Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Multiple virus trojan infection:


  • This topic is locked This topic is locked
35 replies to this topic

#1 RenegadePrue

RenegadePrue

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 23 June 2015 - 02:45 PM

I am running windows 7:

I thought I had removed the traces of virus and trojans but can not install anything.  I uninstalled my norton antivirus and can not reinstall.  I can download anything to desktop but as soon as I run it the comp freezes, no matter what program it is!  I was able to download FRST and run it with no problems.  Found virus and trojans:  it added 2 new users and started a shared network group.  I have deleted all of the users but myself and stopped shared network.  Please help I know there is still something hanging around that I am missing.  As far as I remember there was a wow6432 node virus, appdata virus, and a few others.

 

It also shut down my restore points so I can't restore prior to virus, only after.  Shut down my Norton as well as windows defender firewall. 

 

I have attached logs from FRST...

 

Thanks for your help!!

Attached Files


Edited by RenegadePrue, 23 June 2015 - 02:47 PM.


BC AdBot (Login to Remove)

 


#2 RenegadePrue

RenegadePrue
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 23 June 2015 - 06:00 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Brandon (administrator) on BRANDON-PC on 22-06-2015 15:56:32
Running from C:\Users\Brandon\Desktop
Loaded Profiles: Brandon (Available Profiles: Brandon & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-21-1463623021-776205435-2290215826-1000\...\MountPoints2: {2b178825-8ed8-11e4-954c-d067e51d788d} - I:\VZW_Software_upgrade_assistant.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
SearchScopes: HKLM-x32 -> DefaultScope {71AE3ED2-0658-404A-A692-BF1C95753A7C} URL =
SearchScopes: HKLM-x32 -> {43808432-A691-FD14-16D5-754E460845E0} URL =
SearchScopes: HKU\S-1-5-21-1463623021-776205435-2290215826-1000 -> DefaultScope {9A7B9ABD-B7D8-4225-B493-9C08CDB65CBA} URL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1463623021-776205435-2290215826-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1463623021-776205435-2290215826-1000 -> {9A7B9ABD-B7D8-4225-B493-9C08CDB65CBA} URL = https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} ->  No File
Toolbar: HKU\S-1-5-21-1463623021-776205435-2290215826-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File

Chrome:
=======
CHR Profile: C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-13]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp [2014-12-10]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-12-10]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-12-10]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-12-10]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-10]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2013-10-22]
CHR HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-13] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
S4 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-13] (Microsoft Corporation)
S4 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [23040 2013-07-25] (Apple Inc.) [File not signed]
S4 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys 90C53BD47979FB8814F465A08B885102
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtiHdmi.sys 637E0753BD6DEB8EA5314A5C357EC1A0
C:\Windows\System32\DRIVERS\atikmdag.sys ADF81052D94BCD3FF7DB2FE59E3ED6F4
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\k57nd60a.sys D85F3F18E44F7447B5F1BA5C85BAEB7C
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys BF69D973523D539A35807946C6DA7E16
C:\Windows\System32\Drivers\ksecpkg.sys 272C27711C8AA6E7815EE33F8ACA9C66
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 87BCD1034CBF33537D4D4C251D39BA26
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\mqac.sys CD22D2563039DDA6793F7624719363A7
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netaapl64.sys EE00C544C025958AF50C7B199F3C8595
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\drivers\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 15:56 - 2015-06-22 15:57 - 00022388 _____ C:\Users\Brandon\Desktop\FRST.txt
2015-06-22 15:56 - 2015-06-22 15:56 - 02109952 _____ (Farbar) C:\Users\Brandon\Desktop\FRST64.exe
2015-06-22 15:56 - 2015-06-22 15:56 - 00000000 ____D C:\FRST
2015-06-22 15:45 - 2015-06-22 15:46 - 00076665 _____ C:\Users\Brandon\Desktop\Roblox.htm
2015-06-22 02:11 - 2015-06-22 02:15 - 00001274 _____ C:\Users\Brandon\Desktop\Norton Installation Files.lnk
2015-06-22 01:09 - 2015-06-22 01:09 - 01021632 _____ (Symantec Corporation) C:\Users\Brandon\Desktop\Norton_Download_Manager.exe
2015-06-22 01:04 - 2015-06-22 01:04 - 00000000 ____D C:\ProgramData\F-Secure
2015-06-21 14:20 - 2015-06-21 14:20 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-06-21 14:20 - 2015-06-21 14:20 - 00000000 ____D C:\Users\DefaultAppPool
2015-06-21 14:20 - 2013-10-11 12:15 - 00000000 ____D C:\Users\DefaultAppPool\Desktop\Play Games
2015-06-21 14:20 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-21 14:20 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-06-20 12:18 - 2015-06-20 12:18 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-06-20 11:56 - 2015-06-20 11:56 - 00000000 ____D C:\Users\Brandon\Desktop\Family
2015-06-20 11:55 - 2015-06-20 11:55 - 00000000 ____D C:\Users\Brandon\Desktop\Christina
2015-06-20 11:45 - 2015-06-20 11:45 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-20 11:45 - 2015-06-20 11:45 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-20 10:27 - 2012-05-31 22:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-06-20 10:27 - 2012-05-31 22:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-06-20 10:27 - 2012-05-31 22:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-06-20 10:27 - 2012-05-31 22:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-06-20 10:27 - 2012-05-31 22:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-06-20 10:27 - 2012-05-31 22:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-06-20 10:27 - 2012-05-31 21:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-06-20 10:27 - 2012-05-31 21:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-06-20 10:27 - 2012-05-31 21:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-06-20 10:27 - 2012-05-31 21:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-06-20 10:27 - 2012-05-31 21:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-06-20 10:27 - 2012-05-31 21:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-06-19 22:37 - 2015-06-21 03:17 - 00035992 _____ C:\Windows\iis7.log
2015-06-19 22:36 - 2015-06-19 22:36 - 00000000 ____D C:\Windows\SysWOW64\BestPractices
2015-06-19 22:36 - 2015-06-19 22:36 - 00000000 ____D C:\Windows\system32\msmq
2015-06-19 22:36 - 2015-06-19 22:36 - 00000000 ____D C:\Windows\system32\BestPractices
2015-06-19 22:36 - 2015-06-19 22:36 - 00000000 ____D C:\inetpub
2015-06-10 19:41 - 2015-06-10 19:41 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2015-06-09 14:06 - 2015-05-25 11:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-09 14:06 - 2015-05-25 11:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-09 14:06 - 2015-05-25 11:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-09 14:06 - 2015-05-25 11:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-09 14:06 - 2015-05-25 11:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-09 14:06 - 2015-05-25 11:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-09 14:06 - 2015-05-25 11:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-09 14:06 - 2015-05-25 11:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-09 14:06 - 2015-05-25 11:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-09 14:06 - 2015-05-25 11:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-09 14:06 - 2015-05-22 11:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-09 14:06 - 2015-05-22 11:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-09 14:06 - 2015-05-22 11:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-09 14:06 - 2015-05-22 11:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-09 14:06 - 2015-05-22 11:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-09 14:06 - 2015-05-22 11:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-09 14:06 - 2015-05-22 11:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-09 14:06 - 2015-05-21 06:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-09 14:06 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-09 14:06 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-09 14:06 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-09 14:06 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-09 14:06 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-09 14:06 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-09 14:06 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-09 14:06 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-09 14:06 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-09 14:06 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-09 14:05 - 2015-06-01 12:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 14:05 - 2015-06-01 11:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 14:05 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 14:05 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 14:05 - 2015-05-25 11:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-09 14:05 - 2015-05-25 11:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-09 14:05 - 2015-05-25 11:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-09 14:05 - 2015-05-25 11:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-09 14:05 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-09 14:05 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-09 14:05 - 2015-05-25 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-09 14:05 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-09 14:05 - 2015-05-25 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-09 14:05 - 2015-05-25 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 11:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-09 14:05 - 2015-05-25 11:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-09 14:05 - 2015-05-25 11:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-09 14:05 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-09 14:05 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-09 14:05 - 2015-05-25 11:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-09 14:05 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-09 14:05 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-09 14:05 - 2015-05-25 11:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-09 14:05 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-09 14:05 - 2015-05-25 10:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-09 14:05 - 2015-05-25 10:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-09 14:05 - 2015-05-25 10:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-09 14:05 - 2015-05-25 10:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-09 14:05 - 2015-05-25 10:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-09 14:05 - 2015-05-25 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 10:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 14:05 - 2015-05-25 10:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-09 14:05 - 2015-05-25 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-09 14:05 - 2015-05-25 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-09 14:05 - 2015-05-25 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-09 14:05 - 2015-05-25 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-09 14:05 - 2015-05-22 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-09 14:05 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 14:05 - 2015-05-22 20:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-09 14:05 - 2015-05-22 20:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-09 14:05 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 14:05 - 2015-05-22 20:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-09 14:05 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 14:05 - 2015-05-22 20:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-09 14:05 - 2015-05-22 20:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-09 14:05 - 2015-05-22 20:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-09 14:05 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 14:05 - 2015-05-22 20:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-09 14:05 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 14:05 - 2015-05-22 19:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-09 14:05 - 2015-05-22 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-09 14:05 - 2015-05-22 19:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-09 14:05 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 14:05 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 14:05 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 14:05 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 14:05 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 14:05 - 2015-05-22 19:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-09 14:05 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 14:05 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 14:05 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 14:05 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 14:05 - 2015-05-22 12:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-09 14:05 - 2015-05-22 12:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-09 14:05 - 2015-05-22 12:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-09 14:05 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 14:05 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 14:05 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 14:05 - 2015-05-22 12:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-09 14:05 - 2015-05-22 11:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-09 14:05 - 2015-05-22 11:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-09 14:05 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 14:05 - 2015-05-22 11:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-09 14:05 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 14:05 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 14:05 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 14:05 - 2015-05-22 11:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-09 14:05 - 2015-05-22 11:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-09 14:05 - 2015-05-22 11:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-09 14:05 - 2015-05-22 11:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-09 14:05 - 2015-05-22 11:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-09 14:05 - 2015-05-22 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-09 14:05 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 14:05 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 14:05 - 2015-05-22 11:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-09 14:05 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 14:05 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 14:05 - 2015-05-22 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-09 14:05 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 14:05 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 14:05 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 14:05 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 14:05 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 14:05 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 14:05 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-08 13:51 - 2015-06-08 13:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roblox
2015-06-08 13:50 - 2015-06-08 13:50 - 00000000 ____D C:\Program Files (x86)\Roblox
2015-06-05 15:01 - 2015-06-21 22:35 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Panda Security
2015-06-05 15:00 - 2015-06-21 22:39 - 00000000 ____D C:\ProgramData\Panda Security
2015-06-05 15:00 - 2015-06-21 22:39 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-06-05 14:38 - 2015-06-19 22:30 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Apple Computer
2015-06-05 14:38 - 2015-06-05 14:38 - 00000000 ____D C:\Users\Brandon\WPDNSE
2015-06-05 13:41 - 2015-06-05 13:41 - 00000000 ____D C:\Users\Brandon\Documents\Symantec
2015-06-05 13:39 - 2015-06-22 02:15 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-06-05 11:52 - 2015-06-19 22:18 - 00000000 ____D C:\NPE
2015-06-04 17:06 - 2015-06-05 12:01 - 00000000 ____D C:\Windows\pss
2015-05-30 23:55 - 2015-05-31 00:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakBit
2015-05-30 23:27 - 2015-06-01 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
2015-05-30 23:27 - 2015-05-30 23:27 - 00000000 ____D C:\Program Files (x86)\Wise
2015-05-28 17:35 - 2015-06-01 01:14 - 00000000 ____D C:\Program Files\CCleaner
2015-05-27 17:35 - 2015-05-27 17:59 - 00000000 ____D C:\AdwCleaner
2015-05-27 17:05 - 2015-05-27 19:17 - 00000000 ____D C:\Program Files (x86)\Norton Bootable Recovery Tool Wizard
2015-05-26 21:42 - 2015-05-31 23:02 - 00000000 ____D C:\Windows\Minidump
2015-05-26 21:34 - 2015-06-01 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-23 18:18 - 2015-05-27 01:14 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Open Download Manager
2015-05-23 18:15 - 2015-06-04 21:54 - 00000000 ____D C:\Program Files (x86)\OpenDownloaderManager
2015-05-22 20:54 - 2015-06-01 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Survarium-Steam
2015-05-14 03:01 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 03:01 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-13 13:21 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-13 13:21 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-13 13:21 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-13 13:20 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-13 13:20 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-13 13:20 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-13 13:20 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-13 13:20 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-13 13:20 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-13 13:20 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-13 13:20 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-13 13:20 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-13 13:20 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-13 13:20 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-13 13:20 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-13 13:20 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-13 13:20 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-13 13:20 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-13 13:20 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-13 13:20 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-06 14:48 - 2015-05-06 14:48 - 00000000 ____D C:\Users\Brandon\.smplayer
2015-04-15 23:39 - 2015-04-15 23:39 - 00001810 _____ C:\Users\Brandon\Desktop\League of Legends.lnk
2015-04-14 12:44 - 2015-03-24 20:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 12:44 - 2015-03-24 20:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 12:44 - 2015-03-24 20:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 12:44 - 2015-03-24 20:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 12:44 - 2015-03-24 20:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 12:44 - 2015-03-24 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 12:44 - 2015-03-24 20:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 12:44 - 2015-03-24 20:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 12:44 - 2015-03-24 20:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 12:44 - 2015-03-24 20:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 12:44 - 2015-03-24 20:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 12:44 - 2015-03-24 20:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 12:44 - 2015-03-24 20:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 12:44 - 2015-03-24 20:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 12:44 - 2015-03-24 20:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 12:44 - 2015-03-24 20:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 12:44 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 12:44 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 12:44 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 12:44 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 12:44 - 2015-03-04 22:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 12:44 - 2015-03-04 21:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 12:44 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 12:43 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 12:43 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 12:43 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-08 13:55 - 2015-06-01 22:11 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security Suite
2015-04-04 13:29 - 2015-06-01 22:12 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-04-04 13:29 - 2015-06-01 22:11 - 00000000 ___SD C:\Windows\system32\GWX

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-22 15:34 - 2013-10-14 10:32 - 01884782 _____ C:\Windows\WindowsUpdate.log
2015-06-22 14:43 - 2013-11-06 17:08 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\.minecraft
2015-06-22 02:22 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-22 02:22 - 2009-07-13 21:45 - 00028352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-22 02:18 - 2009-07-13 22:13 - 00854376 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-22 02:15 - 2013-10-16 18:56 - 00000000 ____D C:\ProgramData\Norton
2015-06-22 02:14 - 2015-01-29 12:03 - 00010412 _____ C:\Windows\setupact.log
2015-06-22 02:14 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-22 02:14 - 2009-07-13 21:45 - 00015360 _____ C:\Windows\system32\umstartup.etl
2015-06-22 02:13 - 2009-07-13 21:45 - 00012288 _____ C:\Windows\system32\umstartup000.etl
2015-06-21 22:44 - 2009-07-13 21:45 - 00267672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-21 22:43 - 2015-01-30 20:08 - 00089160 _____ C:\Windows\PFRO.log
2015-06-21 22:36 - 2014-07-15 12:21 - 00000000 ____D C:\Program Files (x86)\Steam
2015-06-21 03:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\inetsrv
2015-06-21 03:16 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-06-20 11:56 - 2014-04-07 15:37 - 00000000 ____D C:\Users\Brandon\Desktop\Brandon
2015-06-20 11:49 - 2013-10-16 19:01 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-06-20 10:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-06-19 22:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\spool
2015-06-19 22:30 - 2014-01-03 20:27 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-06-19 22:29 - 2013-10-11 12:02 - 00000000 ____D C:\Program Files\Java
2015-06-10 03:22 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-10 03:20 - 2014-12-10 14:51 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 03:20 - 2014-05-06 03:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 03:20 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-10 03:03 - 2014-02-05 17:37 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 03:01 - 2014-02-05 17:37 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-08 21:44 - 2015-02-05 11:36 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\java
2015-06-08 13:56 - 2013-10-11 11:54 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-06-08 13:56 - 2013-10-11 11:54 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-06-08 13:51 - 2014-09-16 18:44 - 00000000 ____D C:\Users\Brandon\Documents\Telltale Games
2015-06-07 21:52 - 2013-10-11 11:51 - 00001415 _____ C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-07 21:49 - 2013-10-11 11:51 - 00000000 ____D C:\Users\Brandon
2015-06-05 13:26 - 2014-09-14 13:55 - 00000000 ____D C:\Program Files (x86)\R.G. Mechanics
2015-06-04 21:57 - 2013-10-19 11:52 - 00000000 ____D C:\Riot Games
2015-06-04 17:49 - 2013-10-14 11:17 - 00000000 ____D C:\Windows.old
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Public\Libraries
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\uk-UA
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\th-TH
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sr-Latn-CS
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sppui
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sl-SI
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Setup
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ro-RO
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Recovery
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ras
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\oobe
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\manifeststore
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\InstallShield
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\icsxml
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\hr-HR
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\he-IL
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\bg-BG
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\ar-SA
2015-06-01 22:12 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2015-06-01 22:11 - 2014-10-10 15:32 - 00000000 ____D C:\Users\Public\Documents\Arc
2015-06-01 22:11 - 2014-09-21 21:19 - 00000000 ____D C:\Windows\SysWOW64\URTTEMP
2015-06-01 22:11 - 2014-06-11 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heva Clonia
2015-06-01 22:11 - 2014-05-18 13:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Angels
2015-06-01 22:11 - 2014-05-18 13:11 - 00000000 ____D C:\Program Files (x86)\League of Angels
2015-06-01 22:11 - 2014-01-08 23:16 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Arc
2015-06-01 22:11 - 2013-10-28 21:40 - 00000000 ____D C:\ProgramData\Conduit
2015-06-01 22:11 - 2010-11-21 00:06 - 00000000 ____D C:\Windows\SysWOW64\winrm
2015-06-01 22:11 - 2010-11-21 00:06 - 00000000 ____D C:\Windows\SysWOW64\WCN
2015-06-01 22:11 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\SysWOW64\restore
2015-06-01 22:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\IME
2015-06-01 22:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-01 22:11 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-06-01 22:10 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\registration
2015-06-01 22:09 - 2010-11-21 00:06 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2015-06-01 22:09 - 2009-07-13 22:32 - 00000000 ____D C:\Windows\SysWOW64\WindowsPowerShell
2015-06-01 22:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\spp
2015-06-01 22:09 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2015-06-01 22:08 - 2013-10-11 12:15 - 00000000 ____D C:\Windows\SysWOW64\oem
2015-06-01 22:08 - 2010-11-21 00:06 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2015-06-01 22:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\NetworkList
2015-06-01 22:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\MUI
2015-06-01 22:08 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Msdtc
2015-06-01 22:07 - 2013-10-23 12:03 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-06-01 22:05 - 2013-10-16 18:56 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-06-01 22:05 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\oobe
2015-06-01 22:03 - 2014-01-08 23:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Perfect World Entertainment
2015-06-01 22:02 - 2013-10-11 12:01 - 00000000 ____D C:\Program Files (x86)\Java
2015-05-27 00:01 - 2014-07-15 12:40 - 00000000 ____D C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-23 19:21 - 2009-07-13 20:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories

==================== Files in the root of some directories =======

2014-01-04 12:24 - 2014-01-04 12:25 - 0000600 _____ () C:\Users\Brandon\AppData\Roaming\winscp.rnd
2014-09-21 21:25 - 2014-09-21 21:25 - 0000095 _____ () C:\Users\Brandon\AppData\Local\fusioncache.dat

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume2
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {71350963-34fe-11e3-9b8b-ae328cb5fa3b}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {54e0484d-3bfa-11e1-9fdd-d067e51d788d}
device                  ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{54e0484e-3bfa-11e1-9fdd-d067e51d788d}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[\Device\HarddiskVolume2]\Recovery\WindowsRE\Winre.wim,{54e0484e-3bfa-11e1-9fdd-d067e51d788d}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {71350965-34fe-11e3-9b8b-ae328cb5fa3b}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {71350963-34fe-11e3-9b8b-ae328cb5fa3b}
nx                      OptIn
usefirmwarepcisettings  No
bootlog                 No
debug                   Yes

Windows Boot Loader
-------------------
identifier              {71350965-34fe-11e3-9b8b-ae328cb5fa3b}
device                  ramdisk=[C:]\Recovery\71350965-34fe-11e3-9b8b-ae328cb5fa3b\Winre.wim,{71350966-34fe-11e3-9b8b-ae328cb5fa3b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\71350965-34fe-11e3-9b8b-ae328cb5fa3b\Winre.wim,{71350966-34fe-11e3-9b8b-ae328cb5fa3b}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {71350963-34fe-11e3-9b8b-ae328cb5fa3b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      Yes

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume2
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {54e0484e-3bfa-11e1-9fdd-d067e51d788d}
description             Ramdisk Options
ramdisksdidevice        partition=\Device\HarddiskVolume2
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {71350966-34fe-11e3-9b8b-ae328cb5fa3b}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\71350965-34fe-11e3-9b8b-ae328cb5fa3b\boot.sdi

 

LastRegBack: 2015-06-13 03:59

==================== End of log ============================

 

 

 

 

******Addition.txt*****

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Brandon at 2015-06-22 15:57:37
Running from C:\Users\Brandon\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1463623021-776205435-2290215826-500 - Administrator - Disabled)
Brandon (S-1-5-21-1463623021-776205435-2290215826-1000 - Administrator - Enabled) => C:\Users\Brandon
Guest (S-1-5-21-1463623021-776205435-2290215826-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Arc (HKLM-x32\...\{CED8E25B-122A-4E80-B612-7F99B93284B3}) (Version: 1.0.0.9642 - Perfect World Entertainment)
ATI AVIVO64 Codecs (Version: 10.8.0.40714 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{14AF193A-EC13-3B3E-BFBF-D2C471F12718}) (Version: 3.0.778.0 - ATI Technologies, Inc.)
Broadcom Gigabit NetLink Controller (HKLM\...\{A325B368-A9EC-40EF-A95C-9DEAD3683AE3}) (Version: 12.33.02 - Broadcom Corporation)
ccc-core-static (x32 Version: 2009.0714.2132.36830 - ATI) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
League of Angels version 2.1.1 (HKLM-x32\...\{322B78D9-C0FC-4762-B14E-1E80DEAC6BBA}_is1) (Version: 2.1.1 - YOUZU Games Hongkong Limited)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{86CE1746-9EFF-3C9C-8755-81EA8903AC34}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)
Modem Diagnostic Tool (HKLM\...\{0335701D-8E28-4A7F-B0EF-312974755BB2}) (Version: 1.0.24.0 - Dell)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1463623021-776205435-2290215826-1000_Classes\CLSID\{DEE03C2B-0C0C-41A9-9877-FD4B4D7B6EA3}\InprocServer32 -> C:\Users\Brandon\AppData\Local\Roblox\Versions\version-d2fd1d56447746e9\RobloxProxy64.dll (ROBLOX Corporation)

==================== Restore Points =========================

17-06-2015 09:22:45 Scheduled Checkpoint
19-06-2015 22:21:29 Norton_Power_Eraser_20150619222124776
19-06-2015 22:28:17 Removed Java™ 6 Update 22
19-06-2015 22:28:52 Removed Java™ 6 Update 22 (64-bit)
19-06-2015 22:29:24 Removed Java™ 7 (64-bit)
19-06-2015 22:29:58 Removed iTunes
19-06-2015 22:30:43 Removed Apple Software Update
19-06-2015 22:31:08 Removed Apple Application Support
19-06-2015 22:31:29 Removed Apple Mobile Device Support
19-06-2015 22:36:05 Windows Modules Installer
20-06-2015 15:14:50 Windows Update
21-06-2015 03:00:18 Windows Update
21-06-2015 22:36:47 Removed NVIDIA GAME System Software 2.8.1
22-06-2015 02:11:30 Installed Sophos Virus Removal Tool.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {12ADFA00-F50D-4FFA-AF7A-670487E8CC8B} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {219AC8AD-C52D-4448-824B-71DA84BF3EA4} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {274ED342-FBC3-473E-8A96-44A5A45224F1} - \AVG_SYS_TASK_1014av No Task File <==== ATTENTION
Task: {79972D22-EFE9-4AC0-ACE5-D6C6C60E8A8A} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.7.0.11\SymErr.exe
Task: {8DDD4D70-2531-44A0-926A-54B407D57F43} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
Task: {B3D8AD67-103E-4D08-85DA-6894BEAC31E9} - \Periodic Synchronize Task No Task File <==== ATTENTION
Task: {BD5CE25F-546F-4E9A-99DE-D34ED277376F} - \{163E8588-5195-47F2-A263-AFE79834B964} No Task File <==== ATTENTION
Task: {BE48482A-9CA1-480D-85D0-9F97CBA38B12} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation)
Task: {C306DF62-78BA-4FBE-AAE8-19E72C0E8C8E} - \Norton WSC Integration No Task File <==== ATTENTION
Task: {D1721B8F-F374-41D1-A90E-833B17AF416D} - \Adobe Acrobat Update Task No Task File <==== ATTENTION
Task: {E8858AB2-E3CD-4350-86A5-A378C0CDF0B7} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-10-16] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1463623021-776205435-2290215826-1000\...\dell.com -> dell.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1463623021-776205435-2290215826-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Brandon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: ArcService => 3
MSCONFIG\Services: SkypeUpdate => 2

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{DC595D85-3242-4818-BAD7-439660E1EB86}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{DAD5B973-30A0-4FB3-B771-F1EAE5421555}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{ECF46B03-AD76-4A32-9A7E-87E7F23D6183}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [TCP Query User{A2847C9F-EBA1-4DBF-A9C7-A1A2FE87859A}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [UDP Query User{4489380C-A87A-4B2D-A23C-C3FB75D095D8}C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe] => (Allow) C:\program files (x86)\perfect world entertainment\neverwinter_en\neverwinter\live\gameclient.exe
FirewallRules: [TCP Query User{C47DE6C7-F6D7-41E1-B57C-C18D910F8660}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{C034EF16-9E68-43B9-95BF-44C6D46FFE6F}C:\program files\java\jre7\bin\javaw.exe] => (Block) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{ABE2F20D-1163-43C6-850E-DF7CD1095335}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{9C5EE09C-DBED-490F-94AF-FA0A37106F12}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{24DA4DD1-3D57-40DE-874D-6823CCB7BEAE}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{6E86D4DC-948D-452B-881C-F11738FF4D76}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{926703F3-D7FE-4C0E-B500-0A8B0B18DE03}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E9DABDC7-3A8D-48EC-A949-02AF9F081B38}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{C67241FC-9E3F-43B6-A781-AD1C193B26BE}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BE5306BA-7151-4E50-8E55-6C5412E55655}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{F728BEB5-A1A3-40D7-BD2B-909221FD6A23}] => (Allow) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
FirewallRules: [{F8D75175-32F9-4FB7-9A64-4A4173550A67}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{FB4A26AD-C112-4A9E-B0F0-3FCEC390C36A}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe
FirewallRules: [{3201CCF9-85D3-429E-AC78-1C631017067B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{80437AF5-B216-4068-8D1E-78DB2861E5A9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{562CC4AB-3B09-461F-99BE-25EF715AC15A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tormentum Demo\TormentumDemo.exe
FirewallRules: [{94EE3980-3ED1-4F9F-9B23-17D1D8C59B28}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Tormentum Demo\TormentumDemo.exe
FirewallRules: [{96173ADF-E780-4A54-BA99-A7C7B61C6586}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Running Shadow\runningshadow.exe
FirewallRules: [{17E4B6A0-81FD-4FA9-9504-C1AEA92C79D9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Running Shadow\runningshadow.exe
FirewallRules: [{371872C0-3F65-476A-AE71-F6BD2997BC58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [{A95CA4D6-E2C1-4792-978A-FF3589E24FD1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Survarium\temp\survarium_updater.exe
FirewallRules: [TCP Query User{39FA6ED9-C3FE-4650-9574-A4FA13A44C46}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [UDP Query User{4CADDD5E-C8C6-4CCF-9AB3-895943469585}C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{09F114D0-126E-4256-93C6-DF706D650B1F}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{09BD1B94-FB14-44E7-A28F-3100ECC82342}] => (Block) C:\program files (x86)\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [{6B860FAB-1858-4C3E-9D37-B70D9F015231}] => (Allow) C:\Windows\temp\7zSEDE5.tmp\SymNRT.exe
FirewallRules: [{6DAD72E6-5196-4D33-84FE-8CB7D306C2D5}] => (Allow) C:\Windows\temp\7zSEDE5.tmp\SymNRT.exe

==================== Faulty Device Manager Devices =============

Name: H:\
Description: MS/MS-Pro      
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: E:\
Description: SD/MMC         
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: G:\
Description: SM/xD Picture  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: D:\
Description: Photosmart C8100
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: HP     
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

Name: F:\
Description: Compact Flash  
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/22/2015 03:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RBX-5E163BC1.tmp, version: 1.6.3.60693, time stamp: 0x5581b09c
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0x334
Faulting application start time: 0xRBX-5E163BC1.tmp0
Faulting application path: RBX-5E163BC1.tmp1
Faulting module path: RBX-5E163BC1.tmp2
Report Id: RBX-5E163BC1.tmp3

Error: (06/22/2015 03:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RBX-341EAB1C.tmp, version: 1.6.3.60693, time stamp: 0x5581b09c
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0xbb4
Faulting application start time: 0xRBX-341EAB1C.tmp0
Faulting application path: RBX-341EAB1C.tmp1
Faulting module path: RBX-341EAB1C.tmp2
Report Id: RBX-341EAB1C.tmp3

Error: (06/22/2015 03:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RBX-844BA8E5.tmp, version: 1.6.3.60693, time stamp: 0x5581b09c
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0x870
Faulting application start time: 0xRBX-844BA8E5.tmp0
Faulting application path: RBX-844BA8E5.tmp1
Faulting module path: RBX-844BA8E5.tmp2
Report Id: RBX-844BA8E5.tmp3

Error: (06/22/2015 03:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RBX-9A26168F.tmp, version: 1.6.3.60693, time stamp: 0x5581b09c
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0xf80
Faulting application start time: 0xRBX-9A26168F.tmp0
Faulting application path: RBX-9A26168F.tmp1
Faulting module path: RBX-9A26168F.tmp2
Report Id: RBX-9A26168F.tmp3

Error: (06/22/2015 02:41:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RBX-FA0E7273.tmp, version: 1.6.3.60693, time stamp: 0x5581b09c
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0x98
Faulting application start time: 0xRBX-FA0E7273.tmp0
Faulting application path: RBX-FA0E7273.tmp1
Faulting module path: RBX-FA0E7273.tmp2
Report Id: RBX-FA0E7273.tmp3

Error: (06/22/2015 02:40:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RBX-7B16485C.tmp, version: 1.6.3.60693, time stamp: 0x5581b09c
Faulting module name: VERSION.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdb2b
Exception code: 0xc0000005
Fault offset: 0x000015da
Faulting process id: 0x59c
Faulting application start time: 0xRBX-7B16485C.tmp0
Faulting application path: RBX-7B16485C.tmp1
Faulting module path: RBX-7B16485C.tmp2
Report Id: RBX-7B16485C.tmp3

Error: (06/21/2015 10:40:32 PM) (Source: MSMQ) (EventID: 2170) (User: )
Description: Message Queuing failed to bind to port 1801. The port may already be bound to another process. Make sure that the port is free and try to start Message Queuing again. If this problem arises during setup, you must free the port and run setup again.

Error: (06/21/2015 10:36:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary PSKMAD.

System Error:
The system cannot find the file specified.
.

Error: (06/21/2015 10:25:14 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B95C4119-E778-4CB6-A0E1-8D852FE04018}: The user Brandon-PC\Brandon dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (06/21/2015 04:29:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.

System errors:
=============
Error: (06/22/2015 02:14:31 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 2:13:04 AM on ‎6/‎22/‎2015 was unexpected.

Error: (06/22/2015 02:13:28 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (06/22/2015 02:13:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office:
=========================
Error: (06/22/2015 03:48:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RBX-5E163BC1.tmp1.6.3.606935581b09cVERSION.dll6.1.7600.163854a5bdb2bc0000005000015da33401d0ad3d8d41661eC:\Windows\TEMP\RBX-5E163BC1.tmpC:\Windows\system32\VERSION.dllcb102ead-1930-11e5-bca7-d067e51d788d

Error: (06/22/2015 03:48:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RBX-341EAB1C.tmp1.6.3.606935581b09cVERSION.dll6.1.7600.163854a5bdb2bc0000005000015dabb401d0ad3d856deabeC:\Windows\TEMP\RBX-341EAB1C.tmpC:\Windows\system32\VERSION.dllc33fc082-1930-11e5-bca7-d067e51d788d

Error: (06/22/2015 03:48:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RBX-844BA8E5.tmp1.6.3.606935581b09cVERSION.dll6.1.7600.163854a5bdb2bc0000005000015da87001d0ad3d802e12a6C:\Windows\TEMP\RBX-844BA8E5.tmpC:\Windows\system32\VERSION.dllbdfe61e0-1930-11e5-bca7-d067e51d788d

Error: (06/22/2015 03:47:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RBX-9A26168F.tmp1.6.3.606935581b09cVERSION.dll6.1.7600.163854a5bdb2bc0000005000015daf8001d0ad3d6fdd4627C:\Windows\TEMP\RBX-9A26168F.tmpC:\Windows\system32\VERSION.dllaed2ef7d-1930-11e5-bca7-d067e51d788d

Error: (06/22/2015 02:41:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RBX-FA0E7273.tmp1.6.3.606935581b09cVERSION.dll6.1.7600.163854a5bdb2bc0000005000015da9801d0ad3430fb554cC:\Windows\TEMP\RBX-FA0E7273.tmpC:\Windows\system32\VERSION.dll6ee40e88-1927-11e5-bca7-d067e51d788d

Error: (06/22/2015 02:40:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RBX-7B16485C.tmp1.6.3.606935581b09cVERSION.dll6.1.7600.163854a5bdb2bc0000005000015da59c01d0ad3404421c17C:\Windows\TEMP\RBX-7B16485C.tmpC:\Windows\system32\VERSION.dll4348dc13-1927-11e5-bca7-d067e51d788d

Error: (06/21/2015 10:40:32 PM) (Source: MSMQ) (EventID: 2170) (User: )
Description:

Error: (06/21/2015 10:36:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary PSKMAD.

System Error:
The system cannot find the file specified.

Error: (06/21/2015 10:25:14 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: {B95C4119-E778-4CB6-A0E1-8D852FE04018}Brandon-PC\BrandonBroadband Connection651

Error: (06/21/2015 04:29:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifestC:\Users\Brandon\Desktop\Anti-Virus Programs\esetsmartinstaller_enu.exe

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 31%
Total physical RAM: 3838.98 MB
Available physical RAM: 2645.12 MB
Total Pagefile: 7676.16 MB
Available Pagefile: 6280.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:450.91 GB) (Free:373.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 3863984E)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450.9 GB) - (Type=07 NTFS)

==================== End of log ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 26 June 2015 - 09:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CreateRestorePoint:
CloseProcesses:

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} ->  No File
Toolbar: HKU\S-1-5-21-1463623021-776205435-2290215826-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp [2014-12-10]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2013-10-22]
CHR HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
Task: {274ED342-FBC3-473E-8A96-44A5A45224F1} - \AVG_SYS_TASK_1014av No Task File <==== ATTENTION
Task: {B3D8AD67-103E-4D08-85DA-6894BEAC31E9} - \Periodic Synchronize Task No Task File <==== ATTENTION
Task: {BD5CE25F-546F-4E9A-99DE-D34ED277376F} - \{163E8588-5195-47F2-A263-AFE79834B964} No Task File <==== ATTENTION
Task: {C306DF62-78BA-4FBE-AAE8-19E72C0E8C8E} - \Norton WSC Integration No Task File <==== ATTENTION
Task: {D1721B8F-F374-41D1-A90E-833B17AF416D} - \Adobe Acrobat Update Task No Task File <==== ATTENTION



End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
autoclean;
emptyalltemp;
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.

Also, please provide an update on how the computer is behaving after running the above script.

===

#4 RenegadePrue

RenegadePrue
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 27 June 2015 - 07:57 PM

Computer still freezes as soon as I try to install.  First it would freeze before install but when I click run as admin it will allow me to download to desktop, as soon as I try to install program it freezes within 10-15 seconds.  Does this with Norton antivirus, Adobe Flash Player, steam games, pretty much anything I try to install except things like FRST, tdsskiller, wipe.  

 

Here are the 2 logs:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-06-2015
Ran by Brandon at 2015-06-27 17:02:14 Run:1
Running from C:\Users\Brandon\Desktop
Loaded Profiles: Brandon (Available Profiles: Brandon & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled
ProxyServer: [.DEFAULT] => http=127.0.0.1:47574
BHO-x32: No Name -> {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} ->  No File
Toolbar: HKU\S-1-5-21-1463623021-776205435-2290215826-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp [2014-12-10]
CHR Extension: (No Name) - C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff [2014-12-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2013-10-22]
CHR HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hgeaklkciolgbejekedbdphhbjbiaamp] - C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx [2013-10-22]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Brandon\AppData\Local\mysearchdial-speeddial.crx [Not Found]
S3 ArcService; C:\Program Files (x86)\Perfect World Entertainment\Arc\ArcService.exe [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
Task: {274ED342-FBC3-473E-8A96-44A5A45224F1} - \AVG_SYS_TASK_1014av No Task File <==== ATTENTION
Task: {B3D8AD67-103E-4D08-85DA-6894BEAC31E9} - \Periodic Synchronize Task No Task File <==== ATTENTION
Task: {BD5CE25F-546F-4E9A-99DE-D34ED277376F} - \{163E8588-5195-47F2-A263-AFE79834B964} No Task File <==== ATTENTION
Task: {C306DF62-78BA-4FBE-AAE8-19E72C0E8C8E} - \Norton WSC Integration No Task File <==== ATTENTION
Task: {D1721B8F-F374-41D1-A90E-833B17AF416D} - \Adobe Acrobat Update Task No Task File <==== ATTENTION

 

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983}" => key removed successfully
HKCR\Wow6432Node\CLSID\{bb46be07-13eb-4c49-b0f0-fc78b9ea4983} => key not found.
HKU\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp folder not found
C:\Users\Brandon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff folder not found
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => key removed successfully
"HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp" => key removed successfully
C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx => moved successfully.
"HKU\S-1-5-21-1463623021-776205435-2290215826-1000\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hgeaklkciolgbejekedbdphhbjbiaamp" => key removed successfully
"C:\Users\Brandon\AppData\Local\CRE\hgeaklkciolgbejekedbdphhbjbiaamp.crx" => File/Folder not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff" => key removed successfully
ArcService => Service not found.
IntcAzAudAddService => Service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{274ED342-FBC3-473E-8A96-44A5A45224F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{274ED342-FBC3-473E-8A96-44A5A45224F1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVG_SYS_TASK_1014av" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B3D8AD67-103E-4D08-85DA-6894BEAC31E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B3D8AD67-103E-4D08-85DA-6894BEAC31E9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Periodic Synchronize Task" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD5CE25F-546F-4E9A-99DE-D34ED277376F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD5CE25F-546F-4E9A-99DE-D34ED277376F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{163E8588-5195-47F2-A263-AFE79834B964}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C306DF62-78BA-4FBE-AAE8-19E72C0E8C8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C306DF62-78BA-4FBE-AAE8-19E72C0E8C8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D1721B8F-F374-41D1-A90E-833B17AF416D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D1721B8F-F374-41D1-A90E-833B17AF416D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task" => key removed successfully

The system needed a reboot..

==== End of Fixlog 17:02:37 ====

 

 

 

****2nd Log*******

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Brandon on Sat 06/27/2015 at 17:06:39.22.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Brandon\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

6/27/2015 5:09:57 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\IAHGames deleted successfully
C:\PROGRA~2\OpenDownloaderManager deleted successfully
C:\PROGRA~2\Panda Security deleted successfully
C:\PROGRA~2\R.G. Mechanics deleted successfully
C:\Program Files\Google deleted successfully
C:\PROGRA~3\Oracle deleted successfully
C:\Users\Brandon\AppData\Roaming\Panda Security deleted successfully
C:\Users\Brandon\AppData\Local\cache deleted successfully
C:\Users\Brandon\AppData\Local\CRE deleted successfully
C:\Users\Brandon\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Brandon\AppData\Local\EmieSiteList deleted successfully
C:\Users\Brandon\AppData\Local\EmieUserList deleted successfully
C:\Users\Brandon\AppData\Local\MigWiz deleted successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{00E466AB-FEB3-44D4-8CF0-58A50DCC09C6} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{10E78A00-456A-48FB-9E66-748040F3C817} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{149F4EF9-FB97-423A-9625-5C96DDC5C004} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1BC416A0-1F8A-4D1F-B86F-6E9C19E84CDE} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1CBA22C9-A43B-49DB-9102-8195D27EC26F} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1E5389E8-F6A6-45CB-BF50-0B9811A6DD8A} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2A4A9D07-DEE9-4D82-9647-DAE6CE4A0AB9} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2B33539C-9B52-4F42-A23C-0CD2CA58B31C} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2CCE083E-7300-4B21-ABAC-3F375CA9990E} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A543BDE-93A7-4B2E-BEE0-18F86BCF81F1} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{607842A5-CC30-492F-A373-989652B9F762} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6266923B-1991-49B6-B5C2-BA407F424D37} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{63E6BCCD-D8A7-47D6-96C4-9BA49A097F00} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6945C6D0-1D51-438A-BD96-57E52BF2EA3F} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EF76A37-9D92-4944-B1CF-5E9DBFC4504F} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7162B282-EA9B-4220-95BF-78E3C37EE6F2} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{76C78F04-D963-4023-95F2-B06382493380} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{820FB22C-9EE5-4E0D-8CF0-6FDF196140EF} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8CB2BA74-466F-47FA-9E01-94AF60840035} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8D0F8FB2-6315-41A8-B410-36A537E5D869} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98CC43DC-010A-4067-AA2C-DB4AAE0C3051} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A1F384DC-DA64-436A-A84A-EEEA09E7F811} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A3C3C114-C1B2-404A-9938-C7CC8EE5415B} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5EFAE2F-697D-44C2-843A-5125FFCF630E} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A68F61EE-2A87-4465-B4CD-3C94434BFE02} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB6C14BF-CEF8-438E-BA21-26E269834339} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B0EA2014-01A9-42E2-BCE8-D9B4C6749A08} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B3DFE71F-FA79-42C5-A193-688DFD81FB7C} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C0D293C6-EF2B-4064-B4BD-E2F2AADA1B11} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CEC0C99A-DAFE-486B-BDCB-8F300CEA2C53} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D3FD71B0-C684-4007-B15A-57BD24252320} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DD01CF27-D500-4E28-AAFD-3D94A5FEFCB4} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DFA211E6-F81D-484E-83A3-583082730AE7} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E50A9229-1674-4819-A7E3-594B722B1D78} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8077BC0-1B26-4D63-9D14-15BE5A6E57B0} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F388AA35-A061-4252-91B4-6E8F201EAF37} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F70C45A0-5373-4F83-B5B8-7D332AA8AE71} deleted successfully
HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F88690AA-7536-49E7-9B30-BD10D27EDCF9} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\IAHGames not found
C:\PROGRA~2\OpenDownloaderManager not found
C:\PROGRA~2\Panda Security not found
C:\PROGRA~2\R.G. Mechanics not found
C:\Users\Brandon\.android deleted
C:\PROGRA~2\Constant Guard Protection Suite deleted
C:\PROGRA~2\Wise\Wise Registry Cleaner deleted
C:\PROGRA~2\AVG SafeGuard toolbar deleted
C:\Users\Brandon\AppData\Roaming\Open Download Manager deleted
C:\PROGRA~3\AVG SafeGuard toolbar deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\Syswow64\InstallUtil.InstallLog deleted
"C:\Windows\SysWow64\AI_RecycleBin" deleted

==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Brandon\AppData\Local\Google\Chrome deleted

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://comcast.net/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://securityresponse.symantec.com/avcenter/fix_homepage"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://securityresponse.symantec.com/avcenter/fix_homepage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://comcast.net/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{9A7B9ABD-B7D8-4225-B493-9C08CDB65CBA}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"
{9A7B9ABD-B7D8-4225-B493-9C08CDB65CBA} Google  Url="https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1463623021-776205435-2290215826-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Brandon\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=107 folders=44 413147 bytes)

==== Empty Temp Folders ======================

C:\Users\Brandon\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Windows\TEMP successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Sat 06/27/2015 at 17:29:21.41 ======================



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 28 June 2015 - 07:35 AM

Download Farbar's Service Scanner utility
http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/
and Save to your Desktop.
If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Administrator.
If using XP, double-click to start.
Answer Yes to ok when prompted.
If your firewall then puts out a prompt, again, allow it to run.
Once FSS is on-screen, be sure the following items are checkmarked:
Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other services


Click on "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Copy & Paste contents of FSS.txt into your reply.

#6 RenegadePrue

RenegadePrue
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 28 June 2015 - 02:02 PM

Farbar Service Scanner Version: 17-01-2015
Ran by Brandon (administrator) on 28-06-2015 at 12:01:13
Running from "C:\Users\Brandon\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 29 June 2015 - 06:41 AM

Nothing wrong in that log.

Lets try this.

Please Download Tweaking.com - Windows Repair from Here
[list]
  • Install and then run the program
  • Execute the instructions on Step 1 Important
  • Click Next on Step 2 Optional, do the Pre Scan skip Step 3 and 4 Optional for now.
  • On Step 5 Backup System Restore Do a Registry backup. When you have completed this click Next
  • Click on Repairs
  • Click Repairs - Open Repairs in the bottom right corner
  • Click the Unselect All button then select just the item(s) listed below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    10 - Remove Policies Set By Infections
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    26 - Restore Important Windows Services
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    Restart the computer normally.

    How is the computer running now?

    =======================


#8 RenegadePrue

RenegadePrue
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 29 June 2015 - 02:26 PM

Tweaking.com - Windows Repair v3.2.2
--------------------------------------------------------------------------------

System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Home Premium
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: BRANDON-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Brandon
Current Profile SID: S-1-5-21-1463623021-776205435-2290215826-1000
Current Profile Classes: S-1-5-21-1463623021-776205435-2290215826-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Brandon\AppData\Local
--------------------------------------------------------------------------------

System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 01:10:09

Process Count: 70
Commit Total: 1.77 GB
Commit Limit: 7.50 GB
Commit Peak: 3.49 GB
Handle Count: 19257
Kernel Total: 352.38 MB
Kernel Paged: 297.71 MB
Kernel Non Paged: 54.67 MB
System Cache: 1.97 GB
Thread Count: 794
--------------------------------------------------------------------------------

Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.75 GB
Memory Used: 1.46 GB(38.9638%)
Memory Avail.: 2.29 GB
--------------------------------------------------------------------------------

Cleaning Memory Before Starting Repairs...

Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3.75 GB
Memory Used: 1.13 GB(30.0637%)
Memory Avail.: 2.62 GB
--------------------------------------------------------------------------------

Starting Repairs...
   Started at (6/29/2015 1:53:18 PM)

Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 14
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (6/29/2015 1:53:20 PM)

   Running Repair Under Current User Account
   Done (6/29/2015 1:53:27 PM)

01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (6/29/2015 1:53:28 PM)

Decompressing & Updating Windows Permission File services.txt
Done,  0.26 seconds.

   Running Repair Under System Account
   Done (6/29/2015 1:58:26 PM)

01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (6/29/2015 1:58:26 PM)

   Running Repair Under System Account
   Done (6/29/2015 1:59:39 PM)

03 - Reset Service Permissions
   Start (6/29/2015 1:59:39 PM)

   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/29/2015 2:00:28 PM)

04 - Register System Files
   Start (6/29/2015 2:00:28 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/29/2015 2:01:18 PM)

05 - Repair WMI
   Start (6/29/2015 2:01:18 PM)

   Starting Security Center So We Can Export The Security Info.

   Exporting Antivirus Info...
   ESET Smart Security 8.0 Exported.

   Exporting AntiSpyware Info...
   Windows Defender Exported.
   ESET Smart Security 8.0 Exported.

   Exporting 3rd Party Firewall Info...
   ESET Personal firewall Exported.

   Running Repair Under Current User Account
   Done (6/29/2015 2:04:02 PM)

10 - Remove Policies Set By Infections
   Start (6/29/2015 2:04:02 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (6/29/2015 2:04:05 PM)

17 - Repair Windows Updates
   Start (6/29/2015 2:04:05 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.15 seconds.

   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (6/29/2015 2:04:40 PM)

21 - Repair MSI (Windows Installer)
   Start (6/29/2015 2:04:40 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.15 seconds.

   Running Repair Under System Account
   Done (6/29/2015 2:04:52 PM)

26 - Restore Important Windows Services
   Start (6/29/2015 2:04:52 PM)
   Running Repair Under Current User Account

Decompressing & Updating Windows Permission File services.txt
Done,  0.15 seconds.

   Running Repair Under System Account
   Done (6/29/2015 2:05:01 PM)

Cleaning up empty logs...

All Selected Repairs Done.
   Done at (6/29/2015 2:05:01 PM)
   Total Repair Time: 00:11:45

...YOU MUST RESTART YOUR SYSTEM...


Edited by RenegadePrue, 29 June 2015 - 05:01 PM.


#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 30 June 2015 - 06:35 AM

How is the computer running now?

#10 RenegadePrue

RenegadePrue
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 30 June 2015 - 06:14 PM

It still freezes trying to install.  It did run a bit longer before it froze.  Normally it will freeze at 11% on Norton install and this time it made it to 28% before it froze.  Not sure if it matters but the virus did effect my install manager, whenever I tried to install before I get virus removed it would say install manager is not accessable or it is not working properly.  It no longer does that.  Is it possible that there is contradicatary user control for installations?  As I mentioned the virus added 3 Users to my computer (ASP$NET, opened a Home Group, and 1734....user).  I couldn't delete files (virus) as it would say only admin can delete or change this file.  I was logged in on my main account (only account and admin) and it would act as if I wasn't.  All these issues have been resolved just wondering if there is a trace element somewhere effecting my ability to install?  What also confuses me is why can I install certain file types with no issues and others I can't.  One more small bit of info that may or may not matter, my windows defender was shut down by the vcirus and would not let me use it either.  Even when I got it working again it would say firewall is up but when I tried to turn on Norton it would turn on for about 7-10 seconds (anti-virus protection) then turn off.  I could not keep it running.  Same thing with Panda antivirus, it would run for 7-10 seconds and then turn off again.  ESET is the only antivirus program that has worked and installed properly. 

 

My son got on and installed Roblox (online hosted game) which installed the program to desktop, but when he tries to play on a server you have to download the terrain or map pack for that map and it freezes whenever you try to play a game ( install terrain and map pack). 

 

Sorry for all the info just hoped that maybe this would help, if not sorry for all the unneeded info!

 

Thanks Again!!



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 01 July 2015 - 06:23 AM

Having 2 or more Antivirus protection software can be problematic.
One or both the programs is disabling Windows Defender. That is normal.

I suggest you download and run these uninstaller tool to remove Norton and Panda completely.


Download and run the Norton Removal Tool to uninstall your Norton product
https://support.norton.com/sp/en/us/home/current/solutions/kb20080710133834EN_EndUserProfile_en_us?abproduct=home&abversion=1&pvid=f-home

===

Panda removal tool.
http://www.pandasecurity.com/fyrom/homeusers/support/card?id=55509
===

Then test you computer and let me know what issues persists.

#12 RenegadePrue

RenegadePrue
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 01 July 2015 - 03:40 PM

I had already uninstalled both of those and still have the same problem.  I downloaded reimage repair when I was trying to download the windows repair, it did a scan and said operating system is moderately damaged but wants me to pay to fix it.  Is it likely that files were corrupted from virus that are creating my install problems?  I uninstalled ESET and had no antivirus runnign at all and tried to reinstall norton, it keeps freezing on install, reinstalled ESET and it works.  Same problem as before, freezes on install.

 

Thanks!



#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 02 July 2015 - 07:00 AM

Check for missing or corrupted Operating files in your system.

Execute the instructions on this page.
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html

Keep me posted.

#14 RenegadePrue

RenegadePrue
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:03:21 PM

Posted 02 July 2015 - 08:16 PM

Okay I ran sfc/scannow and it said I had corrupt files that could not be fixed, to see what files go to ....CBS.log.  Once I get to file it tries to open with notepad and says "access is denied":  So I can not view what files are corrupt so they can be fixed.  I have tried to change ownership to gain access to the file but no luck.  Not sure what to do?!


Edited by RenegadePrue, 02 July 2015 - 08:18 PM.


#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,779 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:21 PM

Posted 03 July 2015 - 07:38 AM

to see what files go to ....CBS.log. Once I get to file it tries to open with notepad and says "access is denied":


Are you logged as an Administrator?

Right click the cbs.log file and select propterties.
Any option to get admin right on this file?

If that fails try this

Click the Windows log on the left of the bottom task bar.
type cmd.exe on the search box.
When the file is found right click on it an select run as an Administrator.

Execute the following command at the DOS prompt.

findstr /c:"[SR]" C:\Windows\logs\cbs\cbs.log >sfcdetails.txt <- Make sure you type this string correctly.

This will produce a sfcdetails.txt file in your C: drive.

Copy and paste the content on your next reply.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users