Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Internet Explorer homepage redirected to "n.clickforms.ru" (Win10)


  • This topic is locked This topic is locked
6 replies to this topic

#1 DKqwerty

DKqwerty

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milky Way Galaxy
  • Local time:09:09 AM

Posted 21 June 2016 - 06:26 PM

Hello,

 

My brother got his computer infected with... something on 19 June 2016 that, among other symptoms, redirects Internet Explorer's homepage to:

 

2lj0rc8.png

 

This URL then redirects to another site that offers the following fake security warning:


2s6qb7o.png

 

Being an idiot, my brother thought that this was a legit warning and installed whatever garbage this is (from Firefox, not IE). It would seem that I've mitigated most of the problems with that specific malware (invisible audio ads, unknown USB backup software, random system-resource-abusing processes, etc.) which are either gone or not running. I cleaned the system with Norton 22.6.0.142, then Norton Power Eraser 5.1.0.9, and finally Spybot S&D 2.4.40.0. They removed multiple trojans and trackers, but cannot seem to fix the redirect and other symptoms. At this point, I figured I'd just ask for help rather than blindly running every computer site's "Top 10" antivirus and antimalware tools.

 

I've noted the following persistent symptoms:

  • The above described redirect. An additional popup tab/redirect will occur occasionally sending tab to various "$100 Gift Card Sweeps" pages.
  • Mozilla Firefox's profile is "missing" and wont start. (Somehow, the profile was rescued as "Old Firefox Data" on the desktop. Still not sure what rescued it given the present infection.)
  • About twenty programs suddenly showed "6/19/2016" as their install date in "Programs and Features" despite being installed several months earlier. Five of these have even shifted their install date to the present, currently showing they were installed on "6/21/2016". (The only software I've installed since 6/19 was Norton and Spybot, both of which maintain their correct install date.)
  • Several programs in "Programs and Features" cannot be uninstalled and only initiate their installation wizard when attempted.
  • System restore will not allow me to roll back to the last known stable system date because of reported disk corruption. When chkdsk /r is run at system boot, it hangs at 10% after letting it run for two hours.
  • Windows login (and sometimes system boot) is quite slow and/or hangs.
  • The smiley face "feedback" button you see in the above IE screen shot (I don't personally use Win10, so maybe I'm wrong, but I doubt that's a legit, Microsoft-created button).

Note: none of these symptoms are alleviated by Safe Mode.

 

The following problems were present but have since been removed or at least stopped:

  • Persistent hidden audio ads which stopped after removing something called "digi.me".
  • Some kind of third-party UBS backup software (or malware) which would eat system CPU and disk resources for 20 minutes before its window would even appear.
  • About a dozen trojan/malware instances which were removed by Norton (I can post the applicable logs if needed).
  • Another few things were removed by Power Eraser.
  • Some tracking stuff and one trojan removed by Spybot.
  • General lagging and abnormally high system resource usage on a system that is less than three months old. This has generally been resolved except as described above.

Before I post my logs, I want to thank in advance anyone who can and does help me with this issue. I'm a highly technical Windows user, but I also know when to throw in the towel and just ask for help. So in this regard, please feel free to offer advice in a straightforward, technical manner because I am (mostly) capable. If your suggestions/guidance goes over my head, I'll let you know!

 

– DK

 

P.S. I searched for the particular URLs redirected to by this infection as well as general descriptors of the issue, but nothing I found seemed relevant to this particular infection. If I missed an already established thread about this same issue, please point me in that direction with my apologies.

___________________________________________________________________

FRST.TXT

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-06-2016 01
Ran by KSlay Laptop (administrator) on LAPTOP-5M6EJPP1 (21-06-2016 14:35:00)
Running from C:\Users\KSlay Laptop\Desktop
Loaded Profiles: KSlay Laptop (Available Profiles: KSlay Laptop)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\Toshiba\System Setting\TCrdMain_Win8.exe [559920 2015-10-09] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-10-29] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [601944 2015-08-14] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1830616 2014-04-10] (Conexant Systems, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516976 2015-06-09] (TOSHIBA)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2917456 2016-06-14] (Valve Corporation)
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\...\RunOnce: [Uninstall C:\Users\KSlay Laptop\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\KSlay Laptop\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\...\RunOnce: [Uninstall C:\Users\KSlay Laptop\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\KSlay Laptop\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\...\RunOnce: [Uninstall C:\Users\KSlay Laptop\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\KSlay Laptop\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\amd64"
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\...\MountPoints2: {2840eb27-ce0a-11e5-9846-4cbb58a959b3} - "E:\HTC_Sync_Manager_PC.exe"
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\...\MountPoints2: {f5a7d0bc-d124-11e5-984e-4cbb58a959b3} - "E:\HTC_Sync_Manager_PC.exe"
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\buShell.dll [2016-02-18] (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{15bada1e-ef20-4ce4-b906-53971354caaa}: [DhcpNameServer] 40.41.1.66
Tcpip\..\Interfaces\{5ef6d386-5752-4737-a722-6a1e8b159473}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\Software\Microsoft\Internet Explorer\Main,Local Page = index.html
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.destructsrv.com
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba15.msn.com/?pc=TBTE
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://start.new.toshiba.com?cid=H16C1
HKU\S-1-5-21-2991909944-2981709566-2306019750-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://start.new.toshiba.com/?cid=H16C1
SearchScopes: HKU\S-1-5-21-2991909944-2981709566-2306019750-1001 -> DefaultScope {85547FB3-EE1D-4EE6-B163-C9185FBCBA21} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2991909944-2981709566-2306019750-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.destructsrv.com/index.php?a=web&q={searchTerms}&src=IE-SearchBox&FORM=IESR02
SearchScopes: HKU\S-1-5-21-2991909944-2981709566-2306019750-1001 -> {85547FB3-EE1D-4EE6-B163-C9185FBCBA21} URL = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2991909944-2981709566-2306019750-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NS&chn=1007450&geo=US&ver=22&locale=en_US&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-2991909944-2981709566-2306019750-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
IE Session Restore: HKU\S-1-5-21-2991909944-2981709566-2306019750-1001 -> is enabled.

FireFox:
========
FF ProfilePath: C:\Users\KSlay Laptop\AppData\Roaming\Mozilla\Firefox\Profiles\bxt3vxuw.default
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon [2016-06-19]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.6.0.142\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-06-19]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\Exts\Chrome.crx [2016-06-19]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2016-01-07] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [139504 2016-01-07] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [139504 2016-01-07] (Dropbox, Inc.)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373728 2016-02-05] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
S2 NS; C:\Program Files (x86)\Norton Security\Engine\22.6.0.142\NS.exe [289080 2016-02-26] (Symantec Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-10-29] (Synaptics Incorporated)
S2 TOSRMService; C:\Program Files (x86)\TOSHIBA\TOSHIBA System Driver\RMService.exe [326960 2015-06-24] (TOSHIBA)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 dowidoly; C:\Program Files (x86)\EE1351E3-1466380417-EE4A-B0E7-A41BE95D61E0\jnswF2DA.tmp [X]
S2 qiqobytizbt; C:\Program Files (x86)\EE1351E3-1466380417-EE4A-B0E7-A41BE95D61E0\knscCEB2.tmpfs [X]
S2 rijufoze; C:\Program Files (x86)\EE1351E3-1466380417-EE4A-B0E7-A41BE95D61E0\hnswBF2.tmp [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2016-01-07] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11245816 2016-01-07] (Broadcom Corp)
S3 BCMWL63A; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11245816 2016-01-07] (Broadcom Corp)
S1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\BASHDefs\20160613.001\BHDrvx64.sys [1832176 2016-06-13] (Symantec Corporation)
S1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1606000.08E\ccSetx64.sys [173808 2016-02-23] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation)
S3 EraserUtilDrv11521; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11521.sys [156912 2016-04-27] (Symantec Corporation)
S1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\IPSDefs\20160617.001\IDSvia64.sys [876248 2016-06-17] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-29] (Intel Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\VirusDefs\20160620.002\ENG64.SYS [138456 2016-05-06] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton Security\NortonData\22.6.0.142\Definitions\VirusDefs\20160620.002\EX64.SYS [2148056 2016-05-06] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [301784 2015-06-01] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2015-06-16] (Realtek                                            )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-10-29] (Synaptics Incorporated)
S1 SRTSP; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSP64.SYS [928504 2016-02-23] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NSx64\1606000.08E\SRTSPX64.SYS [50936 2016-02-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NSx64\1606000.08E\SymELAM.sys [24192 2016-02-23] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-06-19] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NSx64\1606000.08E\Ironx64.SYS [295664 2016-02-23] (Symantec Corporation)
S1 SymNetS; C:\Windows\system32\drivers\NSx64\1606000.08E\SYMNETS.SYS [577768 2016-02-23] (Symantec Corporation)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45720 2015-06-13] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-21 14:35 - 2016-06-21 14:35 - 00016746 _____ C:\Users\KSlay Laptop\Desktop\FRST.txt
2016-06-21 14:34 - 2016-06-21 14:35 - 00000000 ____D C:\FRST
2016-06-21 14:33 - 2016-06-21 14:27 - 02387456 _____ (Farbar) C:\Users\KSlay Laptop\Desktop\FRST64.exe
2016-06-20 21:24 - 2016-06-20 21:24 - 00000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job
2016-06-20 21:22 - 2016-06-20 21:22 - 00000000 ____D C:\Windows\pss
2016-06-20 00:35 - 2016-06-20 00:32 - 00452882 ____R C:\Windows\system32\Drivers\etc\hosts.20160620-003524.backup
2016-06-20 00:32 - 2016-06-19 19:52 - 00001006 _____ C:\Windows\system32\Drivers\etc\hosts.20160620-003230.backup
2016-06-20 00:28 - 2016-06-20 00:28 - 00000000 ____D C:\Program Files\Common Files\AV
2016-06-20 00:26 - 2016-06-20 00:26 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-06-20 00:25 - 2016-06-20 22:23 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-06-20 00:25 - 2016-06-20 00:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-06-20 00:25 - 2016-06-20 00:25 - 00001435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-06-20 00:25 - 2016-06-20 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-06-20 00:25 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-06-20 00:23 - 2016-06-20 00:24 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\KSlay Laptop\Downloads\spybot-2.4.exe
2016-06-20 00:15 - 2016-06-20 17:10 - 00001078 _____ C:\Windows\ntbtlog.txt
2016-06-19 23:56 - 2016-06-20 00:17 - 00000000 ____D C:\NPE
2016-06-19 23:02 - 2016-06-20 00:33 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\NPE
2016-06-19 22:57 - 2016-06-19 22:57 - 00017636 _____ C:\Users\KSlay Laptop\Documents\Norton scan results - 2016-06-19 - Multi-threat.txt
2016-06-19 21:10 - 2016-06-20 20:42 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-06-19 21:10 - 2016-06-19 21:39 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\CrashDumps
2016-06-19 21:09 - 2016-06-19 21:09 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-06-19 21:06 - 2016-06-19 21:06 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-06-19 21:06 - 2016-06-19 21:06 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-06-19 21:06 - 2016-06-19 21:06 - 00003388 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-06-19 21:06 - 2016-06-19 21:06 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-06-19 21:04 - 2016-06-19 21:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-06-19 21:04 - 2016-06-19 21:04 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-06-19 21:04 - 2016-06-19 21:04 - 00000000 ____D C:\Program Files (x86)\Norton Security
2016-06-19 20:57 - 2016-06-19 20:57 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-06-19 20:57 - 2016-06-19 20:57 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-06-19 20:53 - 2016-06-19 23:02 - 00000000 ____D C:\ProgramData\Norton
2016-06-19 20:53 - 2016-06-19 20:53 - 01089432 _____ (Symantec Corporation) C:\Users\KSlay Laptop\Downloads\NortonNSDownloader.exe
2016-06-19 20:53 - 2016-06-19 20:53 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-06-19 20:04 - 2016-06-19 20:04 - 00000258 __RSH C:\Users\KSlay Laptop\ntuser.pol
2016-06-19 20:02 - 2016-06-19 20:02 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Roaming\AdVPN
2016-06-19 19:55 - 2016-06-19 19:52 - 00001006 _____ C:\Windows\system32\Drivers\etc\hp.bak
2016-06-19 19:54 - 2016-06-19 19:54 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-06-19 19:53 - 2016-06-19 23:35 - 00000000 ____D C:\Program Files (x86)\SoftUpgrade
2016-06-19 19:53 - 2016-06-19 20:09 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Roaming\Checkers
2016-06-19 19:53 - 2016-06-19 19:53 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\CrashRpt
2016-06-19 19:52 - 2016-06-19 23:35 - 00000000 ____D C:\Program Files (x86)\windfind
2016-06-19 19:52 - 2016-06-19 19:52 - 00000000 ____D C:\Users\KSlay Laptop\Desktop\Old Firefox Data
2016-06-19 19:51 - 2016-06-19 19:52 - 18698056 _____ (Torrentex Inc. ) C:\Users\KSlay Laptop\Downloads\torrentex0.1.4b.exe
2016-06-19 19:51 - 2016-06-19 19:51 - 00621568 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\KSlay Laptop\Downloads\libeay32.dll
2016-06-19 19:51 - 2016-06-19 19:51 - 00162304 _____ (The OpenSSL Project, hxxp://www.openssl.org/) C:\Users\KSlay Laptop\Downloads\ssleay32.dll
2016-06-19 19:44 - 2016-06-19 19:44 - 00000000 _____ C:\Users\KSlay Laptop\AppData\Local\tr5b.txt
2016-06-19 19:43 - 2016-06-20 16:19 - 00004182 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C6C560CB-424F-4CA2-88F3-073EE8D92CA1}
2016-06-19 19:43 - 2016-06-19 23:35 - 00000000 ___HD C:\Program Files (x86)\mcauliffe
2016-06-19 19:43 - 2016-06-19 23:35 - 00000000 ___HD C:\Program Files (x86)\balin
2016-06-19 19:43 - 2016-06-19 20:01 - 00000000 ____D C:\Program Files (x86)\AdVpnProxyService
2016-06-19 19:43 - 2016-06-19 19:43 - 00010752 _____ C:\Windows\griffes.exe
2016-06-19 19:43 - 2016-06-19 19:43 - 00006656 _____ C:\Windows\settings.dll
2016-06-19 19:43 - 2016-06-19 19:43 - 00000003 _____ C:\Users\KSlay Laptop\AppData\Local\aatxtname.txt
2016-06-19 19:42 - 2016-06-19 20:01 - 00000000 ____D C:\Program Files (x86)\AdVPN
2016-06-19 19:42 - 2016-06-19 19:42 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2016-06-19 19:42 - 2016-06-19 19:42 - 00000000 ____D C:\Users\Public\Documents\[~drivepro~]
2016-06-19 19:37 - 2016-06-19 19:37 - 05937448 _____ C:\Users\KSlay Laptop\Downloads\Guitar Pro 6 Keygen_Crack Full Version.exe
2016-06-19 19:32 - 2016-06-19 19:32 - 00000000 ____D C:\Users\KSlay Laptop\AppData\LocalLow\uTorrent
2016-06-19 18:47 - 2016-06-19 18:50 - 00289660 _____ C:\Windows\Minidump\061916-32390-01.dmp
2016-06-19 18:26 - 2016-06-19 18:26 - 00000016 _____ C:\Windows\SysWOW64\w3data.vss
2016-06-19 18:26 - 2016-06-19 18:26 - 00000016 _____ C:\Windows\SysWOW64\msvcsv60.dll
2016-06-19 18:26 - 2016-06-19 18:26 - 00000016 _____ C:\Windows\msocreg32.dat
2016-06-19 18:25 - 2016-06-19 18:25 - 00000000 ____D C:\Program Files (x86)\IK Multimedia
2016-06-19 18:22 - 2016-06-19 18:23 - 00000000 ____D C:\Users\KSlay Laptop\Downloads\Miroslav Philharmonik VSTi DXi RTAS v1.1 (With DVD 1 & DVD 2)
2016-06-19 18:16 - 2016-06-19 18:18 - 00289644 _____ C:\Windows\Minidump\061916-23171-01.dmp
2016-06-19 01:06 - 2016-06-19 01:06 - 00285364 _____ C:\Windows\Minidump\061916-28109-01.dmp
2016-06-17 23:16 - 2016-06-19 18:20 - 00000000 ____D C:\Users\KSlay Laptop\Downloads\Person of Interest
2016-06-14 22:24 - 2016-06-14 22:27 - 00000000 ____D C:\Users\KSlay Laptop\Documents\REAPER Media
2016-06-14 22:05 - 2016-06-14 22:07 - 00144267 _____ C:\Users\KSlay Laptop\Downloads\Fleshgod Apocalypse - d tuning RSE The Fool (Pro).gp5
2016-06-14 19:24 - 2016-05-28 02:13 - 01401024 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-06-14 19:24 - 2016-05-28 02:13 - 00046784 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-06-14 19:24 - 2016-05-28 00:57 - 01594416 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-06-14 19:24 - 2016-05-28 00:57 - 01372312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-06-14 19:24 - 2016-05-28 00:35 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\tdlrecover.exe
2016-06-14 19:24 - 2016-05-28 00:35 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-06-14 19:24 - 2016-05-28 00:31 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-06-14 19:24 - 2016-05-28 00:29 - 22379008 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-06-14 19:24 - 2016-05-28 00:29 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-06-14 19:24 - 2016-05-28 00:28 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-06-14 19:24 - 2016-05-28 00:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-06-14 19:24 - 2016-05-28 00:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-06-14 19:24 - 2016-05-28 00:26 - 00120320 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-06-14 19:24 - 2016-05-28 00:26 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-06-14 19:24 - 2016-05-28 00:24 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-06-14 19:24 - 2016-05-28 00:22 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-06-14 19:24 - 2016-05-28 00:22 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-06-14 19:24 - 2016-05-28 00:22 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-06-14 19:24 - 2016-05-28 00:19 - 24605696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-06-14 19:24 - 2016-05-28 00:18 - 07977472 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-06-14 19:24 - 2016-05-28 00:18 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-06-14 19:24 - 2016-05-28 00:17 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-06-14 19:24 - 2016-05-28 00:15 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-06-14 19:24 - 2016-05-28 00:15 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-06-14 19:24 - 2016-05-28 00:15 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-06-14 19:24 - 2016-05-28 00:14 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-06-14 19:24 - 2016-05-28 00:14 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-06-14 19:24 - 2016-05-28 00:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-06-14 19:24 - 2016-05-28 00:13 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-06-14 19:24 - 2016-05-28 00:12 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-06-14 19:24 - 2016-05-28 00:11 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-06-14 19:24 - 2016-05-28 00:11 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-06-14 19:24 - 2016-05-28 00:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-06-14 19:24 - 2016-05-28 00:08 - 06295552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-06-14 19:24 - 2016-05-28 00:06 - 07200256 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-06-14 19:24 - 2016-05-28 00:03 - 05205504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-06-14 19:24 - 2016-05-28 00:03 - 02609664 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-06-14 19:24 - 2016-05-28 00:00 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-06-14 19:24 - 2016-05-27 23:58 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-06-14 19:23 - 2016-05-28 02:13 - 00290496 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-06-14 19:23 - 2016-05-28 02:13 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-06-14 19:23 - 2016-05-28 01:25 - 04268880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2016-06-14 19:23 - 2016-05-28 01:23 - 00388384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-06-14 19:23 - 2016-05-28 01:23 - 00312160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-06-14 19:23 - 2016-05-28 01:22 - 07474528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-06-14 19:23 - 2016-05-28 01:22 - 04387680 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2016-06-14 19:23 - 2016-05-28 01:22 - 00428896 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2016-06-14 19:23 - 2016-05-28 01:22 - 00211296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tpm.sys
2016-06-14 19:23 - 2016-05-28 01:20 - 00430312 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-06-14 19:23 - 2016-05-28 01:18 - 00357216 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-06-14 19:23 - 2016-05-28 01:09 - 00501600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-06-14 19:23 - 2016-05-28 01:08 - 00693600 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-06-14 19:23 - 2016-05-28 01:07 - 03675512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-06-14 19:23 - 2016-05-28 01:07 - 02921880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-06-14 19:23 - 2016-05-28 01:07 - 01322248 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-06-14 19:23 - 2016-05-28 01:07 - 00957608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-06-14 19:23 - 2016-05-28 01:07 - 00808288 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-06-14 19:23 - 2016-05-28 01:07 - 00703840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-06-14 19:23 - 2016-05-28 01:07 - 00331616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2016-06-14 19:23 - 2016-05-28 01:06 - 22561256 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-06-14 19:23 - 2016-05-28 01:06 - 04074160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-06-14 19:23 - 2016-05-28 01:06 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Shell.Broker.dll
2016-06-14 19:23 - 2016-05-28 01:06 - 00303216 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-06-14 19:23 - 2016-05-28 01:06 - 00254656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-06-14 19:23 - 2016-05-28 01:05 - 04515264 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-06-14 19:23 - 2016-05-28 01:04 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-06-14 19:23 - 2016-05-28 01:04 - 00431296 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-06-14 19:23 - 2016-05-28 01:04 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-06-14 19:23 - 2016-05-28 01:04 - 00111064 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-06-14 19:23 - 2016-05-28 01:04 - 00097096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-06-14 19:23 - 2016-05-28 01:03 - 00131248 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-06-14 19:23 - 2016-05-28 00:58 - 01996640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-06-14 19:23 - 2016-05-28 00:58 - 00379232 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-06-14 19:23 - 2016-05-28 00:57 - 02548944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2016-06-14 19:23 - 2016-05-28 00:57 - 02195632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2016-06-14 19:23 - 2016-05-28 00:57 - 00649792 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2016-06-14 19:23 - 2016-05-28 00:57 - 00636304 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-06-14 19:23 - 2016-05-28 00:57 - 00577376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-06-14 19:23 - 2016-05-28 00:57 - 00546456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-06-14 19:23 - 2016-05-28 00:57 - 00521664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2016-06-14 19:23 - 2016-05-28 00:57 - 00316256 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-06-14 19:23 - 2016-05-28 00:35 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsdport.sys
2016-06-14 19:23 - 2016-05-28 00:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdlrecover.exe
2016-06-14 19:23 - 2016-05-28 00:26 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-06-14 19:23 - 2016-05-28 00:25 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-06-14 19:23 - 2016-05-28 00:24 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-06-14 19:23 - 2016-05-28 00:22 - 00368640 _____ (Microsoft Corporation) C:\Windows\system32\usocore.dll
2016-06-14 19:23 - 2016-05-28 00:22 - 00278528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-06-14 19:23 - 2016-05-28 00:22 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-06-14 19:23 - 2016-05-28 00:21 - 00239104 _____ (Microsoft Corporation) C:\Windows\system32\BrokerLib.dll
2016-06-14 19:23 - 2016-05-28 00:21 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-06-14 19:23 - 2016-05-28 00:20 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-06-14 19:23 - 2016-05-28 00:20 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-06-14 19:23 - 2016-05-28 00:19 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-06-14 19:23 - 2016-05-28 00:18 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-06-14 19:23 - 2016-05-28 00:18 - 00610816 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2016-06-14 19:23 - 2016-05-28 00:18 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2016-06-14 19:23 - 2016-05-28 00:18 - 00392192 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-06-14 19:23 - 2016-05-28 00:18 - 00380416 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-06-14 19:23 - 2016-05-28 00:18 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-06-14 19:23 - 2016-05-28 00:17 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-06-14 19:23 - 2016-05-28 00:17 - 00963072 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2016-06-14 19:23 - 2016-05-28 00:17 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-06-14 19:23 - 2016-05-28 00:16 - 19344384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-06-14 19:23 - 2016-05-28 00:16 - 00690176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-06-14 19:23 - 2016-05-28 00:16 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-06-14 19:23 - 2016-05-28 00:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\AppContracts.dll
2016-06-14 19:23 - 2016-05-28 00:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-06-14 19:23 - 2016-05-28 00:16 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-06-14 19:23 - 2016-05-28 00:15 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-06-14 19:23 - 2016-05-28 00:15 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2016-06-14 19:23 - 2016-05-28 00:15 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-06-14 19:23 - 2016-05-28 00:14 - 18674176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-06-14 19:23 - 2016-05-28 00:14 - 01716736 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-06-14 19:23 - 2016-05-28 00:14 - 00965632 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-06-14 19:23 - 2016-05-28 00:14 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-06-14 19:23 - 2016-05-28 00:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-06-14 19:23 - 2016-05-28 00:13 - 00990208 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-06-14 19:23 - 2016-05-28 00:13 - 00982016 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2016-06-14 19:23 - 2016-05-28 00:13 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-06-14 19:23 - 2016-05-28 00:13 - 00467456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppContracts.dll
2016-06-14 19:23 - 2016-05-28 00:12 - 00614400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-06-14 19:23 - 2016-05-28 00:12 - 00521728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-06-14 19:23 - 2016-05-28 00:11 - 01445888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-06-14 19:23 - 2016-05-28 00:11 - 00890368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2016-06-14 19:23 - 2016-05-28 00:11 - 00687616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-06-14 19:23 - 2016-05-28 00:09 - 01073152 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-06-14 19:23 - 2016-05-28 00:08 - 13385728 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-06-14 19:23 - 2016-05-28 00:06 - 12128256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-06-14 19:23 - 2016-05-28 00:06 - 01339904 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-06-14 19:23 - 2016-05-28 00:05 - 03994624 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-06-14 19:23 - 2016-05-28 00:05 - 03664896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-06-14 19:23 - 2016-05-28 00:05 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-06-14 19:23 - 2016-05-28 00:05 - 01797120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-06-14 19:23 - 2016-05-28 00:04 - 06973952 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-06-14 19:23 - 2016-05-28 00:03 - 05323776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-06-14 19:23 - 2016-05-28 00:03 - 01185280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationFramework.dll
2016-06-14 19:23 - 2016-05-28 00:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-06-14 19:23 - 2016-05-28 00:02 - 03590144 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-06-14 19:23 - 2016-05-28 00:02 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-06-14 19:23 - 2016-05-28 00:02 - 01534464 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2016-06-14 19:23 - 2016-05-28 00:01 - 01799680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-06-14 19:23 - 2016-05-28 00:01 - 01582080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-06-14 19:23 - 2016-05-28 00:01 - 01500160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-06-14 19:23 - 2016-05-28 00:00 - 05660160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-06-14 19:23 - 2016-05-28 00:00 - 03585536 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-06-14 19:23 - 2016-05-28 00:00 - 02635776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-06-14 19:23 - 2016-05-28 00:00 - 02230272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-06-14 19:23 - 2016-05-28 00:00 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-06-14 19:23 - 2016-05-28 00:00 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-06-14 19:23 - 2016-05-28 00:00 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-06-14 19:23 - 2016-05-27 23:58 - 07832576 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-06-14 19:23 - 2016-05-27 23:58 - 04896256 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-06-14 19:23 - 2016-05-27 23:58 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-06-14 19:23 - 2016-05-27 23:58 - 02066432 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-06-14 19:23 - 2016-05-27 23:57 - 02281472 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-06-14 19:23 - 2016-05-27 23:55 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-06-14 19:22 - 2016-05-28 02:13 - 01184960 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-06-14 19:22 - 2016-05-28 02:13 - 00514752 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-06-14 19:22 - 2016-05-28 01:22 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2016-06-14 19:22 - 2016-05-28 01:16 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-06-14 19:22 - 2016-05-28 01:09 - 00170848 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-06-14 19:22 - 2016-05-28 01:09 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-06-14 19:22 - 2016-05-28 01:08 - 00258912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ufx01000.sys
2016-06-14 19:22 - 2016-05-28 01:08 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-06-14 19:22 - 2016-05-28 01:04 - 00360480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-06-14 19:22 - 2016-05-28 00:31 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-06-14 19:22 - 2016-05-28 00:29 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2016-06-14 19:22 - 2016-05-28 00:29 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\httpprxp.dll
2016-06-14 19:22 - 2016-05-28 00:28 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\MusNotification.exe
2016-06-14 19:22 - 2016-05-28 00:28 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-06-14 19:22 - 2016-05-28 00:26 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-06-14 19:22 - 2016-05-28 00:26 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-06-14 19:22 - 2016-05-28 00:25 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2016-06-14 19:22 - 2016-05-28 00:24 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-06-14 19:22 - 2016-05-28 00:24 - 00124928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Ndu.sys
2016-06-14 19:22 - 2016-05-28 00:24 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-06-14 19:22 - 2016-05-28 00:24 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-06-14 19:22 - 2016-05-28 00:24 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2016-06-14 19:22 - 2016-05-28 00:24 - 00053760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-06-14 19:22 - 2016-05-28 00:23 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2016-06-14 19:22 - 2016-05-28 00:23 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc.dll
2016-06-14 19:22 - 2016-05-28 00:22 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-06-14 19:22 - 2016-05-28 00:22 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-06-14 19:22 - 2016-05-28 00:22 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-06-14 19:22 - 2016-05-28 00:21 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-06-14 19:22 - 2016-05-28 00:21 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-06-14 19:22 - 2016-05-28 00:20 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2016-06-14 19:22 - 2016-05-28 00:20 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2016-06-14 19:22 - 2016-05-28 00:20 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\GnssAdapter.dll
2016-06-14 19:22 - 2016-05-28 00:20 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Privacy.dll
2016-06-14 19:22 - 2016-05-28 00:20 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2016-06-14 19:22 - 2016-05-28 00:19 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-06-14 19:22 - 2016-05-28 00:19 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-06-14 19:22 - 2016-05-28 00:19 - 00355840 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2016-06-14 19:22 - 2016-05-28 00:19 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc.dll
2016-06-14 19:22 - 2016-05-28 00:17 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2016-06-14 19:22 - 2016-05-28 00:17 - 00415232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-06-14 19:22 - 2016-05-28 00:17 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\RDXTaskFactory.dll
2016-06-14 19:22 - 2016-05-28 00:17 - 00278016 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-06-14 19:22 - 2016-05-28 00:16 - 00291328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-06-14 19:22 - 2016-05-28 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2016-06-14 19:22 - 2016-05-28 00:15 - 00293888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2016-06-14 19:22 - 2016-05-28 00:14 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-06-14 19:22 - 2016-05-28 00:13 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-06-14 19:22 - 2016-05-28 00:13 - 00954368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-06-14 19:22 - 2016-05-28 00:13 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2016-06-14 19:22 - 2016-05-28 00:11 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-06-14 19:22 - 2016-05-28 00:11 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2016-06-14 19:22 - 2016-05-28 00:04 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-06-14 19:22 - 2016-05-28 00:04 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-06-14 19:22 - 2016-05-28 00:03 - 00693760 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2016-06-14 19:22 - 2016-05-28 00:02 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\updatepolicy.dll
2016-06-14 19:22 - 2016-05-28 00:01 - 00111104 _____ (Microsoft Corporation) C:\Windows\system32\updatepolicy.dll
2016-06-14 19:22 - 2016-05-28 00:00 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-06-14 19:22 - 2016-05-28 00:00 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-06-14 19:22 - 2016-05-27 23:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-06-14 19:22 - 2016-05-27 23:53 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\ngcpopkeysrv.dll
2016-06-14 10:56 - 2016-06-14 10:56 - 00000779 ____N C:\Users\KSlay Laptop\Desktop\Videos - Shortcut.lnk
2016-06-08 15:30 - 2016-06-19 12:04 - 00000000 ____D C:\Users\KSlay Laptop\Desktop\Background Pictures
2016-06-07 20:32 - 2016-06-09 01:44 - 00008237 _____ C:\Users\KSlay Laptop\Desktop\Hypocricy.wlmp
2016-06-07 15:23 - 2016-06-19 23:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-06-06 01:33 - 2016-06-05 21:59 - 1005162066 _____ C:\Users\KSlay Laptop\Desktop\SAM_0937 fleshgod apocplyce .MP4
2016-06-06 01:32 - 2016-06-05 21:49 - 606804627 _____ C:\Users\KSlay Laptop\Desktop\SAM_0936 NAGLfar .MP4
2016-06-02 19:45 - 2016-06-04 00:54 - 00004252 _____ C:\Users\KSlay Laptop\Desktop\slaves plus.wlmp
2016-06-01 17:23 - 2016-06-01 15:49 - 113944542 _____ C:\Users\KSlay Laptop\Desktop\VIDEO0521 FLGA KING .mp4
2016-06-01 17:23 - 2016-05-25 22:12 - 84816174 _____ C:\Users\KSlay Laptop\Desktop\VIDEO0518 NICK BARKER.mp4
2016-06-01 17:20 - 2016-05-29 20:51 - 1837284580 _____ C:\Users\KSlay Laptop\Desktop\VIDEO0520.mp4
2016-06-01 16:51 - 2016-06-15 16:40 - 00484008 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-05-28 20:15 - 2016-05-28 20:15 - 00001795 ____N C:\Users\KSlay Laptop\Desktop\Paint.lnk
2016-05-23 20:22 - 2016-05-28 22:28 - 00010234 _____ C:\Users\KSlay Laptop\Desktop\blessings.wlmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-06-20 21:53 - 2016-01-07 07:53 - 00879220 _____ C:\Windows\system32\PerfStringBackup.INI
2016-06-20 21:53 - 2015-10-30 03:21 - 00000000 ____D C:\Windows\INF
2016-06-20 21:22 - 2016-01-07 07:47 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-06-20 21:22 - 2015-10-30 02:28 - 00786432 ___SH C:\Windows\system32\config\BBI
2016-06-20 20:55 - 2016-01-07 08:50 - 00000948 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineUA.job
2016-06-20 20:47 - 2016-01-07 08:17 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-06-20 20:42 - 2016-02-01 18:49 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\Host App Service
2016-06-20 20:38 - 2016-02-01 18:51 - 00000000 __SHD C:\Users\KSlay Laptop\IntelGraphicsProfiles
2016-06-20 20:38 - 2016-02-01 18:48 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-06-20 20:38 - 2016-01-07 08:50 - 00000944 _____ C:\Windows\Tasks\DropboxUpdateTaskMachineCore.job
2016-06-20 19:28 - 2016-02-01 18:51 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\App Place for Toshiba
2016-06-20 16:26 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\AppReadiness
2016-06-20 16:21 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-19 23:37 - 2016-01-07 08:52 - 00000000 ____D C:\ProgramData\McAfee
2016-06-19 23:37 - 2016-01-07 08:52 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-06-19 22:53 - 2016-02-01 19:11 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Roaming\uTorrent
2016-06-19 21:18 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\NDF
2016-06-19 21:08 - 2015-10-30 02:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-06-19 21:06 - 2015-10-30 03:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-06-19 21:00 - 2016-05-05 16:47 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Roaming\Apple Computer
2016-06-19 20:35 - 2016-02-02 15:05 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\MicrosoftEdge
2016-06-19 20:17 - 2016-02-22 19:41 - 00000000 ____D C:\Users\KSlay Laptop\Desktop\Kevin
2016-06-19 20:04 - 2016-02-01 18:49 - 00000000 ____D C:\Users\KSlay Laptop
2016-06-19 20:00 - 2016-01-07 08:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-06-19 19:59 - 2016-02-01 18:58 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Roaming\WildTangent
2016-06-19 19:59 - 2016-01-07 08:42 - 00000000 ____D C:\ProgramData\WildTangent
2016-06-19 19:59 - 2016-01-07 08:42 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-06-19 19:54 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\GroupPolicy
2016-06-19 19:51 - 2016-02-01 19:01 - 00002043 ____R C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-06-19 19:51 - 2016-02-01 19:01 - 00002031 ____R C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-06-19 18:55 - 2016-02-11 01:50 - 00132840 _____ C:\Users\KSlay Laptop\Downloads\Shade Empire - Designed For Blood (Pro)(1).gp5
2016-06-19 18:47 - 2016-02-03 14:04 - 590326560 _____ C:\Windows\MEMORY.DMP
2016-06-19 18:47 - 2016-02-03 14:04 - 00000000 ____D C:\Windows\Minidump
2016-06-19 18:29 - 2016-02-01 18:51 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\VirtualStore
2016-06-18 03:06 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\rescache
2016-06-18 00:07 - 2015-10-30 03:11 - 00000000 ____D C:\Windows\CbsTemp
2016-06-16 18:56 - 2016-02-01 19:08 - 00000000 ____D C:\Program Files (x86)\Steam
2016-06-16 18:36 - 2016-02-01 18:57 - 01388432 _____ C:\Users\Public\VOIP.dat
2016-06-15 17:21 - 2016-02-01 19:04 - 00000000 ____D C:\Users\KSlay Laptop\Documents\CyberLink
2016-06-15 13:36 - 2016-01-07 07:50 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-06-15 08:35 - 2016-01-07 07:39 - 00247176 _____ C:\Windows\system32\FNTCACHE.DAT
2016-06-15 08:32 - 2015-10-30 03:24 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-06-15 08:32 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-06-15 08:32 - 2015-10-30 03:24 - 00000000 ____D C:\Windows\bcastdvr
2016-06-14 21:08 - 2016-02-01 21:49 - 00000000 ____D C:\Windows\system32\MRT
2016-06-14 21:04 - 2016-02-01 21:49 - 142482544 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00828408 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-06-14 14:33 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-06-13 23:39 - 2016-02-09 02:07 - 00000000 ____D C:\Users\KSlay Laptop\Desktop\Toontrack Superior Drummer 2 v2.4.1 Incl. Patch and Keygen-R2R [ATOM]
2016-06-09 15:12 - 2016-02-14 17:38 - 00000000 ____D C:\Users\KSlay Laptop\Desktop\DRUM SET UP PICS
2016-06-08 20:36 - 2016-03-04 21:17 - 00000000 ____D C:\Users\KSlay Laptop\AppData\Local\Windows Live
2016-05-28 01:55 - 2016-01-07 07:49 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll

==================== Files in the root of some directories =======

2016-06-19 19:43 - 2016-06-19 19:43 - 0000003 _____ () C:\Users\KSlay Laptop\AppData\Local\aatxtname.txt
2016-03-18 01:00 - 2016-03-18 01:00 - 0000000 _____ () C:\Users\KSlay Laptop\AppData\Local\ok223.txt
2016-06-19 19:44 - 2016-06-19 19:44 - 0000000 _____ () C:\Users\KSlay Laptop\AppData\Local\tr5b.txt
2016-04-17 04:55 - 2016-04-17 04:55 - 0000000 _____ () C:\Users\KSlay Laptop\AppData\Local\{2B75E6F4-7393-49BC-A6E4-E85C6D60347E}

Files to move or delete:
====================
C:\Users\Public\VOIP.dat


Some files in TEMP:
====================
C:\Users\KSlay Laptop\AppData\Local\Temp\9fQIA1hk-prog.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\9fQIA1hk-upd.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\amisetup1447__12202_il4.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\Firefox Setup 42.0-2-Toshiba-001-US.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\oct11E1.tmp.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\oct6FB0.tmp.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\octB943.tmp.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\_is4030.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\_is7118.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\_is7FF8.exe
C:\Users\KSlay Laptop\AppData\Local\Temp\_isAF2B.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-06-13 08:08

==================== End of FRST.txt ============================

Attached Files


Edited by DKqwerty, 21 June 2016 - 06:33 PM.


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,715 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:09 PM

Posted 22 June 2016 - 06:18 AM

Hello DKqwerty and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please follow these instructions in the order given.

===================================================

Uninstall programs

Please uninstall these programs:

Amazon 1Button App
App Explorer


===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner by clicking on Scan
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Please run FRST again in normal mode, not safe mode and make sure there is a checkmark next to "Addition.txt" before you hit “Scan”.

Logs to include with next post:

AdwCleaner log
JRT.txt
New Frst.txt
New Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 DKqwerty

DKqwerty
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Milky Way Galaxy
  • Local time:09:09 AM

Posted 22 June 2016 - 12:18 PM

Thank you so much for your response! Unfortunately, I won't be seeing my brother (and by extension, his laptop) for a few days. Since I don't know how long it will be until I see him and I do have every intention of performing the above actions and posting the logs, I will make sure to comment (not bump, comment) within the next 72 hours so that the thread won't be locked (unless there is a better method for this).

 

As soon as I do have access to the laptop, I'll run the specified software and post the requested logs.

 

(And sorry that I ran FRST in Safe Mode; I didn't realize it would potentially affect the scan, but now it seems obvious.)



#4 satchfan

satchfan

  • Malware Response Team
  • 2,715 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:09 PM

Posted 22 June 2016 - 02:25 PM

I realise that this will be difficult for you under the circumstances so no problem over the delay; as long as you contact me within 3 days, I'll wait until you have time.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 satchfan

satchfan

  • Malware Response Team
  • 2,715 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:09 PM

Posted 25 June 2016 - 03:03 PM

Hi DKqwerty

 

Just posting this to keep the topic open.

 

Try to get back when you can or at least keep me up-to-date.

 

Thanks.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 satchfan

satchfan

  • Malware Response Team
  • 2,715 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:09 PM

Posted 28 June 2016 - 04:23 PM

I'm again posting this to keep the topic open but, if I hear nothing within 3 days, I'll close it and you'll have to start a new topic.

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 satchfan

satchfan

  • Malware Response Team
  • 2,715 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:02:09 PM

Posted 01 July 2016 - 05:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users