Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

360 Total Security may have hosed my computer


  • This topic is locked This topic is locked
27 replies to this topic

#1 Ridleywalker

Ridleywalker

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 25 October 2015 - 12:38 PM

Short version: I have 360 Total Security on my computer. Was trying to follow instrux on this site to remove it and somehow my screen has now gone completely black. I can't get any Windows desktop functions, such as start menu (windows 10). So I can't run a log. I am hesitant about shutting down and restarting in case that makes the problem even worse.

 

Long version in case anyone wants to read it.

 

I have an HP Stream 13, which has notoriously small drive capacity.  At the suggestion of howtogeek.com, I created a backup image on a thumb drive and then downloaded EaseUS to wipe the recovery partition and then recover it for use.  I think (hope) that it was with EaseUS that I wound up with this dame 360 Total Security

 

Tried to follow the Bleeping Computer instrux to remove it. iexplore did not kill the process.  And the process that Bleeping told me to look for was not there.  Instead there was a process called something like QH 360 Total Security, which I could not kill.  Tried variants of rkill as well.  No go. 

 

Tried to log onto Bleeping, which I had used years ago, looking for help.  Could not log in and every attempt to reset the password also failed.  Did it several times but every time I did I was told that my login had failed. That was when I tried to alt-tab to switch windows and had no desktop any more. I could minimize my browser (Firefox) but all I got was a blank black screen.

 

Closed the laptop lid and switched computers. Tried again to reset password. Still could not.  Started to wonder if this damn 360 thing had compromised my email account in some way...

 

Registered as a new user on the different computer with a different email address. That's how I managed to post this.

 

Hoping someone can help.  Headed off now to change my gmail password from a different device. 

 

Crap day today.

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:08 AM

Posted 30 October 2015 - 12:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/594401 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 October 2015 - 07:52 PM

Okay. So. I tried to download FRST on the infected computer. Of course the Bleeping Computer page "could not be found" so I assume the virus is blocking access to the BC site.

 

I went to another computer and downloaded FRST. No icon appeared on my desktop. In the browser I clicked on "open folder location" and nothing happened.  I tried to launch it from the browser's download and got a message that the file had been removed.  I am going to try a different browser and will report back but now I'm worried that somehow the other computer is infected with something as well.  I tried to click on the Norton Internet Security "history" button but got nothing. Clicking the button had no result. 



#4 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 October 2015 - 08:12 PM

Tried to download FRST on the second computer (not the one that has 360 infection) with Chrome, Firefox and the Edge browsers. Each browser blocked me from getting at the file, each in its own way. I tried renaming the exe to txt to see if I could fool the system but that did not work either. 

 

So... what I have is Windows 10, 64 bit. I don't have original disks. The Stream 13 came with the Windows 8 installed and a recovery partition (which is still on that machine).  The 10 upgrade was downloaded. Not sure if the recovery partition would take me back to Win 8 or if that was updated along with the Win 10 upgrade.

 

As described above I created a backup image on an external drive before downloading and running the EaseUS program. But I don't know for a fact that 360 was installed when I did that download. It could have been on my system before that and could be part of the backup image now as well, for all we know. 

 

I've never restored from a backup before and hesitate to do it until I hear some advice from you all, just in case restoring onto an infected computer risks infecting the backup as well.  

 

Yeah. I'm lost. 


Edited by Ridleywalker, 30 October 2015 - 08:15 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 30 October 2015 - 10:08 PM

Greetings Ridleywalker and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please run this program for me.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive and start on a clean computer.
  • From a working computer please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • FRST log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 30 October 2015 - 10:44 PM

Gary, thanks so much for your help.  I'm Steve.  Here is my log.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015
Ran by SYSTEM on MININT-COTRP9T (30-10-2015 23:39:20)
Running from d:\
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-08-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\steve\...\Run: [GoogleChromeAutoLaunch_8A8DD573A36035355A59CEABF8B3EDB8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\steve\...\Run: [Dashlane] => C:\Users\steve\AppData\Roaming\Dashlane\Dashlane.exe [227712 2015-10-23] ()
HKU\steve\...\Run: [DashlanePlugin] => C:\Users\steve\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2015-10-23] ()
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-26] (Hewlett-Packard Company)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328616 2015-08-02] (Intel Corporation)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-23] (Symantec Corporation)
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-02] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-29] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-09-05] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-20] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-20] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-09-05] (360.cn)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-09-05] (360.cn)
S1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20151022.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
S1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20151023.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
S0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-09-24] (Intel® Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151030.006\ENG64.SYS [138488 2015-10-30] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151030.006\EX64.SYS [2148080 2015-10-30] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-08-02] (Realtek Semiconductor Corp.)
S3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-09-19] (Realtek Semiconductor Corporation                           )
S3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-08-29] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
S0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-02] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USB_Ethernet_Adaptor; C:\Windows\System32\drivers\USB_Ethernet_Adaptor.sys [21504 2015-08-02] (Corechip Semiconductor, Inc. Co Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-08-02] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-30 23:39 - 2015-10-30 23:39 - 00000000 ____D C:\FRST
2015-10-30 23:33 - 2015-10-30 23:33 - 00000000 _____ C:\Recovery.txt
2015-10-30 19:30 - 2015-10-30 19:30 - 00016148 _____ C:\Windows\System32\STEVES-HP-STREA_steve_HistoryPrediction.bin
2015-10-25 08:09 - 2015-10-25 08:10 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\steve\Downloads\iexplore.exe
2015-10-25 08:02 - 2015-10-25 08:02 - 00000000 ____D C:\ProgramData\1445788941_00000000_base
2015-10-25 07:56 - 2015-10-25 07:56 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\rkill.exe
2015-10-25 07:53 - 2015-10-25 07:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\stevie.exe
2015-10-25 07:51 - 2015-10-25 07:57 - 00002198 _____ C:\Users\steve\Desktop\Rkill.txt
2015-10-25 07:51 - 2015-10-25 07:51 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\rkill.scr
2015-10-25 07:36 - 2015-10-25 07:36 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-1.75.0.1300.exe
2015-10-25 07:22 - 2015-10-25 07:23 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\steve\Downloads\ieexplore.exe
2015-10-25 07:04 - 2015-10-30 16:22 - 00000000 ____D C:\Users\steve\AppData\Local\PlutoTV
2015-10-25 07:04 - 2015-10-25 07:04 - 00000013 _____ C:\Users\steve\.pluto.tv
2015-10-25 07:03 - 2015-10-25 07:04 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2015-10-25 07:03 - 2015-10-25 07:03 - 00001155 _____ C:\Users\Public\Desktop\PlutoTV.lnk
2015-10-25 07:00 - 2015-10-30 16:22 - 00000000 ____D C:\Users\steve\AppData\LocalLow\360WD
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\Users\steve\AppData\Roaming\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360safe
2015-10-25 07:00 - 2015-09-05 22:43 - 00363088 _____ (360.cn) C:\Windows\System32\Drivers\360fsflt.sys
2015-10-25 06:59 - 2015-10-25 08:03 - 00001222 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-10-25 06:59 - 2015-10-25 06:59 - 00000000 _RSHD C:\360SANDBOX
2015-10-25 06:59 - 2015-09-20 20:10 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys
2015-10-25 06:59 - 2015-09-20 20:10 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys.795
2015-10-25 06:59 - 2015-09-05 22:43 - 00178768 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV64.SYS
2015-10-25 06:59 - 2015-09-05 22:43 - 00137296 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker64.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys.tmp
2015-10-25 06:59 - 2015-09-05 22:43 - 00040520 _____ (360.cn) C:\Windows\System32\Drivers\360Camera64.sys
2015-10-25 06:56 - 2015-10-25 06:56 - 00000000 ____D C:\Program Files (x86)\360
2015-10-25 06:54 - 2015-10-25 06:54 - 00000000 ____D C:\Users\steve\AppData\Roaming\OpenCandy
2015-10-25 06:54 - 2015-09-20 20:30 - 03557000 _____ C:\Windows\System32\BootMan.exe
2015-10-25 06:54 - 2015-09-20 20:19 - 02658952 _____ C:\Windows\SysWOW64\BootMan.exe
2015-10-25 06:54 - 2014-11-18 10:46 - 00021088 _____ C:\Windows\SysWOW64\EuEpmGdi.dll
2015-10-25 06:54 - 2014-11-18 10:46 - 00017504 _____ C:\Windows\System32\EuEpmGdi.dll
2015-10-25 06:54 - 2014-11-18 10:39 - 00018528 _____ C:\Windows\System32\epmntdrv.sys
2015-10-25 06:54 - 2014-11-18 10:39 - 00014944 _____ C:\Windows\SysWOW64\epmntdrv.sys
2015-10-25 06:54 - 2014-11-18 10:39 - 00010848 _____ C:\Windows\System32\EuGdiDrv.sys
2015-10-25 06:54 - 2014-11-18 10:39 - 00010208 _____ C:\Windows\SysWOW64\EuGdiDrv.sys
2015-10-25 06:54 - 2014-11-18 10:38 - 00101984 _____ C:\Windows\System32\setupempdrvx64.exe
2015-10-25 06:54 - 2014-11-18 10:38 - 00088160 _____ C:\Windows\SysWOW64\setupempdrv03.exe
2015-10-25 06:51 - 2015-10-25 06:51 - 29407904 _____ (EaseUS ) C:\Users\steve\Downloads\epm.exe
2015-10-25 06:31 - 2015-10-25 06:31 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-10-25 06:27 - 2015-10-25 06:29 - 29645496 _____ (EaseUS ) C:\Users\steve\Downloads\epm_trial.exe
2015-10-24 20:16 - 2015-10-24 20:16 - 00000794 _____ C:\Windows\setupact.log
2015-10-21 15:18 - 2015-10-21 15:18 - 00000000 ____D C:\b998f5c8fbd9ceddce19
2015-10-17 13:33 - 2015-10-17 13:33 - 00000000 ____D C:\ac9aa9f79154a0d0125bda0a63
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\dfc8a93a1bd58ab9891e93085994f9ef
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\d837b79222d17abc83
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\a24ad28166939b5988db11
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\57b44174b91093504bd2ba0685b13e89
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\54c9186cc75570755a2a0ccc57
2015-10-15 17:37 - 2015-10-15 17:40 - 69939760 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\steve\Downloads\setup_wps_office_9.1.0.5200_121.exe
2015-10-15 13:12 - 2015-10-15 13:13 - 02880680 _____ (Microsoft Corporation) C:\Users\steve\Downloads\Setup.X86.en-US_O365HomePremRetail_5d84293e-79a7-4f51-b111-96ad1afde80c_TX_PR_.exe
2015-10-15 12:41 - 2015-10-15 12:41 - 00001100 _____ C:\Users\Public\Desktop\WinDirStat.lnk
2015-10-15 12:41 - 2015-10-15 12:41 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-10-15 12:40 - 2015-10-15 12:41 - 00307200 _____ (Secure By Design Inc.) C:\Users\steve\Downloads\Ninite WinDirStat Installer.exe
2015-10-15 09:54 - 2015-10-15 09:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-14 09:46 - 2015-10-09 22:40 - 21875712 _____ (Microsoft Corporation) C:\Windows\System32\edgehtml.dll
2015-10-14 09:46 - 2015-10-09 22:07 - 18806272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-10-14 09:46 - 2015-10-05 19:03 - 16708608 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Xaml.dll
2015-10-14 09:46 - 2015-10-05 18:46 - 13027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 09:46 - 2015-09-30 20:01 - 01294352 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-10-14 09:46 - 2015-09-30 20:01 - 01123400 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-10-14 09:46 - 2015-09-30 20:01 - 01018568 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-10-14 09:46 - 2015-09-30 20:01 - 00858408 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-10-14 09:46 - 2015-09-30 20:00 - 08020320 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-10-14 09:46 - 2015-09-24 20:01 - 02573768 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-10-14 09:46 - 2015-09-24 20:01 - 00498016 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2015-10-14 09:46 - 2015-09-24 19:56 - 22322624 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-10-14 09:46 - 2015-09-24 19:52 - 00980832 _____ (Microsoft Corporation) C:\Windows\System32\SecConfig.efi
2015-10-14 09:46 - 2015-09-24 19:33 - 01997336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-10-14 09:46 - 2015-09-24 19:26 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 09:46 - 2015-09-24 19:17 - 24595456 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-10-14 09:46 - 2015-09-24 19:09 - 12504064 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-10-14 09:46 - 2015-09-24 19:07 - 01276416 _____ (Microsoft Corporation) C:\Windows\System32\wifinetworkmanager.dll
2015-10-14 09:46 - 2015-09-24 19:04 - 02178560 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentServer.dll
2015-10-14 09:46 - 2015-09-24 19:04 - 00826880 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-10-14 09:46 - 2015-09-24 19:03 - 00796160 _____ (Microsoft Corporation) C:\Windows\System32\TokenBroker.dll
2015-10-14 09:46 - 2015-09-24 19:03 - 00576000 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-10-14 09:46 - 2015-09-24 19:02 - 07523840 _____ (Microsoft Corporation) C:\Windows\System32\Chakra.dll
2015-10-14 09:46 - 2015-09-24 19:02 - 00949248 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-10-14 09:46 - 2015-09-24 19:01 - 04792320 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-10-14 09:46 - 2015-09-24 19:01 - 03586560 _____ (Microsoft Corporation) C:\Windows\System32\win32kfull.sys
2015-10-14 09:46 - 2015-09-24 19:00 - 01423872 _____ (Microsoft Corporation) C:\Windows\System32\UserDataService.dll
2015-10-14 09:46 - 2015-09-24 19:00 - 01382400 _____ (Microsoft Corporation) C:\Windows\System32\win32kbase.sys
2015-10-14 09:46 - 2015-09-24 19:00 - 00856576 _____ (Microsoft Corporation) C:\Windows\System32\ContactApis.dll
2015-10-14 09:46 - 2015-09-24 19:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\System32\ChatApis.dll
2015-10-14 09:46 - 2015-09-24 18:59 - 01795072 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentExtensions.dll
2015-10-14 09:46 - 2015-09-24 18:59 - 01205248 _____ (Microsoft Corporation) C:\Windows\System32\Unistore.dll
2015-10-14 09:46 - 2015-09-24 18:58 - 01871360 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-10-14 09:46 - 2015-09-24 18:48 - 19325952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 09:46 - 2015-09-24 18:38 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 09:46 - 2015-09-24 18:38 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 09:46 - 2015-09-24 18:38 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 09:46 - 2015-09-24 18:37 - 00766976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 09:46 - 2015-09-24 18:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2015-10-14 09:46 - 2015-09-24 18:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 09:46 - 2015-09-24 18:36 - 11262976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 09:46 - 2015-09-24 18:36 - 05454848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-10-14 09:46 - 2015-09-24 18:34 - 00928256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-10-14 09:46 - 2015-09-24 18:34 - 00625152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2015-10-14 09:46 - 2015-09-24 18:34 - 00579584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2015-10-14 09:46 - 2015-09-24 18:34 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2015-10-14 09:46 - 2015-09-24 18:32 - 01594368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-10-14 09:45 - 2015-10-09 23:12 - 00078528 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-10-14 09:45 - 2015-09-30 19:03 - 00757760 _____ (Microsoft Corporation) C:\Windows\System32\fveapi.dll
2015-10-14 09:45 - 2015-09-24 19:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\System32\UserDataAccountApis.dll
2015-10-14 09:45 - 2015-09-24 19:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\System32\PhoneCallHistoryApis.dll
2015-10-14 09:45 - 2015-09-24 19:04 - 00771072 _____ (Microsoft Corporation) C:\Windows\System32\Chakradiag.dll
2015-10-14 09:45 - 2015-09-24 19:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 09:45 - 2015-09-24 19:02 - 00579072 _____ (Microsoft Corporation) C:\Windows\System32\winlogon.exe
2015-10-14 09:45 - 2015-09-24 18:59 - 00720896 _____ (Microsoft Corporation) C:\Windows\System32\EmailApis.dll
2015-10-14 09:45 - 2015-09-24 18:59 - 00685568 _____ (Microsoft Corporation) C:\Windows\System32\AppointmentApis.dll
2015-10-14 09:45 - 2015-09-24 18:59 - 00590336 _____ (Microsoft Corporation) C:\Windows\System32\MessagingDataModel2.dll
2015-10-14 09:45 - 2015-09-24 18:59 - 00288256 _____ (Microsoft Corporation) C:\Windows\System32\PimIndexMaintenance.dll
2015-10-14 09:45 - 2015-09-24 18:59 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\CallHistoryClient.dll
2015-10-14 09:45 - 2015-09-24 18:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2015-10-14 09:45 - 2015-09-24 18:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 09:45 - 2015-09-24 18:38 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2015-10-14 09:45 - 2015-09-24 18:34 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2015-10-14 09:45 - 2015-09-24 18:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2015-10-14 09:45 - 2015-09-24 18:32 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2015-10-10 17:06 - 2015-10-10 17:06 - 00000000 _____ C:\Users\steve\AppData\LocalLow\rightsCheck_1.txt
2015-10-10 17:04 - 2015-10-10 17:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-10 17:04 - 2015-10-10 17:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-10 17:02 - 2015-10-10 17:03 - 13155552 _____ (Microsoft Corporation) C:\Users\steve\Downloads\Silverlight_x64(1).exe
2015-10-10 17:01 - 2015-10-10 17:02 - 13155552 _____ (Microsoft Corporation) C:\Users\steve\Downloads\Silverlight_x64.exe
2015-10-02 15:43 - 2015-10-30 16:38 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2015-10-02 15:38 - 2015-10-15 19:10 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-10-02 15:38 - 2015-10-15 19:10 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 03:11 - 2015-09-18 21:14 - 00102304 _____ (Microsoft Corporation) C:\Windows\System32\omadmapi.dll
2015-10-02 03:11 - 2015-09-16 22:50 - 02464216 _____ (Microsoft Corporation) C:\Windows\System32\mfcore.dll
2015-10-02 03:11 - 2015-09-16 22:50 - 01563392 _____ (Microsoft Corporation) C:\Windows\System32\winmde.dll
2015-10-02 03:11 - 2015-09-16 22:50 - 00099664 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\pdc.sys
2015-10-02 03:11 - 2015-09-16 22:50 - 00088384 _____ (Microsoft Corporation) C:\Windows\System32\remoteaudioendpoint.dll
2015-10-02 03:11 - 2015-09-16 22:49 - 06487248 _____ (Microsoft Corporation) C:\Windows\System32\windows.storage.dll
2015-10-02 03:11 - 2015-09-16 22:49 - 01563472 _____ (Microsoft Corporation) C:\Windows\System32\wmpmde.dll
2015-10-02 03:11 - 2015-09-16 22:49 - 00894256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2015-10-02 03:11 - 2015-09-16 22:49 - 00553808 _____ (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
2015-10-02 03:11 - 2015-09-16 22:49 - 00501008 _____ (Microsoft Corporation) C:\Windows\System32\AudioEng.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 02824248 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 02494712 _____ C:\Windows\System32\CoreUIComponents.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 02432336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2015-10-02 03:11 - 2015-09-16 22:48 - 02156400 _____ (Microsoft Corporation) C:\Windows\System32\hevcdecoder.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 01983824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2015-10-02 03:11 - 2015-09-16 22:48 - 00809352 _____ (Microsoft Corporation) C:\Windows\System32\CoreMessaging.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 00784136 _____ (Microsoft Corporation) C:\Windows\System32\mfsvr.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 00584656 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 00555768 _____ (Microsoft Corporation) C:\Windows\System32\directmanipulation.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 00537080 _____ (Microsoft Corporation) C:\Windows\System32\WWanAPI.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 00516448 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\USBHUB3.SYS
2015-10-02 03:11 - 2015-09-16 22:48 - 00505696 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms2.sys
2015-10-02 03:11 - 2015-09-16 22:48 - 00476760 _____ (Microsoft Corporation) C:\Windows\System32\MFCaptureEngine.dll
2015-10-02 03:11 - 2015-09-16 22:48 - 00406864 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2015-10-02 03:11 - 2015-09-16 22:48 - 00395088 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2015-10-02 03:11 - 2015-09-16 22:48 - 00332624 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fastfat.sys
2015-10-02 03:11 - 2015-09-16 22:48 - 00278352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\sdbus.sys
2015-10-02 03:11 - 2015-09-16 22:48 - 00243760 _____ (Microsoft Corporation) C:\Windows\System32\mfps.dll
2015-10-02 03:11 - 2015-09-16 22:47 - 01397088 _____ (Microsoft Corporation) C:\Windows\System32\LicenseManager.dll
2015-10-02 03:11 - 2015-09-16 22:44 - 00781976 _____ (Microsoft Corporation) C:\Windows\System32\mfds.dll
2015-10-02 03:11 - 2015-09-16 22:43 - 00966416 _____ (Microsoft Corporation) C:\Windows\System32\twinapi.appcore.dll
2015-10-02 03:11 - 2015-09-16 22:37 - 01295712 _____ (Microsoft Corporation) C:\Windows\System32\wpx.dll
2015-10-02 03:11 - 2015-09-16 22:37 - 01168736 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2015-10-02 03:11 - 2015-09-16 22:28 - 05120056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2015-10-02 03:11 - 2015-09-16 22:28 - 02154808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-10-02 03:11 - 2015-09-16 22:28 - 01357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-10-02 03:11 - 2015-09-16 22:28 - 00441168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2015-10-02 03:11 - 2015-09-16 22:28 - 00407608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-10-02 03:11 - 2015-09-16 22:28 - 00074880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2015-10-02 03:11 - 2015-09-16 22:27 - 01766952 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-10-02 03:11 - 2015-09-16 22:27 - 00454512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2015-10-02 03:11 - 2015-09-16 22:26 - 02446648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-10-02 03:11 - 2015-09-16 22:26 - 01895568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2015-10-02 03:11 - 2015-09-16 22:26 - 00646672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-10-02 03:11 - 2015-09-16 22:26 - 00508248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-10-02 03:11 - 2015-09-16 22:26 - 00434376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2015-10-02 03:11 - 2015-09-16 22:26 - 00428128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2015-10-02 03:11 - 2015-09-16 22:25 - 00962400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-10-02 03:11 - 2015-09-16 22:21 - 00658528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-10-02 03:11 - 2015-09-16 22:20 - 00764416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-10-02 03:11 - 2015-09-16 22:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\System32\enrollmentapi.dll
2015-10-02 03:11 - 2015-09-16 22:10 - 00169984 _____ (Microsoft Corporation) C:\Windows\System32\mdmregistration.dll
2015-10-02 03:11 - 2015-09-16 22:09 - 00269312 _____ (Microsoft Corporation) C:\Windows\System32\provengine.dll
2015-10-02 03:11 - 2015-09-16 22:09 - 00143360 _____ (Microsoft Corporation) C:\Windows\System32\provops.dll
2015-10-02 03:11 - 2015-09-16 22:08 - 00494592 _____ (Microsoft Corporation) C:\Windows\System32\StoreAgent.dll
2015-10-02 03:11 - 2015-09-16 22:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Speech.Pal.dll
2015-10-02 03:11 - 2015-09-16 22:08 - 00026624 _____ (Microsoft Corporation) C:\Windows\System32\LicenseManagerShellext.exe
2015-10-02 03:11 - 2015-09-16 22:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\CellularAPI.dll
2015-10-02 03:11 - 2015-09-16 22:06 - 00467968 _____ (Microsoft Corporation) C:\Windows\System32\MBMediaManager.dll
2015-10-02 03:11 - 2015-09-16 22:06 - 00149504 _____ (Microsoft Corporation) C:\Windows\System32\tetheringservice.dll
2015-10-02 03:11 - 2015-09-16 22:05 - 02226688 _____ (Microsoft Corporation) C:\Windows\System32\NetworkMobileSettings.dll
2015-10-02 03:11 - 2015-09-16 22:05 - 00483328 _____ (Microsoft Corporation) C:\Windows\System32\OneDriveSettingSyncProvider.dll
2015-10-02 03:11 - 2015-09-16 22:04 - 07569408 _____ (Microsoft Corporation) C:\Windows\System32\mos.dll
2015-10-02 03:11 - 2015-09-16 22:04 - 00910848 _____ (Microsoft Corporation) C:\Windows\System32\SharedStartModel.dll
2015-10-02 03:11 - 2015-09-16 22:04 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\DataSenseHandlers.dll
2015-10-02 03:11 - 2015-09-16 22:03 - 00267776 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Management.dll
2015-10-02 03:11 - 2015-09-16 22:03 - 00187904 _____ (Microsoft Corporation) C:\Windows\System32\provisioningcsp.dll
2015-10-02 03:11 - 2015-09-16 22:03 - 00154624 _____ (Microsoft Corporation) C:\Windows\System32\dmcertinst.exe
2015-10-02 03:11 - 2015-09-16 22:03 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\ngckeyenum.dll
2015-10-02 03:11 - 2015-09-16 22:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\DeviceEnroller.exe
2015-10-02 03:11 - 2015-09-16 22:02 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\mdmmigrator.dll
2015-10-02 03:11 - 2015-09-16 22:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\System32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-02 03:11 - 2015-09-16 22:00 - 03248640 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.dll
2015-10-02 03:11 - 2015-09-16 22:00 - 02417664 _____ (Microsoft Corporation) C:\Windows\System32\MFMediaEngine.dll
2015-10-02 03:11 - 2015-09-16 22:00 - 00446976 _____ (Microsoft Corporation) C:\Windows\System32\MapConfiguration.dll
2015-10-02 03:11 - 2015-09-16 22:00 - 00106496 _____ (Microsoft Corporation) C:\Windows\System32\KeywordDetectorMsftSidAdapter.dll
2015-10-02 03:11 - 2015-09-16 21:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\tileobjserver.dll
2015-10-02 03:11 - 2015-09-16 21:57 - 02228736 _____ (Microsoft Corporation) C:\Windows\System32\wlansvc.dll
2015-10-02 03:11 - 2015-09-16 21:57 - 00403456 _____ (Microsoft Corporation) C:\Windows\System32\dmenrollengine.dll
2015-10-02 03:11 - 2015-09-16 21:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\VEEventDispatcher.dll
2015-10-02 03:11 - 2015-09-16 21:57 - 00137728 _____ (Microsoft Corporation) C:\Windows\System32\VEStoreEventHandlers.dll
2015-10-02 03:11 - 2015-09-16 21:56 - 00859136 _____ (Microsoft Corporation) C:\Windows\System32\modernexecserver.dll
2015-10-02 03:11 - 2015-09-16 21:56 - 00521728 _____ (Microsoft Corporation) C:\Windows\System32\PsmServiceExtHost.dll
2015-10-02 03:11 - 2015-09-16 21:56 - 00317440 _____ (Microsoft Corporation) C:\Windows\System32\configmanager2.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 02236416 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 01601536 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Media.Speech.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 00671232 _____ (Microsoft Corporation) C:\Windows\System32\WUDFx02000.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 00366592 _____ (Microsoft Corporation) C:\Windows\System32\wuuhext.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\System32\ngccredprov.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 00202240 _____ (Microsoft Corporation) C:\Windows\System32\accountaccessor.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 00121856 _____ (Microsoft Corporation) C:\Windows\System32\dmcsps.dll
2015-10-02 03:11 - 2015-09-16 21:55 - 00120832 _____ (Microsoft Corporation) C:\Windows\System32\omadmclient.exe
2015-10-02 03:11 - 2015-09-16 21:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\wwancfg.dll
2015-10-02 03:11 - 2015-09-16 21:54 - 03781120 _____ (Microsoft Corporation) C:\Windows\System32\SettingsHandlers_nt.dll
2015-10-02 03:11 - 2015-09-16 21:54 - 00780288 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.dll
2015-10-02 03:11 - 2015-09-16 21:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-02 03:11 - 2015-09-16 21:53 - 07055872 _____ (Microsoft Corporation) C:\Windows\System32\BingMaps.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 06572032 _____ (Microsoft Corporation) C:\Windows\System32\wwanmm.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\netcenter.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 01181696 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 00856576 _____ (Microsoft Corporation) C:\Windows\System32\MPSSVC.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 00591360 _____ (Microsoft Corporation) C:\Windows\System32\wcmsvc.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 00570880 _____ (Microsoft Corporation) C:\Windows\System32\MbaeApi.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\wwanconn.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 00371712 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\wcmcsp.dll
2015-10-02 03:11 - 2015-09-16 21:52 - 00162304 _____ (Microsoft Corporation) C:\Windows\System32\SubscriptionMgr.dll
2015-10-02 03:11 - 2015-09-16 21:51 - 02660864 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Logon.dll
2015-10-02 03:11 - 2015-09-16 21:51 - 01812480 _____ (Microsoft Corporation) C:\Windows\System32\pnidui.dll
2015-10-02 03:11 - 2015-09-16 21:51 - 01203712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Devices.Bluetooth.dll
2015-10-02 03:11 - 2015-09-16 21:51 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\audiosrv.dll
2015-10-02 03:11 - 2015-09-16 21:51 - 00359936 _____ (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2015-10-02 03:11 - 2015-09-16 21:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2015-10-02 03:11 - 2015-09-16 21:50 - 00929280 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\bthport.sys
2015-10-02 03:11 - 2015-09-16 21:50 - 00421888 _____ (Microsoft Corporation) C:\Windows\System32\Windows.Internal.Bluetooth.dll
2015-10-02 03:11 - 2015-09-16 21:50 - 00320000 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\portcls.sys
2015-10-02 03:11 - 2015-09-16 21:50 - 00312832 _____ (Microsoft Corporation) C:\Windows\System32\SensorsApi.dll
2015-10-02 03:11 - 2015-09-16 21:50 - 00221184 _____ (Microsoft Corporation) C:\Windows\System32\LocationPeWiFi.dll
2015-10-02 03:11 - 2015-09-16 21:50 - 00204288 _____ (Microsoft Corporation) C:\Windows\System32\LocationPeCell.dll
2015-10-02 03:11 - 2015-09-16 21:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\buttonconverter.sys
2015-10-02 03:11 - 2015-09-16 21:49 - 02740224 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 01290240 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.Shell.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 01010176 _____ (Microsoft Corporation) C:\Windows\System32\RDXService.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 00439296 _____ (Microsoft Corporation) C:\Windows\System32\LocationWebproxy.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\LocationGeofences.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 00268800 _____ (Microsoft Corporation) C:\Windows\System32\LocationFramework.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\LocationCrowdsource.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 00176640 _____ (Microsoft Corporation) C:\Windows\System32\LocationPeIP.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 00095744 _____ (Microsoft Corporation) C:\Windows\System32\LocationWiFiAdapter.dll
2015-10-02 03:11 - 2015-09-16 21:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Speech.Pal.dll
2015-10-02 03:11 - 2015-09-16 21:48 - 02093056 _____ (Microsoft Corporation) C:\Windows\System32\wlidsvc.dll
2015-10-02 03:11 - 2015-09-16 21:48 - 00517632 _____ (Microsoft Corporation) C:\Windows\System32\NotificationController.dll
2015-10-02 03:11 - 2015-09-16 21:48 - 00408064 _____ (Microsoft Corporation) C:\Windows\System32\CredProvDataModel.dll
2015-10-02 03:11 - 2015-09-16 21:48 - 00387584 _____ (Microsoft Corporation) C:\Windows\System32\LockAppBroker.dll
2015-10-02 03:11 - 2015-09-16 21:48 - 00347136 _____ (Microsoft Corporation) C:\Windows\System32\ncryptprov.dll
2015-10-02 03:11 - 2015-09-16 21:48 - 00273920 _____ (Microsoft Corporation) C:\Windows\System32\Windows.ApplicationModel.LockScreen.dll
2015-10-02 03:11 - 2015-09-16 21:47 - 00513536 _____ (Microsoft Corporation) C:\Windows\System32\ngcsvc.dll
2015-10-02 03:11 - 2015-09-16 21:47 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-02 03:11 - 2015-09-16 21:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\System32\cloudAP.dll
2015-10-02 03:11 - 2015-09-16 21:46 - 00928256 _____ (Microsoft Corporation) C:\Windows\System32\JpMapControl.dll
2015-10-02 03:11 - 2015-09-16 21:46 - 00621056 _____ (Microsoft Corporation) C:\Windows\System32\enterprisecsps.dll
2015-10-02 03:11 - 2015-09-16 21:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\System32\AppXDeploymentClient.dll
2015-10-02 03:11 - 2015-09-16 21:46 - 00224256 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCore.dll
2015-10-02 03:11 - 2015-09-16 21:46 - 00118272 _____ (Microsoft Corporation) C:\Windows\System32\KnobsCsp.dll
2015-10-02 03:11 - 2015-09-16 21:46 - 00084480 _____ (Microsoft Corporation) C:\Windows\System32\MDMAppInstaller.exe
2015-10-02 03:11 - 2015-09-16 21:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\HttpsDataSource.dll
2015-10-02 03:11 - 2015-09-16 21:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\syncmlhook.dll
2015-10-02 03:11 - 2015-09-16 21:45 - 01331200 _____ (Microsoft Corporation) C:\Windows\System32\UIAutomationCore.dll
2015-10-02 03:11 - 2015-09-16 21:45 - 00869376 _____ (Microsoft Corporation) C:\Windows\System32\MapControlCore.dll
2015-10-02 03:11 - 2015-09-16 21:45 - 00832512 _____ (Microsoft Corporation) C:\Windows\System32\MapsStore.dll
2015-10-02 03:11 - 2015-09-16 21:45 - 00627712 _____ (Microsoft Corporation) C:\Windows\System32\Windows.UI.dll
2015-10-02 03:11 - 2015-09-16 21:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2015-10-02 03:11 - 2015-09-16 21:44 - 01844736 _____ (Microsoft Corporation) C:\Windows\System32\workfolderssvc.dll
2015-10-02 03:11 - 2015-09-16 21:44 - 00599552 _____ (Microsoft Corporation) C:\Windows\System32\wpnapps.dll
2015-10-02 03:11 - 2015-09-16 21:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\bisrv.dll
2015-10-02 03:11 - 2015-09-16 21:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\System32\syncutil.dll
2015-10-02 03:11 - 2015-09-16 21:43 - 01213440 _____ (Microsoft Corporation) C:\Windows\System32\RemoteNaturalLanguage.dll
2015-10-02 03:11 - 2015-09-16 21:43 - 00378368 _____ (Microsoft Corporation) C:\Windows\System32\SystemEventsBrokerServer.dll
2015-10-02 03:11 - 2015-09-16 21:43 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2015-10-02 03:11 - 2015-09-16 21:43 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\psmsrv.dll
2015-10-02 03:11 - 2015-09-16 21:42 - 02646528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-10-02 03:11 - 2015-09-16 21:41 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2015-10-02 03:11 - 2015-09-16 21:40 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2015-10-02 03:11 - 2015-09-16 21:40 - 01918464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-10-02 03:11 - 2015-09-16 21:40 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2015-10-02 03:11 - 2015-09-16 21:39 - 00587264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-02 03:11 - 2015-09-16 21:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-02 03:11 - 2015-09-16 21:38 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2015-10-02 03:11 - 2015-09-16 21:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-10-02 03:11 - 2015-09-16 21:36 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2015-10-02 03:11 - 2015-09-16 21:35 - 05079552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2015-10-02 03:11 - 2015-09-16 21:35 - 02207232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-02 03:11 - 2015-09-16 21:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2015-10-02 03:11 - 2015-09-16 21:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-02 03:11 - 2015-09-16 21:34 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2015-10-02 03:11 - 2015-09-16 21:32 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2015-10-02 03:11 - 2015-09-16 21:32 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2015-10-02 03:11 - 2015-09-16 21:32 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-02 03:11 - 2015-09-16 21:31 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2015-10-02 03:11 - 2015-09-16 21:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2015-10-02 03:11 - 2015-09-16 21:29 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-10-02 03:11 - 2015-09-16 21:29 - 00701952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2015-10-02 03:11 - 2015-09-16 21:29 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2015-10-02 03:11 - 2015-09-16 21:29 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-10-02 03:11 - 2015-09-16 21:28 - 00473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2015-10-02 03:11 - 2015-09-16 21:26 - 00899584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2015-10-02 03:11 - 2015-09-16 21:16 - 00512000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2015-10-02 03:11 - 2015-09-12 18:05 - 02987520 _____ (Microsoft Corporation) C:\Windows\System32\esent.dll
2015-10-02 03:11 - 2015-09-12 17:41 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-30 19:32 - 2015-07-10 01:05 - 00524288 ___SH C:\Windows\System32\config\BBI
2015-10-30 19:31 - 2015-07-10 04:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-10-30 19:31 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\System32\sru
2015-10-30 19:30 - 2015-08-02 17:48 - 00000000 ____D C:\users\steve
2015-10-30 19:30 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\AppReadiness
2015-10-30 19:29 - 2015-08-23 17:35 - 00001956 _____ C:\Users\steve\Desktop\Dashlane.lnk
2015-10-30 19:29 - 2015-08-23 17:33 - 00000000 ____D C:\Users\steve\AppData\Roaming\Dashlane
2015-10-30 17:08 - 2015-08-06 04:49 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-30 17:05 - 2015-08-06 04:49 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-30 16:51 - 2015-08-21 06:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-10-30 16:43 - 2015-07-10 02:55 - 00000000 ____D C:\Windows\CbsTemp
2015-10-30 16:29 - 2015-08-04 09:56 - 00004164 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{76AA2B04-E6A5-417D-9DE2-EBE3457F8E30}
2015-10-30 16:23 - 2015-07-10 04:22 - 00000275 _____ C:\Windows\WindowsUpdate.log
2015-10-24 20:24 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\System32\Recovery
2015-10-24 20:21 - 2015-08-02 18:14 - 00000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2015-10-24 20:17 - 2015-08-02 17:53 - 00830266 _____ C:\Windows\System32\PerfStringBackup.INI
2015-10-16 12:40 - 2015-08-02 19:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-15 19:41 - 2015-07-10 01:05 - 00032768 ___SH C:\Windows\System32\config\ELAM
2015-10-15 19:40 - 2015-08-02 20:36 - 00029036 _____ C:\Windows\PFRO.log
2015-10-15 19:40 - 2015-07-10 04:20 - 00198248 _____ C:\Windows\System32\FNTCACHE.DAT
2015-10-15 19:40 - 2015-07-10 03:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-10-15 19:39 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\System32\appraiser
2015-10-15 18:11 - 2015-08-02 17:59 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-10-15 17:50 - 2015-08-04 18:19 - 00000000 ____D C:\Users\steve\AppData\Roaming\kingsoft
2015-10-15 17:50 - 2015-08-04 18:19 - 00000000 ____D C:\Users\steve\AppData\Local\Kingsoft
2015-10-15 13:14 - 2015-07-10 03:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-15 12:17 - 2015-08-02 17:49 - 00000000 ____D C:\Users\steve\AppData\Local\Packages
2015-10-05 18:35 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\System32\NDF
2015-10-02 15:57 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\rescache
2015-10-02 15:38 - 2015-08-02 18:08 - 00003404 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2015-10-02 15:38 - 2015-08-02 18:05 - 00000000 ____D C:\Windows\System32\Drivers\NISx64
2015-10-02 15:36 - 2015-07-10 03:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2015-10-02 15:36 - 2015-07-10 03:04 - 00000000 ___SD C:\Windows\System32\F12
2015-10-02 15:36 - 2015-07-10 03:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-10-02 15:36 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\System32\WinBioPlugIns
2015-10-02 15:36 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\System32\SystemResetPlatform
2015-10-02 15:36 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\Provisioning
2015-10-02 15:36 - 2015-07-10 03:04 - 00000000 ____D C:\Windows\L2Schemas
 
==================== Known DLLs (Whitelisted) =========================
 
[2015-07-10 02:59] - [2015-07-10 02:59] - 0435200 ____A (Microsoft Corporation) C:\Windows\System32\coml2.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 0339968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\coml2.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2015-10-14 09:45] - [2015-09-24 19:02] - 0579072 ____A (Microsoft Corporation) 6688FE37E767BA15F022B7E59E5E7EA6
 
C:\Windows\System32\wininit.exe
[2015-08-03 18:04] - [2015-07-17 21:02] - 0290312 ____A (Microsoft Corporation) 7718A2A9B2BFB2C8E2BAEB03310CA3FD
 
C:\Windows\explorer.exe
[2015-08-20 14:58] - [2015-08-11 02:04] - 4532304 ____A (Microsoft Corporation) F1CBCB7FA6F3B309639AA2D4EF74469C
 
C:\Windows\SysWOW64\explorer.exe
[2015-08-20 14:58] - [2015-08-11 01:40] - 4048808 ____A (Microsoft Corporation) B3F90790F991A5A21113B58EE50FA696
 
C:\Windows\System32\svchost.exe
[2015-07-10 02:59] - [2015-07-10 02:59] - 0039856 ____A (Microsoft Corporation) A1AEAFC58DF7803B8AA2B09EA93C722F
 
C:\Windows\SysWOW64\svchost.exe
[2015-07-10 03:00] - [2015-07-10 03:00] - 0035176 ____A (Microsoft Corporation) A412DEDAC6A1FF7BA06FEB3B6725495E
 
C:\Windows\System32\services.exe
[2015-07-10 03:00] - [2015-07-10 03:00] - 0446336 ____A (Microsoft Corporation) BB3D8E1C108F7244613FF3993291A922
 
C:\Windows\System32\User32.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 1366168 ____A (Microsoft Corporation) 75EBC59EAB1B4484FFC9B81DD5F4BE46
 
C:\Windows\SysWOW64\User32.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 1310880 ____A (Microsoft Corporation) 729FE09CBAE7DCCBE43FA83D63A87278
 
C:\Windows\System32\userinit.exe
[2015-07-10 03:00] - [2015-07-10 03:00] - 0030720 ____A (Microsoft Corporation) 5F6D4F12EA33BFC0F0F8CEEAC332AB2B
 
C:\Windows\SysWOW64\userinit.exe
[2015-07-10 03:00] - [2015-07-10 03:00] - 0026112 ____A (Microsoft Corporation) A89C18F5E6D8981D5E937B325290915A
 
C:\Windows\System32\rpcss.dll
[2015-07-10 02:59] - [2015-07-10 02:59] - 0873984 ____A (Microsoft Corporation) 5E57B9FBB4E9C43EE5B69BEE01A1819F
 
C:\Windows\System32\dnsapi.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-07-10 03:00] - [2015-07-10 03:00] - 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7
 
C:\Windows\System32\Drivers\volsnap.sys
[2015-07-10 02:59] - [2015-07-10 02:59] - 0378720 ____A (Microsoft Corporation) 823A237D871CD652C6BFD47BECB6810A
 
 
==================== EXE Association (Whitelisted) =============
 
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 32%
Total physical RAM: 1939.04 MB
Available physical RAM: 1315.07 MB
Total Virtual: 1939.04 MB
Available Virtual: 1337.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:21.36 GB) (Free:0.23 GB) NTFS
Drive d: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.5 GB) (Free:0.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 43E48B20)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 261A002F)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
 
 
LastRegBack: 2015-08-02 20:36
 
==================== End of FRST.txt ============================


#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 31 October 2015 - 08:08 AM

HI Steve, nice to meet you. Let's see what we can do. Please start with this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-09-05] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-20] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-20] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-09-05] (360.cn)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-09-05] (360.cn)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-10-25 07:00 - 2015-10-30 16:22 - 00000000 ____D C:\Users\steve\AppData\LocalLow\360WD
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\Users\steve\AppData\Roaming\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360safe
2015-10-25 07:00 - 2015-09-05 22:43 - 00363088 _____ (360.cn) C:\Windows\System32\Drivers\360fsflt.sys
2015-10-25 06:59 - 2015-10-25 08:03 - 00001222 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-10-25 06:56 - 2015-10-25 06:56 - 00000000 ____D C:\Program Files (x86)\360
2015-10-25 06:54 - 2015-10-25 06:54 - 00000000 ____D C:\Users\steve\AppData\Roaming\OpenCandy
2015-10-25 06:59 - 2015-10-25 06:59 - 00000000 _RSHD C:\360SANDBOX
2015-10-25 06:59 - 2015-09-20 20:10 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys
2015-10-25 06:59 - 2015-09-20 20:10 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys.795
2015-10-25 06:59 - 2015-09-05 22:43 - 00178768 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV64.SYS
2015-10-25 06:59 - 2015-09-05 22:43 - 00137296 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker64.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys.tmp
2015-10-25 06:59 - 2015-09-05 22:43 - 00040520 _____ (360.cn) C:\Windows\System32\Drivers\360Camera64.sys
2015-10-21 15:18 - 2015-10-21 15:18 - 00000000 ____D C:\b998f5c8fbd9ceddce19
2015-10-17 13:33 - 2015-10-17 13:33 - 00000000 ____D C:\ac9aa9f79154a0d0125bda0a63
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\dfc8a93a1bd58ab9891e93085994f9ef
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\d837b79222d17abc83
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\a24ad28166939b5988db11
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\57b44174b91093504bd2ba0685b13e89
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\54c9186cc75570755a2a0ccc57
Folder: C:\ProgramData\1445788941_00000000_base
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Attempt to boot your computer into Normal or Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Can you boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 31 October 2015 - 10:47 AM

Yes, I am able to boot the computer.

Fix result of Farbar Recovery Scan Tool (x64) Version:30-10-2015
Ran by SYSTEM (2015-10-31 11:44:08) Run:1
Running from d:\
Boot Mode: Recovery
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-09-05] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-20] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-20] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-09-05] (360.cn)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-09-05] (360.cn)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-10-25 07:00 - 2015-10-30 16:22 - 00000000 ____D C:\Users\steve\AppData\LocalLow\360WD
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\Users\steve\AppData\Roaming\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360safe
2015-10-25 07:00 - 2015-09-05 22:43 - 00363088 _____ (360.cn) C:\Windows\System32\Drivers\360fsflt.sys
2015-10-25 06:59 - 2015-10-25 08:03 - 00001222 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-10-25 06:56 - 2015-10-25 06:56 - 00000000 ____D C:\Program Files (x86)\360
2015-10-25 06:54 - 2015-10-25 06:54 - 00000000 ____D C:\Users\steve\AppData\Roaming\OpenCandy
2015-10-25 06:59 - 2015-10-25 06:59 - 00000000 _RSHD C:\360SANDBOX
2015-10-25 06:59 - 2015-09-20 20:10 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys
2015-10-25 06:59 - 2015-09-20 20:10 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys.795
2015-10-25 06:59 - 2015-09-05 22:43 - 00178768 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV64.SYS
2015-10-25 06:59 - 2015-09-05 22:43 - 00137296 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker64.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys.tmp
2015-10-25 06:59 - 2015-09-05 22:43 - 00040520 _____ (360.cn) C:\Windows\System32\Drivers\360Camera64.sys
2015-10-21 15:18 - 2015-10-21 15:18 - 00000000 ____D C:\b998f5c8fbd9ceddce19
2015-10-17 13:33 - 2015-10-17 13:33 - 00000000 ____D C:\ac9aa9f79154a0d0125bda0a63
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\dfc8a93a1bd58ab9891e93085994f9ef
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\d837b79222d17abc83
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\a24ad28166939b5988db11
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\57b44174b91093504bd2ba0685b13e89
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\54c9186cc75570755a2a0ccc57
Folder: C:\ProgramData\1445788941_00000000_base
*****************

HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED) => Error: No automatic fix found for this entry.
QHActiveDefense => service not found.
360AntiHacker => service not found.
360AvFlt => service not found.
360Box64 => service not found.
360Camera => service not found.
360FsFlt => service not found.
BAPIDRV => service not found.
wfpcapture => service not found.
2015-10-25 07:00 - 2015-10-30 16:22 - 00000000 ____D C:\Users\steve\AppData\LocalLow\360WD => Error: No automatic fix found for this entry.
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\Users\steve\AppData\Roaming\360TotalSecurity => Error: No automatic fix found for this entry.
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360TotalSecurity => Error: No automatic fix found for this entry.
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360safe => Error: No automatic fix found for this entry.
2015-10-25 07:00 - 2015-09-05 22:43 - 00363088 _____ (360.cn) C:\Windows\System32\Drivers\360fsflt.sys => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-10-25 08:03 - 00001222 _____ C:\Users\Public\Desktop\360 Total Security.lnk => Error: No automatic fix found for this entry.
2015-10-25 06:56 - 2015-10-25 06:56 - 00000000 ____D C:\Program Files (x86)\360 => Error: No automatic fix found for this entry.
2015-10-25 06:54 - 2015-10-25 06:54 - 00000000 ____D C:\Users\steve\AppData\Roaming\OpenCandy => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-10-25 06:59 - 00000000 _RSHD C:\360SANDBOX => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-09-20 20:10 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-09-20 20:10 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-09-05 22:43 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys.795 => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-09-05 22:43 - 00178768 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV64.SYS => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-09-05 22:43 - 00137296 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker64.sys => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-09-05 22:43 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys.tmp => Error: No automatic fix found for this entry.
2015-10-25 06:59 - 2015-09-05 22:43 - 00040520 _____ (360.cn) C:\Windows\System32\Drivers\360Camera64.sys => Error: No automatic fix found for this entry.
2015-10-21 15:18 - 2015-10-21 15:18 - 00000000 ____D C:\b998f5c8fbd9ceddce19 => Error: No automatic fix found for this entry.
2015-10-17 13:33 - 2015-10-17 13:33 - 00000000 ____D C:\ac9aa9f79154a0d0125bda0a63 => Error: No automatic fix found for this entry.
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\dfc8a93a1bd58ab9891e93085994f9ef => Error: No automatic fix found for this entry.
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\d837b79222d17abc83 => Error: No automatic fix found for this entry.
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\a24ad28166939b5988db11 => Error: No automatic fix found for this entry.
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\57b44174b91093504bd2ba0685b13e89 => Error: No automatic fix found for this entry.
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\54c9186cc75570755a2a0ccc57 => Error: No automatic fix found for this entry.
Folder: C:\ProgramData\1445788941_00000000_base => Error: No automatic fix found for this entry.

==== End of Fixlog 11:44:09 ====

Edited by Oh My!, 31 October 2015 - 02:23 PM.


#9 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 31 October 2015 - 10:48 AM

As above I can boot the computer. But I now have a new added feature: Something called Pluto TV that is a persistent, unclosable application that plays me videos I don't want to see. Likely this shows up in the logs above.

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 31 October 2015 - 02:26 PM

Thanks,

I saw that program and was going to ask you about it but our first priority was to get your computer to boot.

Did you happen to run the Fixlist twice?

Please run a FRST scan in Normal Boot and make sure Addition.txt is checked. Copy and paste both logs in your reply.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 31 October 2015 - 02:31 PM

My computer can boot.

I only ran Fixlist once.

I'm not sure what you mean by "both" logs. You asked me to run FRST scan in normal boot and to make sure Addition.txt is checked. So I assume that gives me one log. What is the other log?

#12 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 31 October 2015 - 02:44 PM

Nevermind...I see that this time FRST gave me two logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-10-2015
Ran by steve (administrator) on STEVES-HP-STREA (31-10-2015 15:34:06)
Running from D:\
Loaded Profiles: steve (Available Profiles: steve)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Qihu Software Co. Limited) C:\Program Files (x86)\360\Total Security\safemon\QHWatchdog.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\nis.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\steve\AppData\Roaming\Dashlane\Dashlane.exe
() C:\Users\steve\AppData\Roaming\Dashlane\DashlanePlugin.exe
() C:\Program Files (x86)\Pluto TV\PlutoTV.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe
() C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
() C:\Program Files (x86)\Pluto TV\PlutoTV.exe
() C:\Program Files (x86)\Pluto TV\PlutoTV.exe
() C:\Program Files (x86)\Pluto TV\PlutoTV.exe
() C:\Program Files (x86)\Pluto TV\PlutoTV.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x64__8wekyb3d8bbwe\HxMail.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x64__8wekyb3d8bbwe\HxTsr.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(QIHU 360 SOFTWARE CO. LIMITED) C:\Program Files (x86)\360\Total Security\PatchUp.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Farbar) D:\frst.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Farbar) C:\Users\steve\Desktop\frst.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-08-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3945656 2015-08-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\EpmNews.exe [2089056 2015-09-16] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\Run: [GoogleChromeAutoLaunch_8A8DD573A36035355A59CEABF8B3EDB8] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [811848 2015-10-20] (Google Inc.)
HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\Run: [Dashlane] => C:\Users\steve\AppData\Roaming\Dashlane\Dashlane.exe [227712 2015-10-23] ()
HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\Run: [DashlanePlugin] => C:\Users\steve\AppData\Roaming\Dashlane\DashlanePlugin.exe [285568 2015-10-23] ()
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\buShell.dll [2015-08-27] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PlutoTV.lnk [2015-10-25]
ShortcutTarget: PlutoTV.lnk -> C:\Program Files (x86)\Pluto TV\PlutoTV.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{1021b831-312a-4fde-9427-667d866ef612}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{aee8896a-cd39-4832-8774-8d18a98b463c}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{b0cd66e9-fe31-434c-af32-498197356489}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon64.dll [2015-09-21] (Qihu 360 Software Co., Ltd.)
BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\steve\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2015-10-23] (Dashlane)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files (x86)\360\Total Security\safemon\safemon.dll [2015-09-06] (Qihu 360 Software Co., Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\steve\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-10-23] (Dashlane)

FireFox:
========
FF ProfilePath: C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\kxkjc7tx.default
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_226.dll [2015-10-16] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_226.dll [2015-10-16] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Extension: Flashblock - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\kxkjc7tx.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2015-09-07]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\kxkjc7tx.default\Extensions\adblockpopups@jessehakanen.net.xpi [2015-09-07]
FF Extension: Adblock Plus - C:\Users\steve\AppData\Roaming\Mozilla\Firefox\Profiles\kxkjc7tx.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-09-28]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.2.15\coFFPlgn [2015-10-31]
FF HKLM-x32\...\Firefox\Extensions: [WebProtection@360safe.com] - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox
FF Extension: 360 Internet Protection - C:\Program Files (x86)\360\Total Security\safemon\webprotection_firefox [2015-10-25] [not signed]
FF HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\Firefox\Extensions: [jetpack-extension@dashlane.com] - C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\Extensions\JetPack_expanded\jetpack-extension@dashlane.com
FF Extension: Dashlane - C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\Extensions\JetPack_expanded\jetpack-extension@dashlane.com [2015-10-30] [not signed]

Chrome:
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/","hxxps://www.google.com/"
CHR DefaultSearchKeyword: Default -> aString
CHR Profile: C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-06]
CHR Extension: (Google Docs) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-06]
CHR Extension: (Google Drive) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (Shortcuts for Google™) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\baohinapilmkigilbbbcccncoljkdpnd [2015-10-13]
CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-08-06]
CHR Extension: (YouTube) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-02]
CHR Extension: (Minimalist for Everything) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmihblnpomgpjkfddepdpdafhhepdbek [2015-08-06]
CHR Extension: (Google Cast) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2015-10-13]
CHR Extension: (FlashBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cdngiadmnkhgemkimkhiilgffbjijcie [2015-08-06]
CHR Extension: (Send to Kindle for Google Chrome) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdjpilhipecahhcilnafpblkieebhea [2015-09-19]
CHR Extension: (Norton Security Toolbar) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-10-13]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2015-10-24]
CHR Extension: (Google Search) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-24]
CHR Extension: (Dropbox for Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-10-13]
CHR Extension: (Google Calendar) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-13]
CHR Extension: (Facebook Disconnect) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec [2015-08-06]
CHR Extension: (Page Eraser) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekofpchjmoalonajopdeegdappocgcmj [2015-08-06]
CHR Extension: (MediaPlus) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\emaamodndfmmmcjepfigalbjjjemadom [2015-08-06]
CHR Extension: (Foxtab Speed Dial) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcoecifcadmambfikillppkoafmgachp [2015-08-06]
CHR Extension: (Dashlane) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2015-08-28]
CHR Extension: (Google Sheets) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-06]
CHR Extension: (ezAutoCorrect for GMail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fholdolknchpdbajhpdenookmikblmda [2015-08-06]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2015-10-24]
CHR Extension: (Defer (formerly Instachrome)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\fldildgghjoohccppflaohodcnmlacpb [2015-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-05]
CHR Extension: (AdBlock) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-15]
CHR Extension: (Google Calendar (by Google)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmbgaklkmjakoegficnlkhebmhkjfich [2015-10-13]
CHR Extension: (Tabs to the front!) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hjaooagfdhdhmbfchnkhggjmacjlacla [2015-08-06]
CHR Extension: (Checker Plus for Google Calendar™) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkhggnncdpfibdhinjiegagmopldibha [2015-09-22]
CHR Extension: (Kindle Cloud Reader) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-08-06]
CHR Extension: (Clearly) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\iooicodkiihhpojmmeghjclgihfjdjhj [2015-08-06]
CHR Extension: (Text Only, Please!) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdfpkfddmojhlcoepfpdileleloickfj [2015-08-06]
CHR Extension: (Disconnect) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-08-06]
CHR Extension: (View Thru) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkncfnbcgbclefkbknfdbngiegdppgdd [2015-08-06]
CHR Extension: (Hangouts call) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbpgddbgniojgndnhlkjbkpknjhppkbk [2015-08-06]
CHR Extension: (Google Voice (by Google)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-08-06]
CHR Extension: (Simplenote) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfjoocpipbbafoimjgbkmfnjcjejdbjo [2015-08-06]
CHR Extension: (Google Hangouts) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-10-24]
CHR Extension: (BugMeNot Lite) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lackfehpdclhclidcbbfcemcpolgdgnb [2015-08-06]
CHR Extension: (VidsBigger) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlmmmmbpbfgcklcjoipilgnmemaclcld [2015-08-06]
CHR Extension: (Google Hangouts) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-10-15]
CHR Extension: (feedly) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2015-08-06]
CHR Extension: (Save to Pocket) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2015-10-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-06]
CHR Extension: (Personal Blocklist (by Google)) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nolijncfnkgaikbjbdaogikpmpbdcdef [2015-08-21]
CHR Extension: (Hover Zoom) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjdcjchghhkdoolnlbekcfllmednbl [2015-10-02]
CHR Extension: (Trello) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\oflhioojkbelepjlnafgmgkkjhojphcg [2015-08-06]
CHR Extension: (Click&Clean App) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdabfienifkbhoihedcgeogidfmibmhp [2015-09-15]
CHR Extension: (Evernote Web Clipper) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2015-10-02]
CHR Extension: (Gmail) - C:\Users\steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-06]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-02]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [24888 2015-07-27] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328616 2015-08-02] (Intel Corporation)
R2 IKEEXT; C:\Windows\System32\ikeext.dll [954368 2015-07-10] (Microsoft Corporation) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\NIS.exe [282016 2015-09-24] (Symantec Corporation)
R2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-21] (QIHU 360 SOFTWARE CO. LIMITED)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [303360 2015-08-02] (Realtek Semiconductor)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-29] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-09-06] (360.cn)
R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-21] (360.cn)
R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-21] (360.cn)
R1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-06] (360.cn)
R1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-09-06] (360.cn)
R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-09-06] (360.cn)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\BASHDefs\20151022.001\BHDrvx64.sys [1665608 2015-10-08] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605040.018\ccSetx64.sys [173808 2015-07-10] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\IPSDefs\20151030.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-09-25] (Intel® Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151031.001\ENG64.SYS [138488 2015-10-30] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.2.15\Definitions\VirusDefs\20151031.001\EX64.SYS [2148080 2015-10-30] (Symantec Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-08-02] (Realtek Semiconductor Corp.)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-09-19] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44216 2015-08-29] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605040.018\SRTSP64.SYS [930024 2015-09-23] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605040.018\SRTSPX64.SYS [50936 2015-07-10] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-10] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605040.018\SymELAM.sys [24192 2015-07-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-02] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605040.018\Ironx64.SYS [297720 2015-07-10] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605040.018\SYMNETS.SYS [577768 2015-09-23] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 USB_Ethernet_Adaptor; C:\Windows\System32\drivers\USB_Ethernet_Adaptor.sys [21504 2015-08-02] (Corechip Semiconductor, Inc. Co Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-08-02] (HP Inc.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 15:33 - 2015-10-30 23:21 - 02198016 _____ (Farbar) C:\Users\steve\Desktop\frst.exe
2015-10-31 15:32 - 2015-10-31 15:32 - 00016148 _____ C:\WINDOWS\system32\STEVES-HP-STREA_steve_HistoryPrediction.bin
2015-10-31 11:33 - 2015-10-31 11:30 - 00018331 _____ C:\Users\steve\Desktop\fixlist.txt
2015-10-31 03:39 - 2015-10-31 15:34 - 00000000 ____D C:\FRST
2015-10-25 12:09 - 2015-10-25 12:10 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\steve\Downloads\iexplore.exe
2015-10-25 12:02 - 2015-10-25 12:02 - 00000000 ____D C:\ProgramData\1445788941_00000000_base
2015-10-25 11:56 - 2015-10-25 11:56 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\rkill.exe
2015-10-25 11:53 - 2015-10-25 11:53 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\stevie.exe
2015-10-25 11:51 - 2015-10-25 11:57 - 00002198 _____ C:\Users\steve\Desktop\Rkill.txt
2015-10-25 11:51 - 2015-10-25 11:51 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\steve\Downloads\rkill.scr
2015-10-25 11:36 - 2015-10-25 11:36 - 10284816 _____ (Malwarebytes Corporation ) C:\Users\steve\Downloads\mbam-setup-1.75.0.1300.exe
2015-10-25 11:22 - 2015-10-25 11:23 - 02508432 _____ (Sysinternals - www.sysinternals.com) C:\Users\steve\Downloads\ieexplore.exe
2015-10-25 11:04 - 2015-10-31 12:04 - 00000000 ____D C:\Users\steve\AppData\Local\PlutoTV
2015-10-25 11:04 - 2015-10-25 11:04 - 00000013 _____ C:\Users\steve\.pluto.tv
2015-10-25 11:03 - 2015-10-25 11:04 - 00000000 ____D C:\Program Files (x86)\Pluto TV
2015-10-25 11:03 - 2015-10-25 11:03 - 00001155 _____ C:\Users\Public\Desktop\PlutoTV.lnk
2015-10-25 11:03 - 2015-10-25 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pluto TV
2015-10-25 11:00 - 2015-10-31 12:04 - 00000000 ____D C:\Users\steve\AppData\LocalLow\360WD
2015-10-25 11:00 - 2015-10-25 11:00 - 00000000 ____D C:\Users\steve\AppData\Roaming\360TotalSecurity
2015-10-25 11:00 - 2015-10-25 11:00 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-10-25 11:00 - 2015-10-25 11:00 - 00000000 ____D C:\ProgramData\360safe
2015-10-25 11:00 - 2015-09-06 02:43 - 00363088 _____ (360.cn) C:\WINDOWS\system32\Drivers\360fsflt.sys
2015-10-25 10:59 - 2015-10-25 12:03 - 00001222 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-10-25 10:59 - 2015-10-25 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\360 Security Center
2015-10-25 10:59 - 2015-10-25 10:59 - 00000000 _RSHD C:\360SANDBOX
2015-10-25 10:59 - 2015-09-21 00:10 - 00319568 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Box64.sys
2015-10-25 10:59 - 2015-09-21 00:10 - 00077904 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AvFlt.sys
2015-10-25 10:59 - 2015-09-06 02:43 - 00178768 _____ (360.cn) C:\WINDOWS\system32\Drivers\BAPIDRV64.SYS
2015-10-25 10:59 - 2015-09-06 02:43 - 00137296 _____ (360.cn) C:\WINDOWS\system32\Drivers\360AntiHacker64.sys
2015-10-25 10:59 - 2015-09-06 02:43 - 00040520 _____ (360.cn) C:\WINDOWS\system32\Drivers\360Camera64.sys
2015-10-25 10:56 - 2015-10-25 10:56 - 00000000 ____D C:\Program Files (x86)\360
2015-10-25 10:54 - 2015-10-25 10:54 - 00000000 ____D C:\Users\steve\AppData\Roaming\OpenCandy
2015-10-25 10:54 - 2015-10-25 10:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.8
2015-10-25 10:54 - 2015-09-21 00:30 - 03557000 _____ C:\WINDOWS\system32\BootMan.exe
2015-10-25 10:54 - 2015-09-21 00:19 - 02658952 _____ C:\WINDOWS\SysWOW64\BootMan.exe
2015-10-25 10:54 - 2014-11-18 14:46 - 00021088 _____ C:\WINDOWS\SysWOW64\EuEpmGdi.dll
2015-10-25 10:54 - 2014-11-18 14:46 - 00017504 _____ C:\WINDOWS\system32\EuEpmGdi.dll
2015-10-25 10:54 - 2014-11-18 14:39 - 00018528 _____ C:\WINDOWS\system32\epmntdrv.sys
2015-10-25 10:54 - 2014-11-18 14:39 - 00014944 _____ C:\WINDOWS\SysWOW64\epmntdrv.sys
2015-10-25 10:54 - 2014-11-18 14:39 - 00010848 _____ C:\WINDOWS\system32\EuGdiDrv.sys
2015-10-25 10:54 - 2014-11-18 14:39 - 00010208 _____ C:\WINDOWS\SysWOW64\EuGdiDrv.sys
2015-10-25 10:54 - 2014-11-18 14:38 - 00101984 _____ C:\WINDOWS\system32\setupempdrvx64.exe
2015-10-25 10:54 - 2014-11-18 14:38 - 00088160 _____ C:\WINDOWS\SysWOW64\setupempdrv03.exe
2015-10-25 10:51 - 2015-10-25 10:51 - 29407904 _____ (EaseUS ) C:\Users\steve\Downloads\epm.exe
2015-10-25 10:31 - 2015-10-25 10:31 - 00000000 ____D C:\Program Files (x86)\EaseUS
2015-10-25 10:27 - 2015-10-25 10:29 - 29645496 _____ (EaseUS ) C:\Users\steve\Downloads\epm_trial.exe
2015-10-25 00:16 - 2015-10-31 11:32 - 00001588 _____ C:\WINDOWS\setupact.log
2015-10-15 22:11 - 2015-10-15 22:11 - 00000000 _____ C:\dfc8a93a1bd58ab9891e93085994f9ef
2015-10-15 22:11 - 2015-10-15 22:11 - 00000000 _____ C:\d837b79222d17abc83
2015-10-15 22:11 - 2015-10-15 22:11 - 00000000 _____ C:\a24ad28166939b5988db11
2015-10-15 22:11 - 2015-10-15 22:11 - 00000000 _____ C:\57b44174b91093504bd2ba0685b13e89
2015-10-15 22:11 - 2015-10-15 22:11 - 00000000 _____ C:\54c9186cc75570755a2a0ccc57
2015-10-15 21:37 - 2015-10-15 21:40 - 69939760 _____ (Zhuhai Kingsoft Office Software Co.,Ltd) C:\Users\steve\Downloads\setup_wps_office_9.1.0.5200_121.exe
2015-10-15 17:12 - 2015-10-15 17:13 - 02880680 _____ (Microsoft Corporation) C:\Users\steve\Downloads\Setup.X86.en-US_O365HomePremRetail_5d84293e-79a7-4f51-b111-96ad1afde80c_TX_PR_.exe
2015-10-15 16:41 - 2015-10-15 16:41 - 00001100 _____ C:\Users\Public\Desktop\WinDirStat.lnk
2015-10-15 16:41 - 2015-10-15 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat
2015-10-15 16:41 - 2015-10-15 16:41 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-10-15 16:40 - 2015-10-15 16:41 - 00307200 _____ (Secure By Design Inc.) C:\Users\steve\Downloads\Ninite WinDirStat Installer.exe
2015-10-15 13:54 - 2015-10-31 11:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-10-14 13:46 - 2015-10-10 02:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-14 13:46 - 2015-10-10 02:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-14 13:46 - 2015-10-05 23:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-14 13:46 - 2015-10-05 22:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-14 13:46 - 2015-10-01 00:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-14 13:46 - 2015-10-01 00:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-14 13:46 - 2015-10-01 00:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-14 13:46 - 2015-10-01 00:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-14 13:46 - 2015-10-01 00:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-14 13:46 - 2015-09-25 00:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-14 13:46 - 2015-09-25 00:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-14 13:46 - 2015-09-24 23:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-14 13:46 - 2015-09-24 23:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-14 13:46 - 2015-09-24 23:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-14 13:46 - 2015-09-24 23:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-14 13:46 - 2015-09-24 23:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-14 13:46 - 2015-09-24 23:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-14 13:46 - 2015-09-24 23:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-14 13:46 - 2015-09-24 23:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-14 13:46 - 2015-09-24 23:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-14 13:46 - 2015-09-24 23:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-14 13:46 - 2015-09-24 23:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-14 13:46 - 2015-09-24 23:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-14 13:46 - 2015-09-24 23:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-14 13:46 - 2015-09-24 23:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-14 13:46 - 2015-09-24 23:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-14 13:46 - 2015-09-24 23:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-14 13:46 - 2015-09-24 23:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-14 13:46 - 2015-09-24 23:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-14 13:46 - 2015-09-24 23:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-14 13:46 - 2015-09-24 22:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-14 13:46 - 2015-09-24 22:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-14 13:46 - 2015-09-24 22:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-14 13:46 - 2015-09-24 22:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-14 13:46 - 2015-09-24 22:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-14 13:46 - 2015-09-24 22:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-14 13:46 - 2015-09-24 22:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-14 13:46 - 2015-09-24 22:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-14 13:46 - 2015-09-24 22:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-14 13:46 - 2015-09-24 22:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-14 13:46 - 2015-09-24 22:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-14 13:46 - 2015-09-24 22:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-14 13:46 - 2015-09-24 22:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-14 13:46 - 2015-09-24 22:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-14 13:46 - 2015-09-24 22:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-14 13:46 - 2015-09-24 22:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-14 13:46 - 2015-09-24 22:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-14 13:45 - 2015-10-10 03:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-14 13:45 - 2015-09-30 23:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-14 13:45 - 2015-09-24 23:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-14 13:45 - 2015-09-24 23:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-14 13:45 - 2015-09-24 23:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-14 13:45 - 2015-09-24 23:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-14 13:45 - 2015-09-24 23:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-14 13:45 - 2015-09-24 22:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-14 13:45 - 2015-09-24 22:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-14 13:45 - 2015-09-24 22:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-14 13:45 - 2015-09-24 22:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-14 13:45 - 2015-09-24 22:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-14 13:45 - 2015-09-24 22:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-14 13:45 - 2015-09-24 22:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-14 13:45 - 2015-09-24 22:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-14 13:45 - 2015-09-24 22:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-14 13:45 - 2015-09-24 22:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-14 13:45 - 2015-09-24 22:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-10 21:06 - 2015-10-10 21:06 - 00000000 _____ C:\Users\steve\AppData\LocalLow\rightsCheck_1.txt
2015-10-10 21:04 - 2015-10-10 21:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-10 21:04 - 2015-10-10 21:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-10 21:04 - 2015-10-10 21:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-10 21:02 - 2015-10-10 21:03 - 13155552 _____ (Microsoft Corporation) C:\Users\steve\Downloads\Silverlight_x64(1).exe
2015-10-10 21:01 - 2015-10-10 21:02 - 13155552 _____ (Microsoft Corporation) C:\Users\steve\Downloads\Silverlight_x64.exe
2015-10-02 19:43 - 2015-10-31 12:29 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-10-02 19:38 - 2015-10-15 23:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-02 19:38 - 2015-10-15 23:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-02 07:11 - 2015-09-19 01:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-02 07:11 - 2015-09-17 02:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-02 07:11 - 2015-09-17 02:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-02 07:11 - 2015-09-17 02:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-02 07:11 - 2015-09-17 02:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-02 07:11 - 2015-09-17 02:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-02 07:11 - 2015-09-17 02:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-02 07:11 - 2015-09-17 02:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-02 07:11 - 2015-09-17 02:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-02 07:11 - 2015-09-17 02:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-02 07:11 - 2015-09-17 02:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-02 07:11 - 2015-09-17 02:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-02 07:11 - 2015-09-17 02:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-02 07:11 - 2015-09-17 02:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-02 07:11 - 2015-09-17 02:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-02 07:11 - 2015-09-17 02:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-02 07:11 - 2015-09-17 02:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-02 07:11 - 2015-09-17 02:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-02 07:11 - 2015-09-17 02:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-02 07:11 - 2015-09-17 02:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-02 07:11 - 2015-09-17 02:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-02 07:11 - 2015-09-17 02:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-02 07:11 - 2015-09-17 02:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-02 07:11 - 2015-09-17 02:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-02 07:11 - 2015-09-17 02:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-02 07:11 - 2015-09-17 02:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-02 07:11 - 2015-09-17 02:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-02 07:11 - 2015-09-17 02:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-02 07:11 - 2015-09-17 02:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-02 07:11 - 2015-09-17 02:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-02 07:11 - 2015-09-17 02:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-02 07:11 - 2015-09-17 02:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-02 07:11 - 2015-09-17 02:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-02 07:11 - 2015-09-17 02:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-02 07:11 - 2015-09-17 02:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-02 07:11 - 2015-09-17 02:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-02 07:11 - 2015-09-17 02:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-02 07:11 - 2015-09-17 02:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-02 07:11 - 2015-09-17 02:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-02 07:11 - 2015-09-17 02:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-02 07:11 - 2015-09-17 02:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-02 07:11 - 2015-09-17 02:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-02 07:11 - 2015-09-17 02:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-02 07:11 - 2015-09-17 02:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-02 07:11 - 2015-09-17 02:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-02 07:11 - 2015-09-17 02:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-02 07:11 - 2015-09-17 02:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-02 07:11 - 2015-09-17 02:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-02 07:11 - 2015-09-17 02:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-02 07:11 - 2015-09-17 02:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-02 07:11 - 2015-09-17 02:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-02 07:11 - 2015-09-17 02:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-02 07:11 - 2015-09-17 02:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-02 07:11 - 2015-09-17 02:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-02 07:11 - 2015-09-17 02:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-02 07:11 - 2015-09-17 02:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-02 07:11 - 2015-09-17 02:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-02 07:11 - 2015-09-17 02:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-02 07:11 - 2015-09-17 02:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-02 07:11 - 2015-09-17 02:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-02 07:11 - 2015-09-17 02:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-02 07:11 - 2015-09-17 02:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-02 07:11 - 2015-09-17 02:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-02 07:11 - 2015-09-17 02:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-02 07:11 - 2015-09-17 02:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-02 07:11 - 2015-09-17 02:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-02 07:11 - 2015-09-17 01:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-02 07:11 - 2015-09-17 01:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-02 07:11 - 2015-09-17 01:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-02 07:11 - 2015-09-17 01:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-02 07:11 - 2015-09-17 01:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-02 07:11 - 2015-09-17 01:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-02 07:11 - 2015-09-17 01:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-02 07:11 - 2015-09-17 01:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-02 07:11 - 2015-09-17 01:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-02 07:11 - 2015-09-17 01:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-02 07:11 - 2015-09-17 01:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-02 07:11 - 2015-09-17 01:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-02 07:11 - 2015-09-17 01:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-02 07:11 - 2015-09-17 01:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-02 07:11 - 2015-09-17 01:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-02 07:11 - 2015-09-17 01:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-02 07:11 - 2015-09-17 01:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-02 07:11 - 2015-09-17 01:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-02 07:11 - 2015-09-17 01:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-02 07:11 - 2015-09-17 01:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-02 07:11 - 2015-09-17 01:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-02 07:11 - 2015-09-17 01:50 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-10-02 07:11 - 2015-09-17 01:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-02 07:11 - 2015-09-17 01:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-02 07:11 - 2015-09-17 01:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-02 07:11 - 2015-09-17 01:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-02 07:11 - 2015-09-17 01:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-02 07:11 - 2015-09-17 01:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-02 07:11 - 2015-09-17 01:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-02 07:11 - 2015-09-17 01:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-02 07:11 - 2015-09-17 01:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-02 07:11 - 2015-09-17 01:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-02 07:11 - 2015-09-17 01:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-02 07:11 - 2015-09-17 01:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-02 07:11 - 2015-09-17 01:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-02 07:11 - 2015-09-17 01:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-02 07:11 - 2015-09-17 01:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-02 07:11 - 2015-09-17 01:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-02 07:11 - 2015-09-17 01:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-02 07:11 - 2015-09-17 01:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-02 07:11 - 2015-09-17 01:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-02 07:11 - 2015-09-17 01:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-02 07:11 - 2015-09-17 01:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-02 07:11 - 2015-09-17 01:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-02 07:11 - 2015-09-17 01:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-02 07:11 - 2015-09-17 01:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-02 07:11 - 2015-09-17 01:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-02 07:11 - 2015-09-17 01:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-02 07:11 - 2015-09-17 01:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-02 07:11 - 2015-09-17 01:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-02 07:11 - 2015-09-17 01:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-02 07:11 - 2015-09-17 01:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-02 07:11 - 2015-09-17 01:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-02 07:11 - 2015-09-17 01:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-02 07:11 - 2015-09-17 01:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-02 07:11 - 2015-09-17 01:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-02 07:11 - 2015-09-17 01:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-02 07:11 - 2015-09-17 01:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-02 07:11 - 2015-09-17 01:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-02 07:11 - 2015-09-17 01:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-02 07:11 - 2015-09-17 01:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-02 07:11 - 2015-09-17 01:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-02 07:11 - 2015-09-17 01:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-02 07:11 - 2015-09-17 01:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-02 07:11 - 2015-09-17 01:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-02 07:11 - 2015-09-17 01:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-02 07:11 - 2015-09-17 01:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-02 07:11 - 2015-09-17 01:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-02 07:11 - 2015-09-17 01:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-02 07:11 - 2015-09-17 01:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-02 07:11 - 2015-09-17 01:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-02 07:11 - 2015-09-17 01:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-02 07:11 - 2015-09-17 01:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-02 07:11 - 2015-09-17 01:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-02 07:11 - 2015-09-17 01:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-02 07:11 - 2015-09-17 01:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-02 07:11 - 2015-09-17 01:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-02 07:11 - 2015-09-12 22:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-02 07:11 - 2015-09-12 21:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-31 15:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-31 12:34 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-31 12:18 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-31 12:08 - 2015-08-02 21:53 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-31 12:06 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-31 12:05 - 2015-08-06 08:49 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-31 12:04 - 2015-08-06 08:49 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-31 12:03 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-31 11:40 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-31 11:39 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-31 11:37 - 2015-08-04 13:56 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{76AA2B04-E6A5-417D-9DE2-EBE3457F8E30}
2015-10-31 11:35 - 2015-08-02 22:14 - 00000000 ____D C:\Users\steve\AppData\Local\CrashDumps
2015-10-31 11:32 - 2015-08-03 00:36 - 00033896 _____ C:\WINDOWS\PFRO.log
2015-10-31 11:32 - 2015-08-02 23:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-10-30 23:30 - 2015-08-02 21:48 - 00000000 ____D C:\Users\steve
2015-10-30 23:29 - 2015-08-23 21:35 - 00001956 _____ C:\Users\steve\Desktop\Dashlane.lnk
2015-10-30 23:29 - 2015-08-23 21:33 - 00000000 ____D C:\Users\steve\AppData\Roaming\Dashlane
2015-10-30 20:51 - 2015-08-21 10:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-25 00:24 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-15 23:40 - 2015-07-10 08:20 - 00198248 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-15 23:40 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-15 23:39 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 22:11 - 2015-08-02 21:59 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-10-15 21:50 - 2015-08-04 22:19 - 00000000 ____D C:\Users\steve\AppData\Roaming\kingsoft
2015-10-15 21:50 - 2015-08-04 22:19 - 00000000 ____D C:\Users\steve\AppData\Local\Kingsoft
2015-10-15 17:14 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-15 16:17 - 2015-08-02 21:49 - 00000000 ____D C:\Users\steve\AppData\Local\Packages
2015-10-05 22:35 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-02 19:57 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-10-02 19:38 - 2015-08-02 22:08 - 00003404 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-02 19:38 - 2015-08-02 22:05 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2015-10-02 19:38 - 2015-08-02 22:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 19:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\L2Schemas

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-03 00:36

==================== End of FRST.txt ============================



Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-10-2015
Ran by steve (2015-10-31 15:35:35)
Running from D:\
Windows 10 Home (X64) (2015-08-03 01:48:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2460959931-379977595-512483144-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2460959931-379977595-512483144-503 - Limited - Disabled)
Guest (S-1-5-21-2460959931-379977595-512483144-501 - Limited - Disabled)
steve (S-1-5-21-2460959931-379977595-512483144-1001 - Administrator - Enabled) => C:\Users\steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 7.6.0.1031 - 360 Security Center)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Dashlane (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\Dashlane) (Version: 3.5.2.94565 - Dashlane SAS)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Evernote Web (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\evernoteweb-5c89a55537a6b11af932ea6eb3f1fa8d) (Version: 1.0 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.4.24 - Symantec Corporation)
PDF to Word Converter (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\pdftowordconverter-29ad5d95b1e1cc3afd8679173d6da281) (Version: 1.1.0.0 - Alexapp)
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
WinDirStat 1.1.2 (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\WinDirStat) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2460959931-379977595-512483144-1001_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> E:\WPS Office\9.1.0.5204\office6\qingshellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-2460959931-379977595-512483144-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2015-07-10 07:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {526B128E-FA48-4CF5-9347-32E7CB6E95BB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {63BA128D-AB90-4890-82DA-917F4B9DE061} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {6FA43EBA-0C12-438F-9509-95CDB4CE31BD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {AA027B46-888E-4026-8365-400E65FDF393} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {C8B20784-DC09-451C-A841-0F06A7DF68C4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {D80958EE-5652-47A7-9977-0057E287EF5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {EA51E0B5-A9A8-472D-B5E7-097349428AEE} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-03 22:04 - 2015-07-14 22:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 18:58 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 02028544 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-02 07:11 - 2015-09-17 01:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 07:11 - 2015-09-17 01:42 - 00619008 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 00928768 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-02 07:11 - 2015-09-17 01:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 07:11 - 2015-09-17 01:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-23 21:34 - 2015-10-23 08:39 - 00227712 _____ () C:\Users\steve\AppData\Roaming\Dashlane\Dashlane.exe
2015-08-23 21:34 - 2015-10-23 08:40 - 00285568 _____ () C:\Users\steve\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-10-25 11:03 - 2015-09-10 11:12 - 93077896 _____ () C:\Program Files (x86)\Pluto TV\PlutoTV.exe
2015-10-25 10:54 - 2014-11-18 14:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe
2015-08-20 18:58 - 2015-08-11 05:10 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
2015-10-30 23:30 - 2015-10-30 23:30 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-10-30 23:30 - 2015-10-30 23:30 - 10958848 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-10-30 21:08 - 2015-10-30 21:08 - 00245760 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1026.13580.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-10-25 10:58 - 2015-09-21 00:10 - 00087672 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00339328 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00422784 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00443264 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 31264640 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00276352 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 05762944 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 06810496 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 13234048 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 02073472 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00338304 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.94565.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\traynet.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\libcurl.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\zlib1.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\uexper.dll
2015-10-25 11:03 - 2015-09-10 11:12 - 01481728 _____ () C:\Program Files (x86)\Pluto TV\libglesv2.dll
2015-10-25 11:03 - 2015-09-10 11:12 - 00073728 _____ () C:\Program Files (x86)\Pluto TV\libegl.dll
2015-10-31 12:04 - 2015-09-10 11:12 - 17482952 _____ () C:\Users\steve\AppData\Local\Temp\nw5116_8697\plugins\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\54c9186cc75570755a2a0ccc57:Win32App
AlternateDataStreams: C:\57b44174b91093504bd2ba0685b13e89:Win32App
AlternateDataStreams: C:\a24ad28166939b5988db11:Win32App
AlternateDataStreams: C:\d837b79222d17abc83:Win32App
AlternateDataStreams: C:\dfc8a93a1bd58ab9891e93085994f9ef:Win32App
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files (x86)\Norton Internet Security:Win32App
AlternateDataStreams: C:\Users\steve\AppData\Local\Temp:Win32App

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2460959931-379977595-512483144-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\steve\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_8A8DD573A36035355A59CEABF8B3EDB8"
HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A634069F-8C6F-485C-8503-C49736C538D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B92CBC8E-31A7-4705-9ECC-21AA4D6378C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2176AFB1-34E4-45C0-9F9F-A033DDC6CD95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AABDCDBC-4003-464F-8F84-B5641C710FA7}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{43B01F8E-A956-4277-9D68-5B04E45225B4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{31D36000-FAA4-47A6-AB53-AD360B1632A9}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{354446FE-7D2E-40F5-8633-7E0C715479DA}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 03:30:03 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:30:03 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 03:29:53 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:29:53 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 03:29:43 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:29:43 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 03:29:32 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:29:32 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 03:29:22 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:29:22 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (10/31/2015 12:21:16 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/31/2015 12:18:34 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/31/2015 12:18:06 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/31/2015 12:15:35 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (10/31/2015 12:11:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error:
%%0

Error: (10/31/2015 12:03:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SynTPEnh Caller Service service failed to start due to the following error:
%%5

Error: (10/31/2015 12:03:43 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (10/31/2015 11:40:26 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error:
%%0

Error: (10/31/2015 11:40:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/31/2015 11:40:06 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 77%
Total physical RAM: 1939.04 MB
Available physical RAM: 438.98 MB
Total Virtual: 3017.01 MB
Available Virtual: 653.66 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:21.36 GB) (Free:1.05 GB) NTFS
Drive d: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 43E48B20)

Partition: GPT.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 261A002F)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End of Addition.txt ============================

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,584 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:08 AM

Posted 31 October 2015 - 02:54 PM

Hi Steve,

Something is odd.

Please rerun the Fixlist from Post #7 again while in Normal Boot. Post that log and rerun the scan like you just did.

 

You should end up with 3 logs to copy/paste in your reply.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 31 October 2015 - 03:42 PM

Below is the new log. Yes, I can still boot. Yes Pluto.tv and 360 are still present.

Color commentary:
I had run FRST a few times as instructed but this time Norton said it was evil and removed it. I did manage to restore it from quarantine and run it.

This time around the computer restarted after Fixlist had run. I think it was a Windows update... that's what it looked like, anyway.

Just FYI, I cannot get to any pages on Bleeping Computer from the infected machine. So I am getting FRST and making the Fixlist on another computer and moving them over to the Desktop of the infected computer via usb drive. Don't know if that makes any difference but that's what I'm doing.

Now for the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:30-10-2015
Ran by steve (2015-10-31 16:29:13) Run:2
Running from C:\Users\steve\Desktop
Loaded Profiles: steve (Available Profiles: steve)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\360Tray.exe [300152 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [859768 2015-09-20] (QIHU 360 SOFTWARE CO. LIMITED)
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [137296 2015-09-05] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77904 2015-09-20] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [319568 2015-09-20] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-09-05] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [363088 2015-09-05] (360.cn)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [178768 2015-09-05] (360.cn)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2015-10-25 07:00 - 2015-10-30 16:22 - 00000000 ____D C:\Users\steve\AppData\LocalLow\360WD
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\Users\steve\AppData\Roaming\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360TotalSecurity
2015-10-25 07:00 - 2015-10-25 07:00 - 00000000 ____D C:\ProgramData\360safe
2015-10-25 07:00 - 2015-09-05 22:43 - 00363088 _____ (360.cn) C:\Windows\System32\Drivers\360fsflt.sys
2015-10-25 06:59 - 2015-10-25 08:03 - 00001222 _____ C:\Users\Public\Desktop\360 Total Security.lnk
2015-10-25 06:56 - 2015-10-25 06:56 - 00000000 ____D C:\Program Files (x86)\360
2015-10-25 06:54 - 2015-10-25 06:54 - 00000000 ____D C:\Users\steve\AppData\Roaming\OpenCandy
2015-10-25 06:59 - 2015-10-25 06:59 - 00000000 _RSHD C:\360SANDBOX
2015-10-25 06:59 - 2015-09-20 20:10 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys
2015-10-25 06:59 - 2015-09-20 20:10 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00319568 _____ (360.cn) C:\Windows\System32\Drivers\360Box64.sys.795
2015-10-25 06:59 - 2015-09-05 22:43 - 00178768 _____ (360.cn) C:\Windows\System32\Drivers\BAPIDRV64.SYS
2015-10-25 06:59 - 2015-09-05 22:43 - 00137296 _____ (360.cn) C:\Windows\System32\Drivers\360AntiHacker64.sys
2015-10-25 06:59 - 2015-09-05 22:43 - 00077904 _____ (360.cn) C:\Windows\System32\Drivers\360AvFlt.sys.tmp
2015-10-25 06:59 - 2015-09-05 22:43 - 00040520 _____ (360.cn) C:\Windows\System32\Drivers\360Camera64.sys
2015-10-21 15:18 - 2015-10-21 15:18 - 00000000 ____D C:\b998f5c8fbd9ceddce19
2015-10-17 13:33 - 2015-10-17 13:33 - 00000000 ____D C:\ac9aa9f79154a0d0125bda0a63
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\dfc8a93a1bd58ab9891e93085994f9ef
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\d837b79222d17abc83
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\a24ad28166939b5988db11
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\57b44174b91093504bd2ba0685b13e89
2015-10-15 18:11 - 2015-10-15 18:11 - 00000000 _____ C:\54c9186cc75570755a2a0ccc57
Folder: C:\ProgramData\1445788941_00000000_base
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\QHSafeTray => value could not remove.
QHActiveDefense => Unable to stop service.
QHActiveDefense => service could not remove
360AntiHacker => Unable to stop service.
360AntiHacker => service could not remove
360AvFlt => Unable to stop service.
360AvFlt => service could not remove
360Box64 => Unable to stop service.
360Box64 => service could not remove
360Camera => Unable to stop service.
360Camera => service could not remove
360FsFlt => Unable to stop service.
360FsFlt => service could not remove
BAPIDRV => Unable to stop service.
BAPIDRV => service could not remove
wfpcapture => service removed successfully

"C:\Users\steve\AppData\LocalLow\360WD" folder move:

Could not move "C:\Users\steve\AppData\LocalLow\360WD" => Scheduled to move on reboot.

C:\Users\steve\AppData\Roaming\360TotalSecurity => moved successfully
C:\ProgramData\360TotalSecurity => moved successfully

"C:\ProgramData\360safe" folder move:

Could not move "C:\ProgramData\360safe" => Scheduled to move on reboot.

Could not move "C:\Windows\System32\Drivers\360fsflt.sys" => Scheduled to move on reboot.
C:\Users\Public\Desktop\360 Total Security.lnk => moved successfully

"C:\Program Files (x86)\360" folder move:

Could not move "C:\Program Files (x86)\360" => Scheduled to move on reboot.

C:\Users\steve\AppData\Roaming\OpenCandy => moved successfully

"C:\360SANDBOX" folder move:

Could not move "C:\360SANDBOX" => Scheduled to move on reboot.

Could not move "C:\Windows\System32\Drivers\360Box64.sys" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\360AvFlt.sys" => Scheduled to move on reboot.
"C:\Windows\System32\Drivers\360Box64.sys.795" => not found.
Could not move "C:\Windows\System32\Drivers\BAPIDRV64.SYS" => Scheduled to move on reboot.
Could not move "C:\Windows\System32\Drivers\360AntiHacker64.sys" => Scheduled to move on reboot.
"C:\Windows\System32\Drivers\360AvFlt.sys.tmp" => not found.
Could not move "C:\Windows\System32\Drivers\360Camera64.sys" => Scheduled to move on reboot.
"C:\b998f5c8fbd9ceddce19" => not found.
"C:\ac9aa9f79154a0d0125bda0a63" => not found.
C:\dfc8a93a1bd58ab9891e93085994f9ef => moved successfully
C:\d837b79222d17abc83 => moved successfully
C:\a24ad28166939b5988db11 => moved successfully
C:\57b44174b91093504bd2ba0685b13e89 => moved successfully
C:\54c9186cc75570755a2a0ccc57 => moved successfully

========================= Folder: C:\ProgramData\1445788941_00000000_base ========================

2015-10-25 12:02 - 2015-10-25 12:02 - 0906056 _____ (Qihu 360 Software Co., Ltd.) C:\ProgramData\1445788941_00000000_base\360base.dll

====== End of Folder: ======


Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2015-10-31 16:34:18)

C:\Users\steve\AppData\LocalLow\360WD => Is moved successfully
"C:\ProgramData\360safe" => Could not move
"C:\Windows\System32\Drivers\360fsflt.sys" => Could not move
"C:\Program Files (x86)\360" => Could not move
"C:\360SANDBOX" => Could not move
"C:\Windows\System32\Drivers\360Box64.sys" => Could not move
"C:\Windows\System32\Drivers\360AvFlt.sys" => Could not move
"C:\Windows\System32\Drivers\BAPIDRV64.SYS" => Could not move
"C:\Windows\System32\Drivers\360AntiHacker64.sys" => Could not move
"C:\Windows\System32\Drivers\360Camera64.sys" => Could not move

==== End of Fixlog 16:34:23 ====

#15 Ridleywalker

Ridleywalker
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:02:08 AM

Posted 31 October 2015 - 04:18 PM

The first FRST log seems to be empty. Here it is.



LastRegBack: 2015-08-03 00:36

==================== End of FRST.txt ============================

And the second one.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-10-2015
Ran by steve (2015-10-31 17:15:19)
Running from C:\Users\steve\Desktop
Windows 10 Home (X64) (2015-08-03 01:48:07)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2460959931-379977595-512483144-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2460959931-379977595-512483144-503 - Limited - Disabled)
Guest (S-1-5-21-2460959931-379977595-512483144-501 - Limited - Disabled)
steve (S-1-5-21-2460959931-379977595-512483144-1001 - Administrator - Enabled) => C:\Users\steve

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: 360 Total Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D}
AS: 360 Total Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

360 Total Security (HKLM-x32\...\360TotalSecurity) (Version: 7.6.0.1031 - 360 Security Center)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.226 - Adobe Systems Incorporated)
Dashlane (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\Dashlane) (Version: 3.5.2.94565 - Dashlane SAS)
EaseUS Partition Master 10.8 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
Evernote Web (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\evernoteweb-5c89a55537a6b11af932ea6eb3f1fa8d) (Version: 1.0 - Evernote Corp.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.81 - Hewlett-Packard Company)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.4.24 - Symantec Corporation)
PDF to Word Converter (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\pdftowordconverter-29ad5d95b1e1cc3afd8679173d6da281) (Version: 1.1.0.0 - Alexapp)
Pluto TV version 0.1.5 (HKLM-x32\...\Pluto TV_is1) (Version: 0.1.5 - Pluto TV)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
WinDirStat 1.1.2 (HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\WinDirStat) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2460959931-379977595-512483144-1001_Classes\CLSID\{67F4D210-BFC2-4ADD-9A2A-C9B9E1F42C4F}\InprocServer32 -> E:\WPS Office\9.1.0.5204\office6\qingshellext64.dll => No File
CustomCLSID: HKU\S-1-5-21-2460959931-379977595-512483144-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 07:04 - 2015-07-10 07:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {526B128E-FA48-4CF5-9347-32E7CB6E95BB} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\WSCStub.exe [2015-09-23] (Symantec Corporation)
Task: {63BA128D-AB90-4890-82DA-917F4B9DE061} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {6FA43EBA-0C12-438F-9509-95CDB4CE31BD} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-16] (Adobe Systems Incorporated)
Task: {AA027B46-888E-4026-8365-400E65FDF393} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {C8B20784-DC09-451C-A841-0F06A7DF68C4} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)
Task: {D80958EE-5652-47A7-9977-0057E287EF5D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-06] (Google Inc.)
Task: {EA51E0B5-A9A8-472D-B5E7-097349428AEE} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.4.24\SymErr.exe [2015-09-08] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-03 22:04 - 2015-07-14 22:04 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-20 18:58 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-02 07:11 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-02 07:11 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-23 21:34 - 2015-10-23 08:39 - 00227712 _____ () C:\Users\steve\AppData\Roaming\Dashlane\Dashlane.exe
2015-08-23 21:34 - 2015-10-23 08:40 - 00285568 _____ () C:\Users\steve\AppData\Roaming\Dashlane\DashlanePlugin.exe
2015-10-25 11:03 - 2015-09-10 11:12 - 93077896 _____ () C:\Program Files (x86)\Pluto TV\PlutoTV.exe
2015-10-25 10:54 - 2014-11-18 14:44 - 00255072 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\TrayTipAgentE.exe
2015-10-02 07:11 - 2015-09-17 01:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-02 07:11 - 2015-09-17 01:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-02 07:11 - 2015-09-17 01:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-02 07:11 - 2015-09-17 01:43 - 02028544 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-02 07:11 - 2015-09-17 01:42 - 00619008 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-25 10:58 - 2015-09-21 00:10 - 00087672 _____ () C:\Program Files (x86)\360\Total Security\deepscan\qutmload.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00339328 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00422784 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00443264 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 31264640 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00276352 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 05762944 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 06810496 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 13234048 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 02073472 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.94565.dll
2015-10-23 08:39 - 2015-10-23 08:39 - 00338304 _____ () C:\Users\steve\AppData\Roaming\Dashlane\3.5.2.94565\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.94565.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00222792 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\traynet.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00275528 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\libcurl.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00113166 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\zlib1.dll
2015-10-25 10:54 - 2014-02-13 15:27 - 00249928 _____ () C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.8\bin\TrayPopupE\uexper.dll
2015-10-25 11:03 - 2015-09-10 11:12 - 01481728 _____ () C:\Program Files (x86)\Pluto TV\libglesv2.dll
2015-10-25 11:03 - 2015-09-10 11:12 - 00073728 _____ () C:\Program Files (x86)\Pluto TV\libegl.dll
2015-10-31 16:34 - 2015-09-10 11:12 - 17482952 _____ () C:\Users\steve\AppData\Local\Temp\nw5240_29970\plugins\NPSWF32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App
AlternateDataStreams: C:\Program Files (x86)\Norton Internet Security:Win32App
AlternateDataStreams: C:\Users\steve\AppData\Local\Temp:Win32App

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2460959931-379977595-512483144-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\steve\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img2.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_8A8DD573A36035355A59CEABF8B3EDB8"
HKU\S-1-5-21-2460959931-379977595-512483144-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A634069F-8C6F-485C-8503-C49736C538D4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{B92CBC8E-31A7-4705-9ECC-21AA4D6378C0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{2176AFB1-34E4-45C0-9F9F-A033DDC6CD95}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{AABDCDBC-4003-464F-8F84-B5641C710FA7}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{43B01F8E-A956-4277-9D68-5B04E45225B4}] => (Allow) C:\Program Files (x86)\360\Total Security\LiveUpdate360.exe
FirewallRules: [{5780EC52-FCB3-4B04-8AFF-3FC5EB243535}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe
FirewallRules: [{ACCEDA62-B62D-4B4D-A566-6FA9ACB12680}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: PCI Encryption/Decryption Controller
Description: PCI Encryption/Decryption Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/31/2015 05:13:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STEVES-HP-STREA)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/31/2015 04:14:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: STEVES-HP-STREA)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/31/2015 03:30:03 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:30:03 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 03:29:53 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:29:53 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 03:29:43 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:29:43 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (10/31/2015 03:29:32 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5056) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (10/31/2015 03:29:32 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5056) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).


System errors:
=============
Error: (10/31/2015 05:15:09 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The Xbox Live Auth Manager service terminated with the following service-specific error:
%%0

Error: (10/31/2015 04:33:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%5

Error: (10/31/2015 04:33:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SynTPEnh Caller Service service failed to start due to the following error:
%%5

Error: (10/31/2015 04:33:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Image Acquisition (WIA) service failed to start due to the following error:
%%5

Error: (10/31/2015 04:33:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Tile Data model server service failed to start due to the following error:
%%5

Error: (10/31/2015 04:33:53 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126

Error: (10/31/2015 04:30:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/31/2015 04:30:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/31/2015 04:30:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/31/2015 04:30:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 77%
Total physical RAM: 1939.04 MB
Available physical RAM: 444.48 MB
Total Virtual: 2994.93 MB
Available Virtual: 1251.7 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:21.36 GB) (Free:0.99 GB) NTFS
Drive d: () (Removable) (Total:1.85 GB) (Free:1.85 GB) FAT

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 29.1 GB) (Disk ID: 43E48B20)

Partition: GPT.

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 261A002F)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)

==================== End of Addition.txt ============================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users