Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirect on Google from Factory Restored Partition and more


  • This topic is locked This topic is locked
17 replies to this topic

#1 Scott Stoef

Scott Stoef

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 15 December 2015 - 10:58 PM

I've been having some issues with my home network being compromised so I'm in the process of resetting my entire network and scanning/rebuilding all of the computers on it.  Here is what I know right now, but you are see my discussions with Boopme at http://www.bleepingcomputer.com/forums/t/599324/redirect-on-google-from-factory-restored-partition/#entry3887089

 

Here is what I know right now. I had a brand new credit card get backed the day after I set it up in PayPal. I decided to change from Avast free to Kaspersky Total Security and it notified that I was on a unsecured public network.  Knowing I used a Private WPA2 network I knew something was wrong, but when I logged into the network my user id and password were no longer valid. This happend to me about 6 months earlier so I just figured, but I know I didn't, forgot the router's user ID and password. Unfortunatley I didn't change the user ID and password and that may have contributed to my much bigger issue.  Anyway I did a factory reset on the router, changed the user ID and came up with a super complex password.  I also installed the latest firmware on the router.  

 

I'm now in the process of scanning all of my computers looking for some type of malware, trojan, bot...anything, but the scanners are not finding anything.  I did a factory reset on my laptop but it couldn't be completed because the factory recovery partition has been corrupted.  All of the scans have completed very quickly and seemed to skip over large sections of objects.

 

I'm waiting on doing my son's computer until his finals are over, but I did begin working on my daughters.  I got the OS reinstalled, but when I click on IE explorer to get my AV installed the instantly redirected me to the following site:

 

http://www.google.com/ig?brand=TSNA&bmod=TNSA

 

I know this isn't correct so I stopped what I was doing and tried to post here, but bleeping computer would install with errors and never display anyting.  I was able to get to ESET online site on this computer, but the scan ran very quickly (started at 40%) and didn't find anything. Malawarebytes also skipped over large sections of objects. 

 

Right now I have everything other than my Apple devices (iPads and iPhones) off the network, except for 1 laptop so I can write commuicate with the experts.

 

I'm going to post the 2 computers separately to ensure the logs stay separated. Attached to this is the log for my MAIN laptop where the factory restore partition was corrupted. I don't know if we want to tackle the second computer (DAUGHTER) at this time, but I will do a reply with that log just in case to keep the separated. This is the laptop that was factory restored but still not behaving properly.  

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by Admin (administrator) on STOEFFLER-LT1 (15-12-2015 22:47:20)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [449168 2012-03-26] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\...\Run: [EPSON9B1318 (Artisan 830)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\...\Run: [EPSON Artisan 830 Series (Copy 1)] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIGXA.EXE [224768 2010-01-12] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{C518FADA-9A58-4456-9876-A16DF69C2BDF}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{E6926143-C32A-4243-995D-6119238AA983}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.yahoo.com/
HKU\S-1-5-21-2525780112-4156266377-2695489881-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2525780112-4156266377-2695489881-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\ssv.dll [2015-08-06] (Oracle Corporation)
BHO-x32: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\jp2ssv.dll [2015-08-06] (Oracle Corporation)
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\IEExt\ie_plugin.dll [2015-12-06] (AO Kaspersky Lab)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-27] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL [2015-04-27] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default
FF Homepage: hxxps://my.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-10] ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-10] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\dtplugin\npDeployJava1.dll [2015-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.51.2 -> C:\Program Files (x86)\Java\jre1.8.0_51\bin\plugin2\npjp2.dll [2015-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL [2015-04-27] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\extensions\support@lastpass.com [2015-12-06]
FF Extension: WOT - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\34tsep38.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-11]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox [2015-12-06]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\FFExt\light_plugin_firefox

Chrome:
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\avp.exe [194000 2015-12-06] (Kaspersky Lab ZAO)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S3 vssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 16.0.0\x64\vssbridge64.exe [144640 2015-07-09] (AO Kaspersky Lab)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
S2 0106921430873003mcinstcleanup; C:\Users\Admin\AppData\Local\Temp\010692~1.EXE -cleanup -nolog [X]
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [61824 2012-10-31] (ASUS Corporation)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 epp64; C:\EEK\bin\epp64.sys [136456 2015-12-06] (Emsisoft GmbH)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2015-12-06] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2015-12-06] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2015-12-06] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2015-12-06] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2015-12-06] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 22:47 - 2015-12-15 22:48 - 00014049 _____ C:\Users\Admin\Desktop\FRST.txt
2015-12-15 22:38 - 2015-12-15 22:40 - 01720832 _____ (Farbar) C:\Users\Admin\Downloads\FRST.exe
2015-12-15 22:38 - 2015-12-15 22:38 - 02369536 _____ (Farbar) C:\Users\Admin\Downloads\FRST64.exe
2015-12-15 21:56 - 2015-12-15 21:56 - 00000000 ____D C:\Users\Admin\Documents\Custom Office Templates
2015-12-15 21:42 - 2015-12-15 21:43 - 00028497 _____ C:\Users\Admin\Desktop\MTB.txt
2015-12-15 21:39 - 2015-12-14 22:06 - 00891392 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox.exe
2015-12-15 21:13 - 2015-12-15 21:13 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-14 22:10 - 2015-12-14 22:35 - 00000000 ____D C:\AdwCleaner
2015-12-14 22:07 - 2015-12-14 22:07 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\rkill.exe
2015-12-14 22:07 - 2015-12-14 22:07 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Admin\Downloads\rkill.com
2015-12-14 22:06 - 2015-12-14 22:06 - 01740288 _____ C:\Users\Admin\Downloads\AdwCleaner.exe
2015-12-14 22:06 - 2015-12-14 22:06 - 00891392 _____ (Farbar) C:\Users\Admin\Downloads\MiniToolBox.exe
2015-12-12 12:25 - 2015-12-12 12:25 - 01479864 _____ (NeoSmart Technologies) C:\Users\Admin\Downloads\OemKey.exe
2015-12-11 22:53 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-11 22:53 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-11 22:53 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-11 22:53 - 2015-10-22 12:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-11 22:53 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-11 22:53 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-11 22:53 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-11 22:53 - 2015-10-22 11:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-11 22:53 - 2015-10-22 11:21 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-11 22:53 - 2015-10-22 11:21 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-12-11 22:53 - 2015-10-22 10:58 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-11 22:53 - 2015-10-22 10:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-12-11 22:53 - 2015-10-22 09:08 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2015-12-11 22:53 - 2015-10-22 09:08 - 00513456 _____ C:\Windows\system32\locale.nls
2015-12-11 22:49 - 2015-12-11 22:49 - 00000000 ___HD C:\$SysReset
2015-12-11 21:52 - 2015-12-11 21:52 - 05565384 _____ (Piriform Ltd) C:\Users\Admin\Downloads\ccsetup512_slim.exe
2015-12-11 16:20 - 2015-12-11 16:20 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1009
2015-12-11 16:16 - 2015-10-11 01:34 - 00468824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-11 16:16 - 2015-10-11 01:34 - 00462168 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-11 16:16 - 2015-10-11 01:34 - 00443224 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-12-11 16:16 - 2015-10-11 01:34 - 00092504 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-12-11 16:16 - 2015-10-11 01:34 - 00027992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-12-11 16:16 - 2015-10-10 13:41 - 00037376 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-12-11 16:16 - 2015-10-10 13:41 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-12-11 16:16 - 2015-10-10 12:20 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-12-11 16:16 - 2015-10-03 14:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-12-11 16:16 - 2015-10-03 14:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-12-11 16:15 - 2015-10-08 11:11 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\PCPKsp.dll
2015-12-11 16:15 - 2015-10-08 10:50 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PCPKsp.dll
2015-12-11 16:15 - 2015-10-05 13:28 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\wininit.exe
2015-12-11 16:15 - 2015-10-05 13:25 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-11 16:13 - 2015-12-11 16:26 - 00000000 ____D C:\Users\Kayla
2015-12-10 20:58 - 2015-12-10 20:58 - 02870984 _____ (ESET) C:\Users\Admin\Downloads\esetsmartinstaller_enu.exe
2015-12-10 17:39 - 2015-12-10 17:39 - 00001822 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-12-10 17:39 - 2015-12-10 17:39 - 00000000 ____D C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com
2015-12-10 17:39 - 2015-12-10 17:39 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-12-10 17:39 - 2015-12-10 17:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-10 17:39 - 2015-12-10 17:39 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-12-10 17:32 - 2015-11-11 11:21 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-10 17:32 - 2015-11-11 11:00 - 12856832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-10 17:32 - 2015-11-11 10:44 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-12-10 17:32 - 2015-11-11 10:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-12-10 17:32 - 2015-11-11 10:41 - 20366848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-10 17:32 - 2015-11-11 10:12 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-12-10 17:32 - 2015-11-09 19:13 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-10 17:32 - 2015-11-09 19:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-12-10 17:32 - 2015-11-09 19:08 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-10 17:32 - 2015-11-09 19:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-10 17:32 - 2015-11-09 19:02 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-10 17:32 - 2015-11-09 18:46 - 04514816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-10 17:32 - 2015-11-09 18:41 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-12-10 17:32 - 2015-11-09 18:37 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-12-10 17:32 - 2015-11-09 18:36 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-12-10 17:32 - 2015-11-09 18:36 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-12-10 17:32 - 2015-11-09 18:36 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-12-10 17:32 - 2015-11-09 18:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-12-10 17:32 - 2015-11-09 18:17 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-10 17:32 - 2015-11-09 18:14 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-10 17:32 - 2015-11-09 18:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-12-10 17:32 - 2015-11-08 19:41 - 01540728 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-10 17:32 - 2015-11-08 17:30 - 04176384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-12-10 17:32 - 2015-11-08 17:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-10 17:32 - 2015-11-08 17:15 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-10 17:32 - 2015-11-08 17:04 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-10 17:32 - 2015-11-08 17:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-10 17:32 - 2015-11-08 17:01 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-10 17:32 - 2015-11-08 16:32 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-12-10 17:32 - 2015-11-08 16:32 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-12-10 17:32 - 2015-11-08 16:25 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-12-10 17:32 - 2015-11-08 16:23 - 01994752 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-12-10 17:32 - 2015-11-08 16:18 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-12-10 17:32 - 2015-11-08 16:16 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-12-10 17:32 - 2015-11-08 16:15 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-12-10 17:32 - 2015-11-08 16:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-12-10 17:32 - 2015-11-08 16:14 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-10 17:32 - 2015-11-08 16:13 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-12-10 17:32 - 2015-11-08 16:13 - 01383936 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-12-10 17:32 - 2015-11-08 16:01 - 01753600 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-10 17:32 - 2015-11-08 15:53 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-12-10 17:32 - 2015-11-08 15:53 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-10 17:32 - 2015-11-08 15:52 - 01559552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-12-10 17:32 - 2015-11-08 15:48 - 01376256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-10 17:32 - 2015-11-08 15:42 - 01490944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-10 17:32 - 2015-11-08 15:41 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-10 17:32 - 2015-11-08 15:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-12-10 17:32 - 2015-11-05 03:59 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-10 17:31 - 2015-12-10 17:32 - 24149192 _____ (SUPERAntiSpyware) C:\Users\Admin\Downloads\SUPERAntiSpyware.exe
2015-12-10 17:31 - 2015-11-22 01:59 - 07455064 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-10 17:31 - 2015-11-22 01:59 - 01735000 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-10 17:31 - 2015-11-22 01:59 - 01659568 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-10 17:31 - 2015-11-22 01:59 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-10 17:31 - 2015-11-22 01:59 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-10 17:31 - 2015-11-22 01:59 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-10 17:31 - 2015-11-22 01:58 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-10 17:31 - 2015-11-21 13:32 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-12-10 17:31 - 2015-11-21 12:50 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-12-10 17:31 - 2015-11-21 11:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-10 17:31 - 2015-11-21 11:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-10 17:31 - 2015-11-21 11:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-10 17:31 - 2015-11-21 11:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-10 17:31 - 2015-11-20 17:47 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-10 17:31 - 2015-11-20 13:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-10 17:31 - 2015-11-20 11:58 - 03706880 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-10 17:31 - 2015-11-20 11:47 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-10 17:31 - 2015-11-20 11:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-10 17:31 - 2015-11-20 11:44 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-12-10 17:31 - 2015-11-20 11:44 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-10 17:31 - 2015-11-20 11:43 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-10 17:31 - 2015-11-20 11:42 - 02243584 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-10 17:31 - 2015-11-20 11:30 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-12-10 17:31 - 2015-11-20 11:29 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-12-10 17:31 - 2015-11-20 11:28 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-12-10 17:31 - 2015-11-20 11:27 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-12-10 17:31 - 2015-10-28 10:49 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-10 17:31 - 2015-10-28 10:29 - 02462720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-10 17:03 - 2015-12-11 22:45 - 00000000 ____D C:\EEK
2015-12-10 17:03 - 2015-12-10 17:03 - 00000757 _____ C:\Users\Admin\Desktop\Start Emsisoft Emergency Kit.lnk
2015-12-10 05:35 - 2015-12-09 21:09 - 170644584 _____ C:\Users\Admin\Desktop\EmsisoftEmergencyKit.exe
2015-12-10 05:32 - 2015-12-10 05:35 - 00221418 _____ C:\TDSSKiller.3.1.0.7_10.12.2015_05.32.58_log.txt
2015-12-09 21:18 - 2015-12-15 21:46 - 00002190 _____ C:\Users\Admin\Desktop\Rkill.txt
2015-12-09 21:17 - 2015-12-09 21:07 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-12-06 21:44 - 2015-12-06 21:46 - 00000000 ____D C:\Users\Admin\AppData\Local\CrashDumps
2015-12-06 20:36 - 2015-12-06 20:36 - 00002389 _____ C:\Users\Admin\Desktop\Safe Money.lnk
2015-12-06 20:35 - 2015-12-06 20:35 - 00002129 _____ C:\Users\Public\Desktop\Kaspersky Total Security.lnk
2015-12-06 20:35 - 2015-12-06 20:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Total Security
2015-12-06 20:34 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2015-12-06 20:33 - 2015-12-14 22:30 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-12-06 20:33 - 2015-12-06 20:33 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2015-12-06 20:31 - 2015-12-06 20:43 - 00934272 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2015-12-06 20:31 - 2015-12-06 20:43 - 00181640 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2015-12-06 20:23 - 2015-12-06 20:24 - 01729408 _____ (Kaspersky Lab) C:\Users\Admin\Downloads\kts16.0.0.614en_8977.exe
2015-12-03 21:13 - 2015-12-03 21:13 - 00000000 ____D C:\Windows\System32\Tasks\AVAST Software
2015-12-03 21:13 - 2015-12-03 21:13 - 00000000 ____D C:\Program Files\Common Files\AV
2015-11-20 20:00 - 2015-11-20 20:00 - 00010687 _____ C:\Users\Scott\Downloads\2015 Midwest Elite Top 80 SCHEDULE.xlsx
2015-11-15 09:03 - 2015-12-01 12:19 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-11-15 09:03 - 2015-12-01 12:19 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 22:47 - 2015-05-05 19:48 - 00000000 ____D C:\FRST
2015-12-15 22:38 - 2015-05-05 19:41 - 02369536 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-12-15 22:07 - 2015-04-24 20:41 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-15 21:49 - 2015-04-24 15:13 - 00000000 ____D C:\Users\Admin\AppData\LocalLow\LastPass
2015-12-15 21:28 - 2013-08-22 10:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-15 21:25 - 2015-04-27 15:28 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-15 21:14 - 2015-04-22 17:21 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{4FC18D08-5159-4BC9-B29C-E3C168398267}
2015-12-15 21:11 - 2015-04-22 15:08 - 00000000 ____D C:\Users\Admin\OneDrive
2015-12-14 22:30 - 2013-08-22 09:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-14 22:30 - 2012-10-08 17:06 - 00000868 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-14 22:29 - 2013-08-22 08:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-12-14 22:03 - 2014-11-21 03:44 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-14 22:03 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\Inf
2015-12-13 18:08 - 2012-10-08 17:06 - 00000870 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2015-12-12 17:30 - 2013-08-22 09:44 - 00481880 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-12 15:25 - 2015-05-08 16:18 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-12-12 11:28 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\rescache
2015-12-12 09:58 - 2012-07-26 02:59 - 00000000 ____D C:\Windows\CbsTemp
2015-12-12 00:07 - 2015-05-08 16:18 - 00003866 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-12-12 00:07 - 2015-04-24 20:41 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-11 23:02 - 2015-05-06 12:00 - 00000000 ____D C:\Users\Admin\Desktop\FRST-OlderVersion
2015-12-11 22:45 - 2015-04-29 21:34 - 00291868 _____ C:\Windows\ntbtlog.txt
2015-12-11 21:30 - 2015-04-27 16:07 - 00000000 ____D C:\Users\Sandy
2015-12-11 21:30 - 2013-08-22 10:36 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-11 21:30 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\AppReadiness
2015-12-11 16:31 - 2015-04-19 19:05 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1001
2015-12-11 16:26 - 2015-05-09 16:20 - 00000000 ____D C:\Users\Branden
2015-12-11 16:21 - 2015-05-09 09:05 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C92CCB0-37BE-416C-B1AB-0C0528D78601}
2015-12-11 16:11 - 2015-05-09 16:22 - 00003954 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2A98AF9A-9707-4CC9-9B89-5B2E7EB4862C}
2015-12-11 05:49 - 2015-04-19 23:14 - 00000000 ____D C:\Windows\system32\MRT
2015-12-11 05:42 - 2015-04-19 23:14 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-12-10 17:12 - 2015-05-06 14:07 - 11337112 _____ (SurfRight B.V.) C:\Users\Admin\Desktop\HitmanPro_x64.exe
2015-12-09 21:07 - 2015-05-06 10:54 - 04398264 _____ (Kaspersky Lab ZAO) C:\Users\Admin\Desktop\tdsskiller.exe
2015-12-06 21:56 - 2013-08-22 08:36 - 00000000 ____D C:\Windows
2015-12-06 21:46 - 2015-04-23 19:40 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-06 20:52 - 2015-04-28 15:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-06 20:51 - 2015-04-28 15:17 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-12-06 20:43 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwfp.sys
2015-12-06 20:43 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klpd.sys
2015-12-06 20:42 - 2015-07-04 02:18 - 00227512 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys
2015-12-06 20:34 - 2013-08-22 08:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2015-12-06 20:34 - 2012-07-26 03:12 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-12-06 15:00 - 2015-04-28 16:25 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{16522898-203C-4162-B060-2D5BA2E292CC}
2015-12-05 23:10 - 2015-04-27 16:12 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1007
2015-12-05 23:10 - 2015-04-27 16:05 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1006
2015-12-05 22:43 - 2015-04-27 19:47 - 00000000 ____D C:\Users\Scott\AppData\LocalLow\LastPass
2015-12-04 16:20 - 2015-05-10 20:42 - 00003906 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-11-20 20:01 - 2015-04-27 15:59 - 00000000 ____D C:\Users\Scott\AppData\Local\Packages
2015-11-19 21:21 - 2013-08-22 10:36 - 00000000 ____D C:\Windows\system32\NDF
2015-11-19 21:16 - 2015-06-18 14:12 - 00003598 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2525780112-4156266377-2695489881-1008
2015-11-15 09:01 - 2015-11-04 20:29 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-15 09:01 - 2015-04-24 15:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-15 08:58 - 2013-08-22 10:36 - 00000000 ___RD C:\Windows\ToastData

==================== Files in the root of some directories =======

2015-04-19 18:58 - 2015-04-21 12:36 - 0000408 _____ () C:\Users\Admin\AppData\Roaming\sp_data.sys
2015-05-05 20:10 - 2015-05-05 20:10 - 0007591 _____ () C:\Users\Admin\AppData\Local\Resmon.ResmonCfg
2012-08-04 20:42 - 2012-07-30 01:03 - 0000217 _____ () C:\ProgramData\SetStretch.cmd
2012-08-04 20:42 - 2009-07-22 05:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe

Some files in TEMP:
====================
C:\Users\Scott\AppData\Local\Temp\{B3F7DEA6-9349-4C8F-AB16-B22E9ACA6A65}-45.0.2454.85_44.0.2403.157_chrome64_updater.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-13 17:09

==================== End of FRST.txt ============================

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 15 December 2015 - 11:03 PM

Here is the information on my DAUGHTERs freshly restored laptop.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:14-12-2015
Ran by Admin (administrator) on KAYLA-LT (15-12-2015 22:46:24)
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Kayla & Admin)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
() C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-06] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] => C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SmartFaceVWatcher] => C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe [529256 2009-08-10] (Toshiba)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{042AC20D-F3E8-42A1-9DC0-D54288E5F0AE}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D45DAD06-3BEE-47AC-9FC4-74B03FE83685}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
HKU\S-1-5-21-785518922-1537871047-917875394-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-785518922-1537871047-917875394-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
SearchScopes: HKLM -> DefaultScope {58FA649C-F06F-45A7-A8B2-4D562E52D61F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM -> {58FA649C-F06F-45A7-A8B2-4D562E52D61F} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> DefaultScope {92A3E860-A1AF-4606-8827-D40F21CFCA48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKLM-x32 -> {92A3E860-A1AF-4606-8827-D40F21CFCA48} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-785518922-1537871047-917875394-1001 -> DefaultScope {B2D51A4D-0655-4029-B54E-DE0E4C195C79} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
SearchScopes: HKU\S-1-5-21-785518922-1537871047-917875394-1001 -> {92A3E860-A1AF-4606-8827-D40F21CFCA48} URL =
SearchScopes: HKU\S-1-5-21-785518922-1537871047-917875394-1001 -> {B2D51A4D-0655-4029-B54E-DE0E4C195C79} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNA
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-03-19] (<TOSHIBA>)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-12-19] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-12-19] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\3.0.40624.0\npctrl.dll [2009-06-23] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe [103792 2010-01-28] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe [126392 2009-08-24] (Symantec Corporation)
R2 taisregispinger; C:\Program Files (x86)\TOSHIBA\ToshibaRegistration\TaisRegistPinger.exe [297344 2009-08-13] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 22:46 - 2015-12-15 22:46 - 00009920 _____ C:\Users\Admin\Desktop\FRST.txt
2015-12-15 22:45 - 2015-12-15 22:46 - 00000000 ____D C:\FRST
2015-12-15 22:45 - 2015-12-15 22:38 - 02369536 _____ (Farbar) C:\Users\Admin\Desktop\FRST64.exe
2015-12-15 21:58 - 2015-12-15 21:58 - 00001039 _____ C:\Users\Admin\Desktop\MBAM.txt
2015-12-15 21:27 - 2015-12-15 22:03 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-12-15 21:27 - 2015-12-15 21:27 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-12-15 21:27 - 2015-12-15 21:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-15 21:27 - 2015-12-15 21:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-15 21:27 - 2015-12-15 21:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-12-15 21:27 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2015-12-15 21:27 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-12-15 21:27 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2015-12-15 21:26 - 2015-12-15 21:13 - 22908888 _____ (Malwarebytes ) C:\Users\Admin\Desktop\mbam-setup-2.2.0.1024.exe
2015-12-15 21:06 - 2015-12-15 21:06 - 00000000 ____D C:\Users\Admin\AppData\Local\Adobe
2015-12-14 22:19 - 2015-12-14 22:20 - 00002010 _____ C:\Users\Admin\Desktop\Rkill2.txt
2015-12-14 22:19 - 2015-12-14 22:19 - 00002010 _____ C:\Users\Admin\Desktop\Rkill1.txt
2015-12-14 22:16 - 2015-12-14 22:17 - 00002012 _____ C:\Users\Admin\Desktop\Rkill.txt
2015-12-14 22:14 - 2015-12-14 22:14 - 00018464 _____ C:\Users\Admin\Desktop\MTB.txt
2015-12-14 22:12 - 2015-12-14 22:07 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.exe
2015-12-14 22:12 - 2015-12-14 22:07 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Admin\Desktop\rkill.com
2015-12-14 22:12 - 2015-12-14 22:06 - 00891392 _____ (Farbar) C:\Users\Admin\Desktop\MiniToolBox.exe
2015-12-13 21:53 - 2015-12-13 21:54 - 00177682 _____ C:\TDSSKiller.3.1.0.7_13.12.2015_21.53.53_log.txt
2015-12-13 21:27 - 2015-12-13 21:27 - 00000000 ___SD C:\Users\Admin\AppData\LocalLow\Temp
2015-12-13 21:27 - 2015-12-13 21:27 - 00000000 ____D C:\Program Files (x86)\ESET
2015-12-13 21:13 - 2015-12-02 13:18 - 00301728 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2015-12-13 21:11 - 2015-12-13 21:11 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Macromedia
2015-12-13 21:09 - 2015-12-13 21:09 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Adobe
2015-12-13 20:10 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-12-13 20:10 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-12-13 20:10 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-12-13 20:10 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-12-13 20:09 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-12-13 20:09 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-12-13 20:09 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-12-13 20:09 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-12-13 20:09 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-12-13 20:05 - 2015-12-13 20:10 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Toshiba
2015-12-13 20:02 - 2015-12-13 20:02 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Google
2015-12-13 08:02 - 2015-12-13 08:02 - 00079152 _____ C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-13 08:01 - 2015-12-13 08:01 - 00001454 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-13 08:01 - 2015-12-13 08:01 - 00001420 _____ C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2015-12-13 08:01 - 2015-12-13 08:01 - 00000000 ____D C:\Users\Admin\AppData\Roaming\ATI
2015-12-13 08:01 - 2015-12-13 08:01 - 00000000 ____D C:\Users\Admin\AppData\Local\ATI
2015-12-13 08:00 - 2015-12-13 08:01 - 00000000 ____D C:\Users\Admin
2015-12-13 08:00 - 2015-12-13 08:00 - 00000020 ___SH C:\Users\Admin\ntuser.ini
2015-12-13 08:00 - 2015-12-13 08:00 - 00000000 _SHDL C:\Users\Admin\My Documents
2015-12-13 08:00 - 2015-12-13 08:00 - 00000000 _SHDL C:\Users\Admin\Documents\My Videos
2015-12-13 08:00 - 2015-12-13 08:00 - 00000000 _SHDL C:\Users\Admin\Documents\My Pictures
2015-12-13 08:00 - 2015-12-13 08:00 - 00000000 _SHDL C:\Users\Admin\Documents\My Music
2015-12-13 08:00 - 2015-12-13 08:00 - 00000000 ____D C:\Users\Admin\AppData\Local\VirtualStore
2015-12-13 08:00 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Media Center Programs
2015-12-13 07:50 - 2015-12-13 07:50 - 00000000 ____D C:\Users\Kayla\AppData\Local\TOSHIBA_Corporation
2015-12-13 07:49 - 2015-12-13 07:49 - 00079152 _____ C:\Users\Kayla\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-13 07:49 - 2015-12-13 07:49 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\Toshiba
2015-12-13 07:48 - 2015-12-13 07:48 - 00001454 _____ C:\Users\Kayla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-12-13 07:48 - 2015-12-13 07:48 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\ATI
2015-12-13 07:48 - 2015-12-13 07:48 - 00000000 ____D C:\Users\Kayla\AppData\Local\ATI
2015-12-13 07:47 - 2015-12-13 07:47 - 00000013 __RSH C:\windows\system32\Drivers\fbd.sys
2015-12-13 07:47 - 2015-12-13 07:47 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\WinBatch
2015-12-13 07:47 - 2015-12-13 07:47 - 00000000 ____D C:\Users\Kayla\AppData\Local\VirtualStore
2015-12-13 07:46 - 2015-12-13 07:48 - 00000000 ____D C:\Users\Kayla
2015-12-13 07:46 - 2015-12-13 07:46 - 00000020 ___SH C:\Users\Kayla\ntuser.ini
2015-12-13 07:46 - 2015-12-13 07:46 - 00000000 _SHDL C:\Users\Kayla\My Documents
2015-12-13 07:46 - 2015-12-13 07:46 - 00000000 _SHDL C:\Users\Kayla\Documents\My Videos
2015-12-13 07:46 - 2015-12-13 07:46 - 00000000 _SHDL C:\Users\Kayla\Documents\My Pictures
2015-12-13 07:46 - 2015-12-13 07:46 - 00000000 _SHDL C:\Users\Kayla\Documents\My Music
2015-12-13 07:46 - 2009-07-14 02:44 - 00000000 ____D C:\Users\Kayla\AppData\Roaming\Media Center Programs
2015-12-13 04:47 - 2015-12-13 04:47 - 00000000 ____D C:\windows\system32\Drivers\NortonPCCheckupx64
2015-12-13 04:47 - 2015-12-13 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Laptop Checkup
2015-12-13 04:47 - 2015-12-13 04:47 - 00000000 ____D C:\Program Files\Norton PC Checkup
2015-12-13 04:47 - 2015-12-13 04:47 - 00000000 ____D C:\Program Files (x86)\Norton PC Checkup
2015-12-13 04:46 - 2015-12-13 20:11 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Corporation
2015-12-13 04:46 - 2015-12-13 04:46 - 00001722 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com - Shopping.lnk
2015-12-13 04:46 - 2015-12-13 04:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Online Backup
2015-12-13 04:46 - 2015-12-13 04:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero
2015-12-13 04:46 - 2015-12-13 04:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.com
2015-12-13 04:46 - 2015-12-13 04:46 - 00000000 ____D C:\Program Files (x86)\Toshiba Online Backup
2015-12-13 04:45 - 2015-12-13 04:45 - 00000000 ___HD C:\windows\msdownld.tmp
2015-12-13 04:44 - 2015-12-13 20:05 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2015-12-13 04:44 - 2015-12-13 20:04 - 00000000 ____D C:\ProgramData\Norton
2015-12-13 04:44 - 2015-12-13 04:47 - 00000000 ____D C:\ProgramData\NortonInstaller
2015-12-13 04:40 - 2015-12-13 20:16 - 00000000 ____D C:\ProgramData\WildTangent
2015-12-13 04:40 - 2015-12-13 20:16 - 00000000 ____D C:\Program Files (x86)\TOSHIBA Games
2015-12-13 04:36 - 2009-06-22 20:06 - 00035008 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\PGEffect.sys
2015-12-13 04:34 - 1999-10-12 21:47 - 00024576 _____ (Toshiba) C:\windows\SysWOW64\TSCI.dll
2015-12-13 04:34 - 1999-10-12 21:45 - 00024576 _____ (Toshiba) C:\windows\SysWOW64\THCI.dll
2015-12-13 04:32 - 2015-12-13 04:32 - 00000000 ____D C:\ProgramData\Atheros
2015-12-13 04:32 - 2015-12-13 04:32 - 00000000 ____D C:\Program Files (x86)\Atheros
2015-12-13 04:32 - 2009-11-06 15:56 - 01550848 _____ (Atheros Communications, Inc.) C:\windows\system32\Drivers\athrx.sys
2015-12-13 04:32 - 2009-07-07 11:51 - 00009216 _____ (TOSHIBA Corporation) C:\windows\system32\Drivers\FwLnk.sys
2015-12-13 04:32 - 2006-03-23 16:44 - 00009728 _____ (TOSHIBA Corp.) C:\windows\SysWOW64\TCMSVR.dll
2015-12-13 04:32 - 2005-04-15 22:58 - 01351392 _____ (Microsoft Corporation) C:\windows\SysWOW64\COMCTL32.OCX
2015-12-13 04:32 - 2004-03-09 19:00 - 00152848 _____ (Microsoft Corporation) C:\windows\SysWOW64\Comdlg32.ocx
2015-12-13 04:31 - 2015-12-13 04:31 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2015-12-13 04:31 - 2015-12-13 04:31 - 00000000 ____D C:\Program Files\Synaptics
2015-12-13 04:31 - 2015-12-13 04:31 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-12-13 04:31 - 2010-02-01 13:29 - 07367200 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RtsUStoricon.dll
2015-12-13 04:31 - 2010-02-01 13:29 - 07367200 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSUSTORicon.dll
2015-12-13 04:31 - 2010-02-01 13:29 - 00422432 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtsUStor.dll
2015-12-13 04:31 - 2010-02-01 13:29 - 00232992 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsUStor.sys
2015-12-13 04:30 - 2015-12-13 04:30 - 00000000 ____D C:\windows\SysWOW64\Atheros_L1e
2015-12-13 04:28 - 2015-12-13 04:28 - 00000000 ____D C:\Program Files\CONEXANT
2015-12-13 04:27 - 2015-12-13 04:27 - 00000000 ____D C:\ProgramData\ATI
2015-12-13 04:26 - 2015-12-13 04:26 - 00000000 _____ C:\windows\ativpsrm.bin
2015-12-13 04:25 - 2015-12-13 04:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
2015-12-13 04:24 - 2015-12-13 04:25 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-13 04:24 - 2015-12-13 04:24 - 00000000 ____D C:\Program Files\ATI
2015-12-13 04:23 - 2010-03-15 13:06 - 06403072 _____ (ATI Technologies Inc.) C:\windows\system32\Drivers\atipmdag.sys
2015-12-13 04:23 - 2010-03-15 13:06 - 06403072 _____ (ATI Technologies Inc.) C:\windows\system32\Drivers\atikmdag.sys
2015-12-13 04:23 - 2010-03-15 13:00 - 00143360 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atiapfxx.exe
2015-12-13 04:23 - 2010-03-15 13:00 - 00033624 _____ C:\windows\system32\atiapfxx.blb
2015-12-13 04:23 - 2010-03-15 12:59 - 00497152 _____ (ATI Technologies Inc. ) C:\windows\system32\aticfx64.dll
2015-12-13 04:23 - 2010-03-15 12:59 - 00446464 _____ (ATI Technologies Inc. ) C:\windows\SysWOW64\aticfx32.dll
2015-12-13 04:23 - 2010-03-15 12:58 - 18798592 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atio6axx.dll
2015-12-13 04:23 - 2010-03-15 12:57 - 00446464 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\ATIDEMGX.dll
2015-12-13 04:23 - 2010-03-15 12:56 - 00450560 _____ (AMD) C:\windows\system32\atieclxx.exe
2015-12-13 04:23 - 2010-03-15 12:56 - 00202752 _____ (AMD) C:\windows\system32\atiesrxx.exe
2015-12-13 04:23 - 2010-03-15 12:54 - 00420864 _____ (ATI Technologies, Inc.) C:\windows\system32\atipdl64.dll
2015-12-13 04:23 - 2010-03-15 12:54 - 00356352 _____ (ATI Technologies, Inc.) C:\windows\SysWOW64\atipdlxx.dll
2015-12-13 04:23 - 2010-03-15 12:54 - 00274432 _____ (ATI Technologies, Inc.) C:\windows\SysWOW64\Oemdspif.dll
2015-12-13 04:23 - 2010-03-15 12:54 - 00120320 _____ (AMD) C:\windows\system32\atitmm64.dll
2015-12-13 04:23 - 2010-03-15 12:54 - 00059392 _____ (ATI Technologies, Inc.) C:\windows\system32\atiedu64.dll
2015-12-13 04:23 - 2010-03-15 12:54 - 00012288 _____ (AMD) C:\windows\system32\atimuixx.dll
2015-12-13 04:23 - 2010-03-15 12:53 - 00043520 _____ (ATI Technologies, Inc.) C:\windows\SysWOW64\ati2edxx.dll
2015-12-13 04:23 - 2010-03-15 12:50 - 03131392 _____ (ATI Technologies Inc. ) C:\windows\SysWOW64\atidxx32.dll
2015-12-13 04:23 - 2010-03-15 12:42 - 03800064 _____ (ATI Technologies Inc. ) C:\windows\system32\atidxx64.dll
2015-12-13 04:23 - 2010-03-15 12:38 - 14226944 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atioglxx.dll
2015-12-13 04:23 - 2010-03-15 12:33 - 03703808 _____ (ATI Technologies Inc. ) C:\windows\SysWOW64\atiumdag.dll
2015-12-13 04:23 - 2010-03-15 12:27 - 04801536 _____ (ATI Technologies Inc. ) C:\windows\system32\atiumd64.dll
2015-12-13 04:23 - 2010-03-15 12:20 - 02716160 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiumd6a.dll
2015-12-13 04:23 - 2010-03-15 12:18 - 00511072 _____ C:\windows\system32\atiumd6a.cap
2015-12-13 04:23 - 2010-03-15 12:17 - 00055296 _____ (AMD) C:\windows\system32\coinst.dll
2015-12-13 04:23 - 2010-03-15 12:14 - 02993152 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiumdva.dll
2015-12-13 04:23 - 2010-03-15 12:13 - 00511072 _____ C:\windows\SysWOW64\atiumdva.cap
2015-12-13 04:23 - 2010-03-15 12:13 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticalrt.dll
2015-12-13 04:23 - 2010-03-15 12:13 - 00043008 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticalrt64.dll
2015-12-13 04:23 - 2010-03-15 12:13 - 00039936 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticalcl64.dll
2015-12-13 04:23 - 2010-03-15 12:12 - 04781568 _____ (Advanced Micro Devices Inc.) C:\windows\system32\aticaldd64.dll
2015-12-13 04:23 - 2010-03-15 12:12 - 00053248 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticalcl.dll
2015-12-13 04:23 - 2010-03-15 12:11 - 03657728 _____ (Advanced Micro Devices Inc.) C:\windows\SysWOW64\aticaldd.dll
2015-12-13 04:23 - 2010-03-15 12:02 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atimpc64.dll
2015-12-13 04:23 - 2010-03-15 12:02 - 00053248 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\amdpcom64.dll
2015-12-13 04:23 - 2010-03-15 12:02 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atimpc32.dll
2015-12-13 04:23 - 2010-03-15 12:02 - 00052224 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\amdpcom32.dll
2015-12-13 04:23 - 2010-03-15 12:01 - 00330752 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atiadlxx.dll
2015-12-13 04:23 - 2010-03-15 12:01 - 00237568 _____ (Advanced Micro Devices, Inc.) C:\windows\SysWOW64\atiadlxy.dll
2015-12-13 04:23 - 2010-03-15 12:01 - 00016896 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atig6txx.dll
2015-12-13 04:23 - 2010-03-15 12:01 - 00015360 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atigktxx.dll
2015-12-13 04:23 - 2010-03-15 12:01 - 00014848 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atig6pxx.dll
2015-12-13 04:23 - 2010-03-15 12:01 - 00012800 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiglpxx.dll
2015-12-13 04:23 - 2010-03-15 12:01 - 00012800 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiglpxx.dll
2015-12-13 04:23 - 2010-03-15 12:00 - 00188928 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\Drivers\atikmpag.sys
2015-12-13 04:23 - 2010-03-15 12:00 - 00036352 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiuxp64.dll
2015-12-13 04:23 - 2010-03-15 12:00 - 00028160 _____ (Advanced Micro Devices, Inc. ) C:\windows\system32\atiu9p64.dll
2015-12-13 04:23 - 2010-03-15 12:00 - 00027648 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiuxpag.dll
2015-12-13 04:23 - 2010-03-15 12:00 - 00020480 _____ (Advanced Micro Devices, Inc. ) C:\windows\SysWOW64\atiu9pag.dll
2015-12-13 04:23 - 2010-03-15 11:59 - 00053248 _____ (ATI Technologies Inc.) C:\windows\system32\Drivers\ati2erec.dll
2015-12-13 04:23 - 2010-03-02 17:57 - 00020692 _____ C:\windows\atiogl.xml
2015-12-13 04:23 - 2010-02-25 16:55 - 00201875 _____ C:\windows\system32\atiicdxx.dat
2015-12-13 04:23 - 2010-02-23 13:15 - 00001105 _____ C:\windows\SysWOW64\atipblag.dat
2015-12-13 04:23 - 2010-02-23 13:15 - 00001105 _____ C:\windows\system32\atipblag.dat
2015-12-13 04:23 - 2009-05-11 19:35 - 00118784 _____ (Advanced Micro Devices, Inc.) C:\windows\system32\atibtmon.exe
2015-12-13 04:23 - 2009-05-05 12:00 - 00016440 _____ (Advanced Micro Devices Inc.) C:\windows\system32\Drivers\AtiPcie.sys
2015-12-13 04:21 - 2015-12-13 04:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2015-12-13 04:17 - 2015-12-13 04:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-13 04:15 - 2015-12-13 04:15 - 00000000 __RHD C:\MSOCache
2015-12-13 04:15 - 2015-12-13 04:15 - 00000000 ____D C:\Program Files\Microsoft Office
2015-12-13 04:12 - 2015-12-13 04:17 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-13 04:12 - 2015-12-13 04:12 - 00002557 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office PowerPoint Viewer 2007.lnk
2015-12-13 04:11 - 2015-12-13 04:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works
2015-12-13 04:11 - 2015-12-13 04:11 - 00001158 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2015-12-13 04:11 - 2015-12-13 04:11 - 00000000 ____D C:\Program Files (x86)\Microsoft Works

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-15 22:46 - 2009-07-14 00:13 - 00713888 _____ C:\windows\system32\PerfStringBackup.INI
2015-12-15 22:46 - 2009-07-13 22:20 - 00000000 ____D C:\windows\inf
2015-12-15 22:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2015-12-15 22:01 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-12-15 21:06 - 2010-04-04 15:55 - 00000000 ____D C:\ProgramData\Adobe
2015-12-15 21:05 - 2010-04-04 15:55 - 00000000 ____D C:\windows\SysWOW64\Macromed
2015-12-14 22:18 - 2009-07-13 23:45 - 00015568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-14 22:18 - 2009-07-13 23:45 - 00015568 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-13 21:27 - 2009-07-14 00:32 - 00000000 ____D C:\windows\Downloaded Program Files
2015-12-13 20:16 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-13 20:13 - 2010-04-04 15:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-13 20:13 - 2010-04-04 15:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-12-13 20:13 - 2010-04-04 15:48 - 00000000 ____D C:\Program Files\TOSHIBA
2015-12-13 20:11 - 2010-04-04 15:48 - 00000000 ____D C:\Program Files (x86)\TOSHIBA
2015-12-13 20:05 - 2010-04-04 15:57 - 00000000 ____D C:\ProgramData\Partner
2015-12-13 20:05 - 2010-04-04 15:57 - 00000000 ____D C:\Program Files\Google
2015-12-13 20:05 - 2010-04-04 15:57 - 00000000 ____D C:\Program Files (x86)\Google
2015-12-13 20:02 - 2010-04-04 15:57 - 00000000 ____D C:\ProgramData\Google
2015-12-13 07:47 - 2010-04-04 16:04 - 00000000 ____D C:\Users\Public\TEMP
2015-12-13 07:47 - 2010-04-04 00:22 - 00000000 ____D C:\windows\Panther
2015-12-13 07:47 - 2009-07-14 00:37 - 00000000 ____D C:\windows\SysWOW64\sysprep
2015-12-13 07:47 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\sysprep
2015-12-13 07:46 - 2009-07-14 00:08 - 00000000 ____D C:\Users\Administrator
2015-12-13 07:45 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-12-13 05:03 - 2009-07-14 00:32 - 00028672 _____ C:\windows\system32\config\BCD-Template
2015-12-13 04:46 - 2010-04-04 15:56 - 00000000 ____D C:\ProgramData\Toshiba
2015-12-13 04:23 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-13 04:20 - 2009-07-13 23:45 - 00343552 _____ C:\windows\system32\FNTCACHE.DAT
2015-12-13 04:15 - 2009-07-14 02:45 - 00000000 ____D C:\windows\ShellNew

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2010-04-04 15:30

==================== End of FRST.txt ============================



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,743 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:17 PM

Posted 20 December 2015 - 11:00 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/599511 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 23 December 2015 - 10:34 AM

still need help....Please see original post.



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:17 PM

Posted 24 December 2015 - 11:04 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Nothing suspicious was found on this computer.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
S2 0106921430873003mcinstcleanup; C:\Users\Admin\AppData\Local\Temp\010692~1.EXE -cleanup -nolog [X]
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141
===

p..s
Nothing suspicious wa found on your Daugther's com.
You can do the MBAM, Adwcleaner and reset the computer on that computer also.
How ever I do not want to see any logs for that computer.
If the problem persists I suggest you start a new topic for it. We do not service 2 computer on the same topic.

I would also like to know if these computer are or were connected to a router.

#6 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 24 December 2015 - 11:17 PM

Hi Nasdaq!

I will run the requested scans on our main laptop as you requested in the next day.

All of these laptops were connected to the router when it was changed from personal to a public connection. The router and cable modem have since been reset to factory defaults, latest firmware installed on my Asus N66U, new user ID and password assigned, and new SSID and passwords for both bands. I have not put either of these computers back on the network since.

The main laptop does have some weird partitions that I never set up and I don't recognize.

#7 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 28 December 2015 - 02:37 PM

Here is the fixlog.txt:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:14-12-2015
Ran by Admin (2015-12-28 14:32:20) Run:2
Running from C:\Users\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
S2 0106921430873003mcinstcleanup; C:\Users\Admin\AppData\Local\Temp\010692~1.EXE -cleanup -nolog [X]
S4 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [X]
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
 
End
 
*****************
 
Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found.  
0106921430873003mcinstcleanup => service removed successfully
ASUS InstantOn => service removed successfully
MBAMSwissArmy => service removed successfully
EmptyTemp: => 583.1 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 14:34:04 ====



#8 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 28 December 2015 - 03:27 PM

Here is the MBAM log.  When I ran this log for BOOPME he thought there could be something hiding in the background that MBAM could not find (e.g. partition).  I will post the AdwCleaner soon.

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/28/2015
Scan Time: 2:43 PM
Logfile: MBAM Log 12-28-2015.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.12.28.07
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: Admin
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 439683
Time Elapsed: 38 min, 30 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 



#9 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 28 December 2015 - 03:32 PM

Here is the AdwCleaner log:

 

# AdwCleaner v5.026 - Logfile created 28/12/2015 at 15:28:47
# Updated 21/12/2015 by Xplode
# Database : 2015-12-21.2 [Local]
# Operating system : Windows 8.1  (x64)
# Username : Admin - STOEFFLER-LT1
# Running from : C:\Users\Admin\Desktop\adwcleaner_5.026.exe
# Option : Scan
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [567 bytes] ##########



#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:17 PM

Posted 29 December 2015 - 08:19 AM

Well nothing was found.

Is the computer connected to the Router?

What issues persists?

#11 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 29 December 2015 - 08:59 AM

No, I haven't put the computer back on the network. I'm actually afraid to after my credit cards got hacked twice in less than a week.  Maybe it was due to someone getting behind my router's firewall, but I don't know for sure.  I tried to do a factory reinstall of windows but the partition was corrupted in the last 6 months since I did it the last time. I didn't know if someone could change my router settings to public network, could they also get into the computers and place malware deep into the OS or even place it into a partition that these tools cannot see?  I don't know if malware can do this but could there be code that sends out a ping signal on one of the computers that would allow someone to get back into my router settings and change them?

 

All of the computers that were connected have some weird partitions on them that I don't recognize.  When you combine that with the factory partition on this one being corrupted hopefully you can see my concern.   



#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:17 PM

Posted 29 December 2015 - 03:28 PM

Check the security or you router.
 
Control Panel > Network and Security Center > Click on Wireless Network connection > Click on Wireless Properties > select Security Tab.
 
 
What is the Security type? 
What is the Encryption type?


#13 Scott Stoef

Scott Stoef
  • Topic Starter

  • Members
  • 142 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 29 December 2015 - 11:10 PM

Security type is WPA2 Personal and Encryption Type is AES.



#14 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:17 PM

Posted 30 December 2015 - 10:13 AM

It's secure that is exactly what I have.

http://lifehacker.com/the-difference-between-wi-fi-security-protocols-wpa2-a-1672256222

You should have not problems. Connect one computer and test it for a few days.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,227 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:17 PM

Posted 05 January 2016 - 09:56 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users