => C:\Windows\system32\WRusr.dll (Webroot)
ShellIconOverlayIdentifiers: [ ] -> {8D7FC74C-E409-42DF-8EEE-69D45FAE2F30} => C:\Windows\system32\WRusr.dll (Webroot)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-gb/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3201001873-3998977407-2178783983-1002 -> {CB122415-2B29-4E78-87C5-FE7235B96CFF} URL = https://www.google.com/search?q={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_40\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Webroot\WRData\PKG\Vistax86\wrflt.dll [2015-02-26] (Webroot)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
Toolbar: HKLM - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2011-06-24] (TerraTec Electronic GmbH)
Toolbar: HKU\S-1-5-21-3201001873-3998977407-2178783983-1002 -> TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll [2011-06-24] (TerraTec Electronic GmbH)
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
Winsock: Catalog9 01 C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568] ()
Winsock: Catalog9 02 C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568] ()
Winsock: Catalog9 03 C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568] ()
Winsock: Catalog9 04 C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568] ()
Winsock: Catalog9 05 C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568] ()
Winsock: Catalog9 17 C:\Program Files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll [134568] ()
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.220.220
Tcpip\..\Interfaces\{FB06B20C-9025-4074-B265-7FD70D79CF1E}: [NameServer] 8.8.8.8,8.8.4.4

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-23] ()
FF Plugin: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files\SkypeWebPlugin\3.2.0.23388\npSkypeWebPlugin.dll [2014-11-03] (Skype)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3201001873-3998977407-2178783983-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\greysmouth\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-12-05] (Unity Technologies ApS)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-01-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [217088 2012-07-04] (AMD) [File not signed]
S4 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1678040 2013-10-02] (Broadcom Corporation.)
R2 Bluetooth Device Monitor; C:\Program Files\Intel\Bluetooth\devmonsrv.exe [1206648 2014-03-26] (Motorola Solutions, Inc.)
R2 Bluetooth Media Service; C:\Program Files\Intel\Bluetooth\mediasrv.exe [1706360 2014-05-13] (Motorola Solutions, Inc.)
R2 Bluetooth OBEX Service; C:\Program Files\Intel\Bluetooth\obexsrv.exe [1161592 2014-03-26] (Motorola Solutions, Inc.)
R2 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 MbaeSvc; C:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe [555320 2014-12-10] (Malwarebytes Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [32568 2014-10-29] (The OpenVPN Project)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [798544 2015-03-05] (Webroot)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2778416 2012-08-23] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [290304 2012-07-04] (Advanced Micro Devices, Inc.) [File not signed]
S3 AMPPAL; C:\Windows\System32\DRIVERS\AMPPAL.sys [112608 2013-04-11] (Windows ® Win 7 DDK provider)
S3 AMPPALP; C:\Windows\System32\DRIVERS\amppal.sys [112608 2013-04-11] (Windows ® Win 7 DDK provider)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170552 2014-05-27] (Broadcom Corporation.)
S3 BthMtpEnum; C:\Windows\System32\DRIVERS\BthMtpEnum.sys [51200 2009-07-14] (Microsoft Corporation)
R1 ESProtectionDriver; C:\Program Files\Malwarebytes Anti-Exploit\mbae.sys [47928 2014-12-10] ()
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-11] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 mod7700; C:\Windows\System32\DRIVERS\mod7700.sys [559392 2013-09-18] (DiBcom SA)
R3 MODRC; C:\Windows\System32\DRIVERS\modrc.sys [18976 2013-09-18] (DiBcom S.A.)
R3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)
S3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [157536 2009-05-20] (Realtek Semiconductor Corp.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2014-05-30] (Duplex Secure Ltd.)
S3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_i386.sys [407368 2012-06-21] ()
R3 SRS_SSCFilter; C:\Windows\System32\drivers\srs_sscfilter_i386.sys [268912 2009-12-15] ()
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-09-25] (The OpenVPN Project)
S3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
S3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation) [File not signed]
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [116736 2015-03-05] (Webroot)
S3 wrUrlFlt; C:\Windows\system32\DRIVERS\wrUrlFlt.sys [37432 2015-02-26] (Webroot)
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 16:00 - 2015-03-11 16:00 - 00000000 ___DC () C:\Users\greysmouth\Desktop\FRST-OlderVersion
2015-03-11 10:48 - 2015-03-11 11:15 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 10:48 - 2015-03-11 11:14 - 02744320 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 10:48 - 2015-03-11 11:14 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 10:48 - 2015-03-11 11:14 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 10:48 - 2015-03-11 11:06 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 10:48 - 2015-03-11 11:06 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 10:48 - 2015-03-11 11:06 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 10:48 - 2015-03-11 11:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 10:48 - 2015-03-11 11:06 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 10:48 - 2015-03-11 11:06 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 10:48 - 2015-03-11 11:06 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 10:48 - 2015-03-11 11:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 10:47 - 2015-03-11 11:04 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 10:47 - 2015-03-11 11:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 10:47 - 2015-03-11 11:04 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 10:47 - 2015-03-11 11:04 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 10:47 - 2015-03-11 11:04 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 10:47 - 2015-03-11 11:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 10:47 - 2015-03-11 11:03 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 10:47 - 2015-03-11 11:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 10:47 - 2015-03-11 11:03 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 10:47 - 2015-03-11 11:03 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 10:47 - 2015-03-11 11:03 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 10:47 - 2015-03-11 11:02 - 11411968 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 10:47 - 2015-03-11 11:02 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 10:47 - 2015-03-11 11:02 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 10:47 - 2015-03-11 11:02 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 10:47 - 2015-03-11 11:02 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 10:47 - 2015-03-11 11:02 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 10:47 - 2015-03-11 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 10:47 - 2015-03-11 11:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-10 19:12 - 2015-03-11 15:38 - 00024246 ____C () C:\Windows\setupact.log
2015-03-10 19:12 - 2015-03-11 11:19 - 00019212 ____C () C:\Windows\PFRO.log
2015-03-10 19:12 - 2015-03-10 19:12 - 00000000 ____C () C:\Windows\setuperr.log
2015-03-10 10:24 - 2015-03-10 10:24 - 00077592 ____C () C:\Users\greysmouth\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-10 10:23 - 2015-03-11 11:28 - 00294968 ____C () C:\Windows\WindowsUpdate.log
2015-03-10 10:20 - 2015-03-11 11:19 - 00317080 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-03-08 23:04 - 2015-03-08 23:04 - 00371911 ____C () C:\Users\greysmouth\Documents\Outlook.com - greysmouth@live.com.htm
2015-03-08 23:04 - 2015-03-08 23:04 - 00000000 ___DC () C:\Users\greysmouth\Documents\Outlook.com - greysmouth@live.com_files
2015-03-07 18:15 - 2015-03-07 18:15 - 00000000 ___DC () C:\ProgramData\Apple
2015-03-05 23:07 - 2015-03-05 23:08 - 00039314 ____C () C:\Users\greysmouth\Desktop\Addition.txt
2015-03-05 23:05 - 2015-03-11 16:00 - 00023915 ____C () C:\Users\greysmouth\Desktop\FRST.txt
2015-03-05 23:04 - 2015-03-11 16:00 - 01135104 ____C (Farbar) C:\Users\greysmouth\Desktop\FRST.exe
2015-03-05 21:36 - 2015-03-05 21:36 - 00001008 ____C () C:\Users\Public\Desktop\RogueKiller.lnk
2015-03-05 21:36 - 2015-03-05 21:36 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-03-05 21:36 - 2015-03-05 21:36 - 00000000 ___DC () C:\Program Files\RogueKiller
2015-03-05 21:35 - 2015-03-05 21:35 - 17306912 ____C (Adlice Software ) C:\Users\greysmouth\Desktop\setup.exe
2015-03-04 12:35 - 2015-03-04 12:35 - 00124951 ____C () C:\Users\greysmouth\Documents\Fav03-04-2015.html
2015-03-03 21:52 - 2015-03-03 21:52 - 00000000 ___DC () C:\Program Files\Common Files\Java
2015-03-03 21:23 - 2015-03-03 21:23 - 00000000 ___DC () C:\Program Files\Maxthon
2015-03-03 17:35 - 2015-03-02 06:45 - 01388333 ____C (Thisisu) C:\Users\greysmouth\Desktop\JRT_NEW.exe
2015-03-03 10:07 - 2015-03-11 15:51 - 00000095 ____C () C:\Users\greysmouth\.accessibility.properties
2015-03-03 01:16 - 2015-03-03 01:16 - 00005575 ____C () C:\Users\greysmouth\Desktop\WGA.txt
2015-03-03 01:11 - 2015-03-03 01:12 - 00000000 ___DC () C:\MGADiagToolOutput
2015-03-03 01:10 - 2015-03-03 01:10 - 00000000 ___DC () C:\ProgramData\Office Genuine Advantage
2015-03-03 01:08 - 2015-03-03 21:50 - 00096680 ____C (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-03 01:08 - 2015-03-03 01:08 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-03 01:06 - 2015-03-03 21:50 - 00000000 ___DC () C:\Program Files\Java
2015-03-03 00:43 - 2015-03-03 00:43 - 00468480 ____C () C:\Users\greysmouth\Desktop\CKScanner.exe
2015-03-03 00:42 - 2015-03-03 00:42 - 02031992 ____C (Microsoft Corporation) C:\Users\greysmouth\Desktop\MGADiag.exe
2015-03-03 00:41 - 2015-03-03 00:41 - 00852604 ____C () C:\Users\greysmouth\Desktop\SecurityCheck.exe
2015-03-02 14:18 - 2015-03-02 14:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2015-03-02 14:18 - 2015-03-02 14:18 - 00000000 ___DC () C:\Program Files\LAV Filters
2015-03-01 23:57 - 2015-03-01 23:57 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-27 19:03 - 2015-02-27 19:03 - 00000865 ____C () C:\Users\greysmouth\Desktop\µTorrent.lnk
2015-02-27 19:03 - 2015-02-27 19:03 - 00000845 ____C () C:\Users\greysmouth\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-27 19:02 - 2015-03-10 15:32 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\uTorrent
2015-02-26 22:16 - 2015-02-26 22:17 - 00000000 ___DC () C:\Program Files\CCleaner
2015-02-26 22:16 - 2015-02-26 22:16 - 00000972 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-26 22:16 - 2015-02-26 22:16 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-26 11:16 - 2015-02-26 11:16 - 00037432 ___CT (Webroot) C:\Windows\system32\Drivers\wrUrlFlt.sys
2015-02-25 12:29 - 2015-02-25 12:29 - 00002441 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-02-25 12:29 - 2015-02-25 12:29 - 00001992 ____C () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-02-25 09:22 - 2015-02-25 09:22 - 00015233 ____C () C:\Users\greysmouth\Desktop\Crono Time - Prodotti.htm
2015-02-25 09:22 - 2015-02-25 09:22 - 00000000 ___DC () C:\Users\greysmouth\Desktop\Crono Time - Prodotti_files
2015-02-24 10:14 - 2015-02-24 10:14 - 00000000 _RSHC () C:\MSDOS.SYS
2015-02-24 10:14 - 2015-02-24 10:14 - 00000000 _RSHC () C:\IO.SYS
2015-02-24 09:43 - 2015-03-06 06:45 - 00000374 ____C () C:\Windows\system32\Drivers\etc\hosts.ics
2015-02-23 22:06 - 2015-02-23 22:44 - 00000000 ___DC () C:\ComboFix
2015-02-23 22:06 - 2015-02-23 22:43 - 00000000 ___DC () C:\Qoobox
2015-02-23 12:09 - 2015-02-25 00:07 - 00000000 ___DC () C:\Program Files\Morgan
2015-02-23 12:09 - 2002-11-18 16:02 - 00040960 ____C () C:\Windows\system32\MMAVILNG.exe
2015-02-23 00:26 - 2015-02-23 02:26 - 00114904 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\4F1C7556.sys
2015-02-22 23:50 - 2015-02-22 23:50 - 00000482 ____C () C:\Users\greysmouth\Documents\GREYSMOUTH-PC_greysmouth_2015_ 2_22.csv
2015-02-22 18:56 - 2015-02-22 18:56 - 00000773 ____C () C:\Users\greysmouth\Desktop\Movies_2 - Shortcut.lnk
2015-02-20 10:56 - 2015-02-20 10:56 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\PC Suite
2015-02-17 16:04 - 2015-02-17 16:04 - 01202848 ____C (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-02-14 22:48 - 2015-02-14 22:48 - 00001114 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2015-02-14 22:47 - 2015-02-14 22:47 - 00001108 ____C () C:\Users\Public\Desktop\BS.Player PRO.lnk
2015-02-14 22:47 - 2015-02-14 22:47 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webteh
2015-02-14 15:43 - 2015-02-14 15:43 - 00001407 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-02-14 12:33 - 2015-02-14 12:34 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-14 12:33 - 2015-02-14 12:34 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-14 12:33 - 2015-02-14 12:34 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-14 02:50 - 2015-03-11 15:52 - 00114904 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-14 02:50 - 2015-02-14 02:51 - 00001067 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-14 02:50 - 2015-02-14 02:51 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-14 02:50 - 2015-02-14 02:51 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2015-02-14 02:50 - 2014-11-21 06:14 - 00075480 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-14 02:50 - 2014-11-21 06:14 - 00051928 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-14 02:50 - 2014-11-21 06:14 - 00023256 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-12 10:07 - 2015-02-12 10:07 - 00006561 ____C () C:\Users\greysmouth\Desktop\ACCESSO_CLUB_MOTORRAD - Shortcut.lnk
2015-02-11 11:47 - 2015-02-11 11:54 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 11:47 - 2015-02-11 11:54 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 11:47 - 2015-02-11 11:54 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 11:47 - 2015-02-11 11:54 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 11:47 - 2015-02-11 11:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 11:47 - 2015-02-11 11:54 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 11:47 - 2015-02-11 11:54 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 11:47 - 2015-02-11 11:54 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 11:44 - 2015-02-11 11:56 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 11:44 - 2015-02-11 11:53 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-07 14:40 - 2015-02-07 14:40 - 00000000 ___DC () C:\ProgramData\TerraTec
2015-02-06 09:51 - 2015-02-06 09:51 - 00001116 ____C () C:\Users\Public\Desktop\HMA! Pro VPN.lnk
2015-02-06 09:51 - 2015-02-06 09:51 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HMA! Pro VPN
2015-02-06 09:51 - 2015-02-06 09:51 - 00000000 ___DC () C:\Program Files\HMA! Pro VPN
2015-02-04 21:35 - 2015-02-04 22:35 - 05070512 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2015-02-04 12:15 - 2015-03-02 14:14 - 00001098 ____C () C:\Users\greysmouth\Desktop\DVBViewer TERRATEC Edition.lnk
2015-02-04 12:15 - 2015-03-02 14:14 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVBViewer TERRATEC Edition
2015-02-04 12:14 - 2015-03-02 14:14 - 00000000 ___DC () C:\Program Files\DVBViewer TERRATEC Edition
2015-02-04 11:23 - 2015-02-04 11:23 - 00000582 ____C () C:\Users\greysmouth\Documents\GREYSMOUTH-PC_greysmouth_2015_ 2_ 4.csv
2015-01-26 13:46 - 2015-01-28 02:13 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\lptmp1701803897
2015-01-26 13:43 - 2015-03-05 15:27 - 00166128 ____C (Webroot) C:\Windows\system32\WRusr.dll
2015-01-26 13:43 - 2015-02-13 23:20 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot SecureAnywhere
2015-01-26 13:41 - 2015-03-11 16:00 - 00000000 ___DC () C:\ProgramData\WRData
2015-01-26 13:41 - 2015-03-05 15:27 - 00116736 ____C (Webroot) C:\Windows\system32\Drivers\WRkrn.sys
2015-01-23 11:00 - 2015-01-23 11:00 - 00000000 ___DC () C:\Users\greysmouth\Desktop\JRT_NEW
2015-01-14 19:07 - 2015-01-14 19:07 - 00123426 ____C () C:\Users\greysmouth\Desktop\RossoCorsa by G.S.A. Organization.htm
2015-01-14 19:07 - 2015-01-14 19:07 - 00000000 ___DC () C:\Users\greysmouth\Desktop\RossoCorsa by G.S.A. Organization_files
2015-01-14 09:41 - 2015-01-14 09:52 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\tlntsess.exe
2015-01-14 09:40 - 2015-01-14 09:41 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 09:40 - 2015-01-14 09:41 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 09:40 - 2015-01-14 09:41 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 09:40 - 2015-01-14 09:41 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-09 16:29 - 2015-03-04 17:22 - 00000000 ___DC () C:\Program Files\MarkAny
2015-01-09 16:26 - 2015-01-09 16:26 - 00000000 ___DC () C:\Users\Public\Documents\CrashDump
2015-01-08 23:19 - 2015-01-08 23:19 - 00000000 ___DC () C:\Program Files\SkypeWebPlugin
2014-12-31 18:04 - 2014-12-31 18:04 - 00000000 ____C () C:\Windows\system32\Drivers\Msft_Kernel_btmaux_01009.Wdf
2014-12-31 17:58 - 2014-12-31 17:58 - 00020577 ____C () C:\Users\greysmouth\Documents\GREYSMOUTH-PC_greysmouth_2014_12_31.csv
2014-12-31 16:26 - 2014-12-31 16:26 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\Intel
2014-12-30 20:59 - 2014-12-30 20:59 - 00000482 ____C () C:\Users\greysmouth\Documents\GREYSMOUTH-PC_greysmouth_2014_12_30.csv
2014-12-29 19:39 - 2014-12-29 19:39 - 00079249 ____C () C:\Users\greysmouth\Desktop\MV Agusta Brutale 750 910 989 1078RR Parts & Accessories.htm
2014-12-29 19:39 - 2014-12-29 19:39 - 00000000 ___DC () C:\Users\greysmouth\Desktop\MV Agusta Brutale 750 910 989 1078RR Parts & Accessories_files
2014-12-29 19:27 - 2014-12-29 19:27 - 00027392 ____C () C:\Users\greysmouth\Desktop\OEM Spare parts for MV Agusta motorcycles.htm
2014-12-29 19:27 - 2014-12-29 19:27 - 00000000 ___DC () C:\Users\greysmouth\Desktop\OEM Spare parts for MV Agusta motorcycles_files
2014-12-25 15:21 - 2014-12-25 15:41 - 00000000 ___DC () C:\Users\greysmouth\Downloads\PUPI_PICS
2014-12-24 21:48 - 2014-12-24 21:48 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\NokiaAccount
2014-12-21 14:37 - 2014-12-21 18:13 - 00347911 ____C () C:\Users\greysmouth\Documents\GREYSMOUTH-PC_greysmouth_2014_12_21.csv
2014-12-21 14:34 - 2015-02-24 23:49 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\Nokia Suite
2014-12-21 14:34 - 2015-02-24 23:49 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\Nokia
2014-12-21 14:31 - 2014-12-21 14:32 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\Nokia
2014-12-21 14:27 - 2015-02-24 23:54 - 00000000 ___DC () C:\Program Files\Nokia
2014-12-21 13:30 - 2014-12-21 13:30 - 00000000 ___DC () C:\Users\greysmouth\.eclipse
2014-12-18 12:19 - 2014-12-18 12:19 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\Oracle
2014-12-18 12:11 - 2015-03-03 01:09 - 00000000 ___DC () C:\ProgramData\Oracle
2014-12-18 11:59 - 2014-12-18 11:59 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\Apps\2.0
2014-12-18 10:16 - 2015-03-11 01:16 - 00035064 ____C () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-18 09:54 - 2014-12-18 09:54 - 00000619 ____C () C:\Users\greysmouth\Documents\GREYSMOUTH-PC_greysmouth_2014_12_18.csv
2014-12-17 12:26 - 2014-12-17 12:39 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\lptmp1044870223
2014-12-17 12:23 - 2015-02-13 23:20 - 00000000 ___DC () C:\Program Files\Webroot
2014-12-17 08:34 - 2015-03-02 11:26 - 00000000 ___DC () C:\Users\greysmouth\Desktop\mbar
2014-12-15 09:15 - 2014-12-15 09:15 - 00000565 ____C () C:\Users\greysmouth\Documents\GREYSMOUTH-PC_greysmouth_2014_12_15.csv
2014-12-14 16:08 - 2014-12-31 15:13 - 00000000 __RDC () C:\Users\greysmouth\Desktop\OneDrive
2014-12-14 16:07 - 2014-12-14 16:07 - 00000000 ___DC () C:\Users\greysmouth\Downloads\OneDrive
2014-12-13 13:01 - 2014-12-13 13:01 - 00121875 ____C () C:\Users\greysmouth\Desktop\Search Microsoft.com.htm
2014-12-13 13:01 - 2014-12-13 13:01 - 00000000 ___DC () C:\Users\greysmouth\Desktop\Search Microsoft.com_files
2014-12-12 18:34 - 2015-01-06 21:49 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2014-12-12 18:34 - 2015-01-06 21:49 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Exploit
2014-12-11 17:59 - 2015-02-11 12:15 - 00000000 ___DC () C:\Windows\system32\appraiser
2014-12-11 17:42 - 2014-12-11 17:57 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-11 17:42 - 2014-12-11 17:57 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-11 17:33 - 2014-12-11 17:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-11 17:33 - 2014-12-11 17:48 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-11 17:32 - 2014-12-11 17:44 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-11 17:32 - 2014-12-11 17:44 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-11 17:32 - 2014-12-11 17:44 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-11 17:32 - 2014-12-11 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-11 17:32 - 2014-12-11 17:44 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-11 16:00 - 2015-02-04 23:15 - 00000000 ___DC () C:\FRST
2015-03-11 15:51 - 2014-06-18 13:38 - 00000000 ___DC () C:\Users\greysmouth
2015-03-11 15:46 - 2014-07-20 12:21 - 00000000 __RDC () C:\Users\greysmouth\OneDrive
2015-03-11 15:34 - 2014-09-16 10:41 - 00000830 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-11 15:22 - 2014-06-21 16:33 - 00000000 ___DC () C:\ProgramData\Malwarebytes Anti-Exploit
2015-03-11 12:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-11 11:29 - 2009-07-14 05:34 - 00028992 ____C () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-11 11:29 - 2009-07-14 05:34 - 00028992 ____C () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-11 11:22 - 2009-07-14 05:53 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-03-11 11:16 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\system32\it-IT
2015-03-11 11:14 - 2012-12-07 20:17 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-03-11 11:13 - 2013-07-23 17:55 - 00000000 ___DC () C:\Windows\system32\MRT
2015-03-11 11:07 - 2014-06-18 15:49 - 119837696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 17:37 - 2012-12-02 19:45 - 00000000 ___DC () C:\Users\greysmouth\Documents\EXCEL
2015-03-10 10:17 - 2014-06-07 12:14 - 00000410 ____C () C:\Windows\Tasks\Wise Care 365 PC Checkup Task.job
2015-03-10 10:16 - 2013-10-28 00:14 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\CrashDumps
2015-03-10 10:16 - 2012-08-13 18:15 - 00000000 _RHDC () C:\MSOCache
2015-03-09 09:02 - 2014-04-29 12:52 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\Wise Care 365
2015-03-07 18:59 - 2012-12-13 13:39 - 00000000 ___DC () C:\Program Files\Common Files\TERRATEC
2015-03-07 18:58 - 2012-12-13 13:47 - 00001197 ____C () C:\Users\Public\Desktop\TerraTec Home Cinema.lnk
2015-03-05 14:22 - 2014-11-06 19:58 - 00000000 ___DC () C:\AdwCleaner
2015-03-04 12:28 - 2014-06-18 13:37 - 00000000 ___DC () C:\Users\DefaultAppPool
2015-03-04 12:27 - 2012-12-02 19:46 - 00000000 ___DC () C:\Users\greysmouth\Documents\WORD
2015-03-04 12:18 - 2014-11-10 18:08 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\Samsung
2015-03-04 12:18 - 2014-11-10 18:08 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\Samsung
2015-03-04 12:18 - 2014-11-10 18:03 - 00000000 ___DC () C:\Program Files\Samsung
2015-03-04 12:15 - 2012-12-02 18:57 - 00000000 ___DC () C:\Program Files\InstallShield Installation Information
2015-03-04 12:13 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\Microsoft.NET
2015-03-03 21:24 - 2014-04-29 10:30 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\Maxthon3
2015-03-03 21:22 - 2013-04-18 20:07 - 00000000 ___DC () C:\Users\greysmouth\Downloads\EXE
2015-03-03 18:01 - 2014-05-27 18:35 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-03-03 16:26 - 2012-12-02 21:18 - 00783600 ____C () C:\Windows\system32\perfh010.dat
2015-03-03 16:26 - 2012-12-02 21:18 - 00162020 ____C () C:\Windows\system32\perfc010.dat
2015-03-03 16:26 - 2010-11-20 22:01 - 01792738 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 14:08 - 2014-02-21 16:58 - 00001969 ____C () C:\Users\Public\Desktop\HP Print and Scan Doctor.lnk
2015-03-03 01:26 - 2014-05-20 22:51 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\WiseUpdate
2015-03-02 17:52 - 2012-12-02 19:46 - 00000000 ___DC () C:\Users\greysmouth\Documents\Scansioni personali
2015-03-02 11:26 - 2014-06-17 12:55 - 00000000 ___DC () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-03-02 10:56 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\system32\NDF
2015-03-02 10:15 - 2014-06-18 16:29 - 00000000 ___DC () C:\Windows\Minidump
2015-02-25 12:27 - 2014-08-25 11:32 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\Adobe
2015-02-24 11:44 - 2012-12-02 23:35 - 00000000 ___DC () C:\ProgramData\Microsoft OneDrive
2015-02-24 03:23 - 2012-12-02 19:25 - 00246920 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 22:38 - 2009-07-14 03:04 - 00000215 ____C () C:\Windows\system.ini
2015-02-23 22:28 - 2014-11-26 02:38 - 58720256 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-02-23 22:28 - 2009-07-14 03:03 - 34340864 _____ () C:\Windows\system32\config\system.bak
2015-02-23 22:28 - 2009-07-14 03:03 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-02-23 22:28 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-02-23 22:28 - 2009-07-14 03:03 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-02-23 22:27 - 2014-06-17 11:37 - 00000000 ___DC () C:\Windows\erdnt
2015-02-23 22:26 - 2014-11-03 01:34 - 00000000 ___DC () C:\Program Files\WinRAR
2015-02-23 03:20 - 2014-09-16 10:41 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-23 03:20 - 2014-09-16 10:41 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-18 19:50 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\system32\Msdtc
2015-02-18 19:50 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\registration
2015-02-17 18:35 - 2014-11-10 18:27 - 00000000 ___DC () C:\Users\greysmouth\Documents\SelfMV
2015-02-15 23:16 - 2014-01-18 11:13 - 00000000 ___DC () C:\Program Files\TOSHIBA
2015-02-14 22:47 - 2013-01-29 15:00 - 00000000 ___DC () C:\Users\greysmouth\AppData\Roaming\BSplayer Pro
2015-02-14 22:47 - 2013-01-29 15:00 - 00000000 ___DC () C:\Program Files\Webteh
2015-02-14 15:43 - 2013-09-27 19:36 - 00000000 ___DC () C:\Program Files\Windows Live
2015-02-13 23:22 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\system32\wfp
2015-02-13 23:21 - 2014-06-18 13:38 - 00000000 ___DC () C:\Users\Administrator.greysmouth-PC
2015-02-13 23:21 - 2014-04-29 09:42 - 00000000 __SDC () C:\Windows\system32\CompatTel
2015-02-13 23:20 - 2014-09-19 22:14 - 00000000 ___DC () C:\Users\greysmouth\Downloads\mbar
2015-02-13 23:20 - 2014-05-23 11:31 - 00000000 ___DC () C:\ProgramData\RogueKiller
2015-02-13 23:20 - 2013-02-03 15:44 - 00000000 ___DC () C:\Program Files\Intel
2015-02-13 23:20 - 2012-12-11 13:37 - 00000000 ___DC () C:\Users\greysmouth\AppData\Local\SRS Labs
2015-02-13 23:20 - 2009-07-14 05:52 - 00000000 ___DC () C:\Program Files\Windows Defender
2015-02-13 23:19 - 2009-07-14 03:37 - 00000000 ___DC () C:\Program Files\Common Files\microsoft shared
2015-02-13 11:09 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\tracing
2015-02-11 18:13 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\system32\LogFiles
2015-02-11 12:15 - 2009-07-14 03:37 - 00000000 ___DC () C:\Windows\AppCompat

==================== Files in the root of some directories =======

2012-12-03 10:04 - 2015-01-26 13:46 - 10395072 ____C (Webroot Software, Inc.) C:\Program Files\Common Files\wruninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-10 10:52

==================== End Of Log ============================

Edited by nasdaq, 12 March 2015 - 08:30 AM.
Frst log posted.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 12 March 2015 - 08:46 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CloseProcesses:

HKU\S-1-5-21-3201001873-3998977407-2178783983-1002\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
ShellExecuteHooks: - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File [ ]
FF Plugin: @microsoft.com/GENUINE -> disabled No File
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
U0 SR; No ImagePath
U2 srservice; No ImagePath
Task: {AC7E3D25-79B7-43DF-AE2C-978E5F4FE591} - System32\Tasks\0 => Iexplore.exe  <==== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#5 greysmouth

greysmouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Italy
  • Local time:10:49 AM

Posted 12 March 2015 - 10:50 AM

Attached File  FRST.txt   54.78KB   2 downloadsAttached File  Addition.txt   38.91KB   2 downloadsAttached File  Fixlog.txt   3.52KB   2 downloadsAttached File  AdwCleanerR44.txt   3.55KB   2 downloads

Hello nasdaq! Here we go and done! I also attached the Adw Cleaner logfile after restarting my laptop. Thank you in adv. Regards, greysmouth BO IT.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 12 March 2015 - 12:41 PM

Run the AdwCleaner tool and clean the registry entry.
Key Found : HKCU\Software\Conduit

===

Your FRST.txt log looks the same as the previous one.

Post a fresh log if you still have any problems.

#7 greysmouth

greysmouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Italy
  • Local time:10:49 AM

Posted 12 March 2015 - 01:48 PM

Attached File  FRST.txt   53.65KB   1 downloadsAttached File  Addition.txt   37KB   0 downloadsAttached File  AdwCleanerS40.txt   3.68KB   0 downloads

Hello. Conduit deleted. Here attached the last filelogs. Regards, greysmouth BO IT.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 13 March 2015 - 07:25 AM

Looking good.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#9 greysmouth

greysmouth
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Italy
  • Local time:10:49 AM

Posted 13 March 2015 - 10:53 AM

Hello nasdaq! Thanks for helping me, anyway I'll inform you in the case the situation is going to change or something new is happening. My best regards, greysmouth BO IT.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:49 AM

Posted 19 March 2015 - 07:21 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users