Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows Update Does Not Download at All.


  • This topic is locked This topic is locked
5 replies to this topic

#1 Eat68

Eat68

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 23 July 2016 - 02:55 PM

Windows 7 Update Does Not Download at All. Not sure if computer problem or Microsoft Server Problem. All other downloads/streaming works fine on the laptop.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-07-2016 02
Ran by Owner (administrator) on MIT (23-07-2016 11:16:05)
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner (Available Profiles: Owner & Mcx1-MIT & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(IVT Corporation) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(matt.malensek.net) C:\Program Files (x86)\3RVX\3RVX.exe
() C:\Users\Owner\Desktop\NetMeterEvo.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows10Upgrade\Windows10UpgraderApp.exe
(Microsoft Corporation) C:\Users\Owner\Downloads\msert.exe
(Microsoft Corporation) C:\Users\Owner\Downloads\msert.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
(Microsoft Corporation) C:\Windows\System32\rdrleakdiag.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\nacl64.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-24] (IDT, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2396096 2016-03-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [IDTSysTrayApp] => sttray.exe
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-2881311706-2057771952-3169921458-1000\...\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] => C:\Program Files (x86)\NetMeter\NetMeter.exe
HKU\S-1-5-21-2881311706-2057771952-3169921458-1000\...\Run: [3RVX] => C:\Program Files (x86)\3RVX\3RVX.exe [159232 2008-10-14] (matt.malensek.net)
HKU\S-1-5-21-2881311706-2057771952-3169921458-1000\...\Run: [NetMeter Evo] => C:\Users\Owner\Desktop\NetMeterEvo.exe [1192448 2013-08-12] ()
HKU\S-1-5-21-2881311706-2057771952-3169921458-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-2881311706-2057771952-3169921458-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-2881311706-2057771952-3169921458-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175552 2016-03-08] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153392 2016-03-08] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\buShell.dll [2016-06-09] (Symantec Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{D7FF8B93-E014-45E6-AE9B-D6FA42290DB9}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{DC95A504-930A-419E-B5B1-658CB0C5D197}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-11] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-11] (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine64\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\coIEPlg.dll [2016-05-31] (Symantec Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-02-01] (Skype Technologies)
 
FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default
FF Homepage: hxxp://www.bing.com/
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-14] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2011-12-01] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-11] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\searchplugins\safesearch.xml [2014-04-26]
FF Extension: FlashGot - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-03-27]
FF Extension: CSHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2016-05-11]
FF Extension: Ant Video Downloader - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\extensions\anttoolbar@ant.com [2016-05-27]
FF Extension: Flash and Video Download - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2016-06-06]
FF Extension: Personas Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\extensions\personas@christopher.beard.xpi [2016-06-16]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\extensions\artur.dubovoy@gmail.com [2016-06-16]
FF Extension: BlackFox V2-Blue - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\Extensions\zigboom.designs@gmail.com [2016-06-15]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-03-27]
FF Extension: Video DownloadHelper - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\rlf0ldjp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2016-05-31]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon [2016-06-26]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.7.0.76\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-15]
CHR Extension: (Entanglement Web App) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2014-04-15]
CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-26]
CHR Extension: (Facebook) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2014-04-15]
CHR Extension: (Norton Security Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-07-01]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Dark Vibe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2016-04-15]
CHR Extension: (Google Play Music) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2016-07-20]
CHR Extension: (Google Sheets) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-15]
CHR Extension: (PDF Compressor - Smallpdf.com) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gealeehfjeflamgnohlhabaefbfjfjgc [2014-07-20]
CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Flixster) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgbpjlnkjhllfgfdmieompodgaefjcfh [2014-04-15]
CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-11]
CHR Extension: (Poppit!) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2014-07-20]
CHR Extension: (Plants vs Zombies) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2014-04-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-01]
CHR Extension: (Better History) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\obciceimmggglbmelaidpjlmodcebijb [2016-06-07]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-30]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-26]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\Exts\Chrome.crx [2016-06-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 BlueSoleilCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe [1612552 2012-09-26] (IVT Corporation)
R3 BsHelpCS; C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe [146184 2012-09-19] (IVT Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163200 2016-03-29] (NVIDIA Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-04-01] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2011-12-16] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 NS; C:\Program Files (x86)\Norton Security\Engine\22.7.0.76\NS.exe [289080 2016-06-17] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-03-29] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-03-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-03-29] (NVIDIA Corporation)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-30] (Validity Sensors, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\BASHDefs\20160718.001\BHDrvx64.sys [1832176 2016-06-01] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
R3 BtAudioBusSrv; C:\Windows\System32\Drivers\BtAudioBus.sys [23136 2012-06-15] (IVT Corporation)
R1 ccSet_NS; C:\Windows\system32\drivers\NSx64\1607000.04C\ccSetx64.sys [174328 2016-06-01] (Symantec Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-05-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-05-04] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\IPSDefs\20160722.001\IDSvia64.sys [876760 2016-07-07] (Symantec Corporation)
R3 netr28x; C:\Windows\System32\DRIVERS\netr28x.sys [2473616 2014-12-10] (MediaTek Inc.)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-03-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [56384 2016-03-21] (NVIDIA Corporation)
S3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [259688 2011-10-27] (Realtek Semiconductor Corp.)
R1 SRTSP; C:\Windows\System32\Drivers\NSx64\1607000.04C\SRTSP64.SYS [773368 2016-07-20] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NSx64\1607000.04C\SRTSPX64.SYS [48888 2016-06-01] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NSx64\1607000.04C\SYMEFASI64.SYS [1627352 2016-06-01] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [101112 2016-06-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NSx64\1607000.04C\Ironx64.SYS [291056 2016-06-01] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NSx64\1607000.04C\SYMNETS.SYS [567536 2016-06-01] (Symantec Corporation)
U5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [34912 2012-06-15] (Ralink Corporation.)
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160625.006\ENG64.SYS [X]
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.7.0.76\Definitions\SDSDefs\20160625.006\EX64.SYS [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-23 10:24 - 2016-07-23 10:27 - 00029685 _____ C:\Users\Owner\Desktop\Addition.txt
2016-07-23 10:22 - 2016-07-23 11:18 - 00023853 _____ C:\Users\Owner\Desktop\FRST.txt
2016-07-23 10:22 - 2016-07-23 11:16 - 00000000 ____D C:\FRST
2016-07-23 10:20 - 2016-07-23 10:20 - 02394112 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2016-07-23 10:07 - 2016-07-23 10:07 - 30197143 _____ C:\Users\Owner\Downloads\Windows8.1-KB3170106-x86.msu
2016-07-23 10:07 - 2016-07-23 10:07 - 00000000 ___HT C:\Windows\wusa.lock
2016-07-23 10:07 - 2016-07-23 10:07 - 00000000 ____D C:\28bd8c3732d07f4d0e
2016-07-23 09:40 - 2016-07-23 09:45 - 59553168 _____ C:\Users\Owner\Downloads\Priya Rai - Live Nude Dance Performance in Tampa Florida.mp4
2016-07-23 09:30 - 2016-07-23 09:30 - 00001122 _____ C:\Users\Owner\Documents\Reset.cmd
2016-07-23 09:29 - 2016-07-23 09:29 - 00000000 ____D C:\Program Files (x86)\Windows Resource Kits
2016-07-23 09:28 - 2016-07-23 09:30 - 147084048 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\msert.exe
2016-07-23 09:28 - 2016-07-23 09:28 - 00379392 _____ C:\Users\Owner\Downloads\subinacl.msi
2016-07-23 09:06 - 2016-07-23 09:06 - 00000694 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-07-23 09:06 - 2016-07-23 09:06 - 00000682 _____ C:\Users\Owner\Desktop\Windows 10 Upgrade Assistant.lnk
2016-07-23 09:06 - 2016-07-23 09:06 - 00000000 ___HD C:\$GetCurrent
2016-07-23 09:06 - 2016-07-23 09:06 - 00000000 ____D C:\Windows10Upgrade
2016-07-23 09:01 - 2016-07-23 09:01 - 05792848 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\Windows10Upgrade9194.exe
2016-07-22 19:54 - 2016-07-22 19:58 - 173193606 _____ C:\Users\Owner\Downloads\s_Shi.wmv
2016-07-22 18:58 - 2016-07-22 19:18 - 588460178 _____ C:\Users\Owner\Downloads\btaw_diamond_jackson_bb060716_720p_2600.mp4
2016-07-22 18:56 - 2016-07-22 19:24 - 390223770 _____ C:\Users\Owner\Downloads\CNTR2s3-NJ.mp4.rar
2016-07-22 18:39 - 2016-07-22 19:07 - 85654790 _____ C:\Users\Owner\Downloads\OTK1CG180625.rar
2016-07-22 18:29 - 2016-07-22 18:30 - 66620968 _____ C:\Users\Owner\Downloads\OTK1CG181151.rar
2016-07-22 18:26 - 2016-07-22 18:34 - 337505703 _____ C:\Users\Owner\Downloads\PlayboyPlus.16.07.22.Brittany.Kelly.Poolside.Pleasure.XXX.1080p.MP4-KTR.mp4
2016-07-21 22:01 - 2016-07-21 22:02 - 12083170 _____ C:\Users\Owner\Downloads\Mayor_2.rar
2016-07-21 21:58 - 2016-07-21 22:04 - 309379699 _____ C:\Users\Owner\Downloads\Artist_-_ZZ2t.rar
2016-07-21 21:57 - 2016-07-21 22:15 - 940876734 _____ C:\Users\Owner\Downloads\bw9mhjgnydg83jng-7.rar
2016-07-21 21:49 - 2016-07-21 22:11 - 232683894 _____ C:\Users\Owner\Downloads\clip4_1700.wmv
2016-07-21 19:36 - 2016-07-21 19:55 - 1635683640 _____ C:\Users\Owner\Downloads\Exotic4K.Jayden.Lee.720p.mp4
2016-07-21 19:31 - 2016-07-21 20:04 - 1593758551 _____ C:\Users\Owner\Downloads\HardX.16.07.12.Layton.Benton.Her.First.Anal.And.Its.All.Anal.XXX.1080p.MP4-KTR.mp4
2016-07-14 10:47 - 2016-07-14 10:47 - 06079168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2016-07-13 01:38 - 2016-07-13 01:38 - 00000000 ____D C:\Users\Guest\AppData\Local\NVIDIA Corporation
2016-07-13 01:37 - 2016-07-13 01:38 - 00002255 _____ C:\Users\Guest\Desktop\Google Chrome.lnk
2016-07-13 01:37 - 2016-07-13 01:37 - 00088728 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2016-07-13 01:37 - 2016-07-13 01:37 - 00001413 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-07-13 01:37 - 2016-07-13 01:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Synaptics
2016-07-13 01:37 - 2016-07-13 01:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Intel Corporation
2016-07-13 01:37 - 2016-07-13 01:37 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Adobe
2016-07-13 01:37 - 2016-07-13 01:37 - 00000000 ____D C:\Users\Guest\AppData\Local\VirtualStore
2016-07-13 01:37 - 2016-07-13 01:37 - 00000000 ____D C:\Users\Guest\AppData\Local\NVIDIA
2016-07-13 01:37 - 2016-07-13 01:37 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2016-07-13 01:36 - 2016-07-13 23:39 - 00000000 __SHD C:\Users\Guest\IntelGraphicsProfiles
2016-07-13 01:36 - 2016-07-13 01:37 - 00000000 ____D C:\Users\Guest
2016-07-13 01:36 - 2016-07-13 01:36 - 00000020 ___SH C:\Users\Guest\ntuser.ini
2016-07-13 01:36 - 2016-07-13 01:36 - 00000000 _SHDL C:\Users\Guest\My Documents
2016-07-13 01:36 - 2016-07-13 01:36 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2016-07-13 01:36 - 2016-07-13 01:36 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2016-07-13 01:36 - 2016-07-13 01:36 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2016-07-13 01:36 - 2011-04-12 04:28 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Media Center Programs
2016-07-10 20:32 - 2016-07-10 20:32 - 00000068 _____ C:\Users\Owner\Documents\inner.txt
2016-07-06 14:17 - 2016-07-06 15:44 - 1751861170 _____ C:\Users\Owner\Downloads\s1080.mp4
2016-07-05 23:03 - 2016-07-05 23:03 - 00015386 _____ C:\Users\Owner\Downloads\[Empornium]Latina Sex Tapes [December 15, 2015] - Hot Latina Teases with Big Tits Shay - 720p.torrent
2016-07-05 23:01 - 2016-07-06 04:37 - 826279734 _____ C:\Users\Owner\Downloads\btaw_shay_evans_kf011116_720p_2600.mp4
2016-07-05 16:03 - 2016-07-05 16:03 - 00032320 _____ C:\Users\Owner\Downloads\Ride Along 2 (2016) [1080p] [YTS.AG].torrent
2016-07-05 16:03 - 2016-07-05 16:03 - 00026747 _____ C:\Users\Owner\Downloads\Straight Outta Compton (2015) [1080p] [YTS.AG].torrent
2016-07-05 16:03 - 2016-07-05 16:03 - 00022847 _____ C:\Users\Owner\Downloads\The Martian (2015) [1080p] [YTS.AG].torrent
2016-07-05 16:03 - 2016-07-05 16:03 - 00022338 _____ C:\Users\Owner\Downloads\Star Wars- The Force Awakens (2015) [1080p] [YTS.AG].torrent
2016-07-04 22:45 - 2016-07-04 22:47 - 14048682 _____ C:\Users\Owner\Downloads\Dark Gods 03 - FULL.rar
2016-07-04 22:44 - 2016-07-04 22:44 - 00046461 _____ C:\Users\Owner\Downloads\[Empornium]Nathalie HardCor (aka Nat(h)alia Hardcore  Calisi Ink  Angel sky) Various HD (1).torrent
2016-07-04 22:44 - 2016-07-04 22:44 - 00019054 _____ C:\Users\Owner\Downloads\[Empornium][LegalPorno] Facialized 5on1. Calisi Ink get 12 facial after her first airplane DAP, BallDeepAnal&DP GIO186 720p (2016-05-29).torrent
2016-07-04 22:44 - 2016-07-04 22:44 - 00015586 _____ C:\Users\Owner\Downloads\[Empornium]HouseOfTaboo 16.06.23. Calisi Ink - Tied Up And bleeped - A BDSM Businessman’s Dream Cums True XXX.1080p.torrent
2016-07-04 22:44 - 2016-07-04 22:44 - 00011053 _____ C:\Users\Owner\Downloads\[Empornium][Kimholland.nl] Calisi Ink aka. Nathalie Hardcore Anal DP Sandwich 1080p (2).torrent
2016-07-04 22:43 - 2016-07-04 22:43 - 00011053 _____ C:\Users\Owner\Downloads\[Empornium][Kimholland.nl] Calisi Ink aka. Nathalie Hardcore Anal DP Sandwich 1080p (1).torrent
2016-07-04 18:33 - 2016-07-04 18:33 - 00449965 _____ C:\Users\Owner\Downloads\Dave's Ref.pdf
2016-07-04 18:32 - 2016-07-04 18:32 - 01736558 _____ C:\Users\Owner\Downloads\Offer Letter.pdf
2016-07-04 15:34 - 2016-07-04 22:30 - 1073741827 _____ C:\Users\Owner\Downloads\0019.aalyyssaa.Lyynn.geets.heer.Piiee.fiilleed.HD.paart1.rar
2016-07-04 15:34 - 2016-07-04 22:24 - 1073741827 _____ C:\Users\Owner\Downloads\0019.aalyyssaa.Lyynn.geets.heer.Piiee.fiilleed.HD.paart2.rar
2016-07-04 15:34 - 2016-07-04 16:24 - 1588705734 _____ C:\Users\Owner\Downloads\bkb15241-720p.mp4
2016-07-03 20:31 - 2016-07-03 20:47 - 433498092 _____ C:\Users\Owner\Downloads\0019.aalyyssaa.Lyynn.geets.heer.Piiee.fiilleed.HD.paart3.rar
2016-07-02 23:16 - 2016-07-03 00:39 - 207288417 _____ C:\Users\Owner\Downloads\Jacky_Lawless_-_Na_Jungs_Kriegt.flv
2016-07-02 23:16 - 2016-07-02 23:42 - 249292173 _____ C:\Users\Owner\Downloads\I0o5xmJGvxrNkPhLvem1syJhhtAXxvdMJrOvfCZ0c4n6nxNc8UV5Tjm2NcqEA8l9DRtmKd.rar
2016-07-02 23:16 - 2016-07-02 23:41 - 202518425 _____ C:\Users\Owner\Downloads\Jacky_Lawless_-_Teeny_nymphomanisch_und_versaut.flv
2016-07-02 23:16 - 2016-07-02 23:25 - 116526007 _____ C:\Users\Owner\Downloads\Jacky_Lawless_-_Ganz_einfach.flv
2016-07-02 23:14 - 2016-07-02 23:49 - 694330132 _____ C:\Users\Owner\Downloads\fz2h_Magma_Film_Jacky_Lawless_An_Old_Sales_Trick.mp4.rar
2016-07-02 22:22 - 2016-07-02 23:29 - 735543683 _____ C:\Users\Owner\Downloads\plib_kianna_dior_bb050516_720p_2600.mp4
2016-07-01 22:03 - 2016-07-01 22:24 - 960126971 _____ C:\Users\Owner\Downloads\Pr1y4_-_T34ch3r_-_hdef.rar
2016-06-26 13:55 - 2016-06-26 13:55 - 00000000 ____D C:\Windows\System32\Tasks\Norton Security
2016-06-26 13:48 - 2016-06-26 13:48 - 00003216 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-06-26 13:47 - 2016-06-26 13:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security
2016-06-25 14:16 - 2016-06-30 20:28 - 00000502 _____ C:\Users\Owner\Documents\room.txt
2016-06-23 16:12 - 2016-06-23 16:28 - 187330531 _____ C:\Users\Owner\Downloads\Car-WoC.rar
2016-06-23 14:15 - 2016-06-23 14:17 - 58565296 _____ C:\Users\Owner\Downloads\Dark_Adventures.rar
2016-06-23 03:38 - 2016-06-23 03:54 - 815188923 _____ C:\Users\Owner\Downloads\btas_august_taylor_vl030116_720p_2600.mp4
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-23 10:47 - 2016-03-27 17:38 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-23 10:46 - 2014-04-15 18:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-23 10:21 - 2014-10-05 19:24 - 00000000 ____D C:\Users\Owner\Desktop\V
2016-07-23 10:03 - 2009-07-14 00:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-23 10:03 - 2009-07-14 00:45 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-23 09:37 - 2014-04-15 18:30 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc
2016-07-23 09:27 - 2014-04-26 22:06 - 00000000 ____D C:\Users\Owner\Desktop\DL
2016-07-23 08:55 - 2009-07-14 01:13 - 00781790 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-23 08:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-07-23 08:51 - 2014-04-15 18:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-23 08:50 - 2014-09-10 15:01 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles
2016-07-23 08:49 - 2012-09-26 12:53 - 00000932 _____ C:\Windows\SysWOW64\bscs.ini
2016-07-23 08:48 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-22 23:17 - 2014-11-12 01:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Skype
2016-07-22 22:52 - 2014-11-12 01:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-07-22 22:52 - 2014-04-16 01:35 - 00000000 ____D C:\ProgramData\Skype
2016-07-22 21:31 - 2015-12-06 18:13 - 00000000 ____D C:\Windows\System32\Tasks\Remediation
2016-07-22 17:54 - 2014-05-22 22:33 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps
2016-07-14 10:47 - 2016-03-27 17:38 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 10:47 - 2016-03-27 17:38 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 10:47 - 2016-03-27 17:38 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 10:47 - 2014-04-15 21:41 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-14 10:47 - 2014-04-15 21:40 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-13 23:41 - 2016-03-28 15:38 - 00000000 ____D C:\Users\Owner\Desktop\new
2016-07-12 23:57 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-12 11:32 - 2015-11-20 13:52 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-12 11:32 - 2014-12-24 02:00 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-06 12:48 - 2016-04-28 01:26 - 00000000 ____D C:\Users\Owner\Desktop\nhew
2016-07-05 23:04 - 2014-07-19 04:21 - 00000000 ____D C:\Users\Owner\AppData\Roaming\uTorrent
2016-07-03 20:19 - 2014-05-07 23:58 - 00515584 ___SH C:\Users\Owner\Documents\Thumbs.db
2016-06-26 13:48 - 2015-04-20 00:47 - 00000000 ____D C:\Windows\system32\Drivers\NSx64
2016-06-26 00:07 - 2015-04-20 00:49 - 00101112 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-06-26 00:07 - 2015-04-20 00:49 - 00008270 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-06-26 00:07 - 2014-04-25 16:38 - 00000000 ____D C:\ProgramData\Norton
2016-06-26 00:06 - 2014-04-25 16:38 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-06-23 14:18 - 2015-05-02 04:02 - 00000000 ____D C:\Users\Owner\Desktop\end
 
==================== Files in the root of some directories =======
 
2014-07-10 02:16 - 2014-07-10 02:16 - 2174976 _____ (Advanced Micro Devices Inc.) C:\Program Files (x86)\Common Files\atimpenc.dll
2014-11-16 20:18 - 2015-12-16 02:59 - 0007680 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-05-07 23:59 - 2015-05-14 12:23 - 0004096 ____H () C:\Users\Owner\AppData\Local\keyfile3.drm
2014-04-21 03:41 - 2014-11-03 15:15 - 0007605 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Owner\AppData\Local\Temp\Uninstall.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-19 09:20
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:21 AM

Posted 27 July 2016 - 05:00 AM

Eat68:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall.  I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal  Instructor.  This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic.  That could take a few days.  Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Graduate of the Bleeping Computer Malware Removal Study Hall


#3 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:21 AM

Posted 30 July 2016 - 12:12 PM

Eat68:

Thank you for your patience while I analyzed your FRST logs and consulted with the Malware Response Instructor assigned to supervise me while I deal with your issues.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. I see from the logs that you have uTorrent installed! P2P software is a major security risk to your computer and may have been the route the malware used to infect your computer. Please do not use any P2P software until we are finished with diagnosing and repairing your computer.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

.

OK, let's get started ...

.

:step1: I would like to obtain some more information about an uncommon file and a folder that I noted in your FRST logs before we start the malware scans.

Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the Desktop.

NOTE: It's important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste it into your reply.

File:  C:\Windows\wusa.lock
Folder:  C:\28bd8c3732d07f4d0e

.


:step2: Please download Rkill by Grinler from one of the 3 links below (if one of them does not work, try another...) and save it to your desktop:

  • rkill.scr
  • rkill.com
  • rkill.exe
  • In order for Rkill to run properly you must disable your anti-malware software. Please refer to this page if you are not sure how.
  • Double-click on Rkill. (If you are using Windows Vista or above, please right-click on it and select Run As Administrator.)
  • Note: You may have to run Rkill a few times before it is successful. As a reminder, you may also have to download Rkill from a different link which will save it as a different file name.
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • An Rkill.log will appear. Please copy and paste the contents in your reply (the file is also located at c:\rkill.log)
  • Do not reboot your computer after running Rkill as the malware programs will start again. If your computer reboots, run Rkill again before continuing on to the next step.
  • If nothing happens or if the tool does not run, please let me know in your next reply.

.


:step3: Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

.


:step4: ESET Online Scanner using Internet Explorer:

Note 1: These instructions are for Internet Explorer only! If you're using Chrome or Firefox, you will need to download and install the ESET Smart Installer tool before it can scan. See instructions here.
Note 2: You will need to disable your currently installed Anti-Virus, how to do so can be found here.

  • Download esetsmartinstaller_enu.exe and save it to your Desktop.
  • Double click the icon.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Click Advanced settings.
  • Check the following items.

Enable detection of potentially unwanted applications.
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Change next to Current scan targets:
  • Place a check mark in any additional drive you wish to scan then click OK.
  • Click Start.
  • ESET will then download updates and begin scanning your computer.
  • If no threats are found simply click Uninstall application on close and hit Finish.
  • If threats are found click List of found threats.
  • Click Export to text file.
  • Save the file on your Desktop as ESET.txt.
  • Click Back.
  • Check Uninstall application on close and Delete quarantined files.
  • Click Finish.
  • Close the ESET Online Scanner window.
  • Copy and paste the contents of ESET.txt into your reply.

*** Please remember to re-enable your protection software after the scan is completed ***

.


:step5: Please provide me with a fresh set of FRST logs. Please ensure that "Addition.txt" is checked (by default, it is only checked the first time that FRST is run, so it is necessary to manually check it for subsequent runs).
Please copy and paste both the FRST.txt and Addition.txt files into your next reply.

.


:step6: Please copy and paste the following logs into your next reply:

  • Fixlog.txt;
  • RKlll log;
  • TDSSKiller log;
  • ESET scan log;
  • FRST.txt; and,
  • Addition.txt.

.

Thank you and have a great day.

Regards,
-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,917 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:05:21 AM

Posted 02 August 2016 - 04:58 AM

Eat68:

 

I have not heard from you in three days.  Do you still require assistance?

 

If I haven't heard from you in another two days, I will ask a Moderator to conclude this topic, in accordance with the rules of this Forum.

 

Thank you and have a great day.

 

Regards,

-Phil


Graduate of the Bleeping Computer Malware Removal Study Hall


#5 Eat68

Eat68
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:21 AM

Posted 02 August 2016 - 07:10 PM

Sorry all,

 

Started new professional job and have been very busy and tired.

 

Computer is all fine. 

 

Thanks!



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:01:21 AM

Posted 03 August 2016 - 08:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users