Jump to content

Infected Latitude: Spontaneously Dies, Wonky Screen


Recommended Posts

Hello all,

My wife's Dell Latitude e6420 (Windows 7 Professional) was recently infected with some kind of hijack bug. She doesn't think she downloaded anything or ran any programs, but one of the sites she visited did redirect her to an unknown site where it apparently told her she needed to download something. She declined and exited the browser. Being suspicious of re-directs, she ran MalwareBytes and it found about a dozen low level advertising threats and 4-5 "HiJack" threats lurking in the drivers folder. She had MalwareBytes remove the infection and that's when the problems started.

After the restart, the computer hung about halfway through the BIOS splash screen. She power cycled and it loaded to windows but then randomly shut down. She had me look at it and so far I've managed to make it to windows but whenever I try a system restore or running a virus scan, the screen goes kind of funky for a few seconds and then everything locks up. It also randomly powers off. System restore from the boot menu failed and trying to start in safe mode just causes it to hang. 

Not sure the best way to proceed here. In the long past, I remember booting from a CD with Knoppix and doing recovery that way... but it's been years since I've had to deal with such a stubborn and insidious infection. Before I go further I wanted to see what the pros say...

 

Thank you!

Link to post
Share on other sites

Thank you for your quick reply. I will generate these tomorrow and post back here. In the meantime, it usually goes through BIOS just fine. It's only hung there twice and I did perform the factory pre-boot diagnostics from the BIOS menu, including the lengthy memory checks and everything came back normal, for what it's worth.

Link to post
Share on other sites

  • Root Admin

Please uninstall the "McAfee Security Scan Plus". I'd also highly suggest uninstalling uTorrent and stop using it. Not only illegal for most usage but an avenue directly into your computer for possible infections.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

 

fixlist.txt

Thanks

 

Link to post
Share on other sites

  • Root Admin

Please restart the computer first and then run the following steps and post back the logs when ready.

STEP 01
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus

STEP 02
Let's clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista / Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done, you'll see: Pending: Please uncheck elements you don't want to be removed.
  • Now click on the Report button and a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look at the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up, click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want to be restored > now click on Restore.

STEP 03
Download Sophos Free Virus Removal Tool and save it to your desktop.
 

  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View Log file (bottom left-hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
  • If no threats were found, please confirm that result.

STEP 04
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Link to post
Share on other sites

Step 1:

JRT.txt attached to this post

Step 2:

Quote

# AdwCleaner v6.000 - Logfile created 14/08/2016 at 20:09:49
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-13.3 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Erin - ERIN-PC
# Running from : C:\Users\Erin\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\Erin\AppData\Roaming\gplyra
[-] Folder deleted: C:\Program Files (x86)\mpck
[-] Folder deleted: C:\uninst


***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [886 Bytes] - [14/08/2016 20:09:49]
C:\AdwCleaner\AdwCleaner[S0].txt - [1234 Bytes] - [14/08/2016 20:02:31]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1031 Bytes] ##########

Step 3 and 4 to follow shortly...

JRT.txt

Link to post
Share on other sites

Step 3: No threats found

Step 4: 

Quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-08-2016
Ran by Erin (administrator) on ERIN-PC (14-08-2016 20:46:32)
Running from C:\Users\Erin\Desktop
Loaded Profiles: Erin (Available Profiles: Erin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1095688101-178094959-3873025043-1001\...\Run: [GoogleChromeAutoLaunch_E36124937FA7D203A247ED42C024CD31] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [961352 2016-08-02] (Google Inc.)
HKU\S-1-5-21-1095688101-178094959-3873025043-1001\...\MountPoints2: {ad05a30a-3184-11e5-9cf3-806e6f6e6963} - D:\install.EXE id= ver=1.0.0.0

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{A4D64899-6572-4549-A38F-BDFAAB975BF1}: [DhcpNameServer] 4.2.2.2
Tcpip\..\Interfaces\{DEC2D32B-4CE8-48A7-BB8E-A86D58D72BDD}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-07-03] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-07-03] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-03] (Microsoft Corporation)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [2016-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [2016-02-05] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)

Chrome: 
=======
CHR Profile: C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-25]
CHR Extension: (Google Docs) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-25]
CHR Extension: (Google Drive) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-25]
CHR Extension: (YouTube) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-25]
CHR Extension: (Google Search) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-25]
CHR Extension: (Google Sheets) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-25]
CHR Extension: (Google Docs Offline) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-07]
CHR Extension: (Pinterest Save Button) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-08-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-07]
CHR Extension: (Gmail) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-25]
CHR Extension: (Chrome Media Router) - C:\Users\Erin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-06]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2854640 2016-07-03] (Microsoft Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-05-21] (Advanced Micro Devices, Inc.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-08-14] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation)
S3 nwdelgobi3kfilter; C:\Windows\system32\drivers\nwdelgobi3kfilter.sys [34304 2011-05-10] (Novatel Wireless Inc)
S3 nwdelgobirmnet; C:\Windows\System32\DRIVERS\nwdelgobirmnet.sys [296960 2011-05-10] (QUALCOMM Incorporated)
S3 nwdelserial; C:\Windows\system32\drivers\nwdelserial.sys [234112 2011-05-10] (Novatel Wireless Inc.)
R3 O2MDFRDR; C:\Windows\system32\drivers\O2MDFxpx64.sys [71968 2011-01-04] (O2Micro )
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [268800 2014-01-28] (Jungo Connectivity)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-14 20:46 - 2016-08-14 20:46 - 00000000 ____D C:\Users\Erin\Desktop\FRST-OlderVersion
2016-08-14 20:45 - 2016-08-14 20:45 - 02394624 _____ (Farbar) C:\Users\Erin\Downloads\FRST64 (1).exe
2016-08-14 20:20 - 2016-08-14 20:20 - 00000000 ____D C:\ProgramData\Sophos
2016-08-14 20:19 - 2016-08-14 20:19 - 00002759 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-08-14 20:19 - 2016-08-14 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-08-14 20:19 - 2016-08-14 20:19 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-08-14 20:17 - 2016-08-14 20:18 - 150900400 _____ (Sophos Limited) C:\Users\Erin\Desktop\Sophos Virus Removal Tool.exe
2016-08-14 20:01 - 2016-08-14 20:09 - 00000000 ____D C:\AdwCleaner
2016-08-14 20:01 - 2016-08-14 20:01 - 03784256 _____ C:\Users\Erin\Desktop\AdwCleaner.exe
2016-08-14 19:59 - 2016-08-14 19:59 - 00002090 _____ C:\Users\Erin\Desktop\JRT.txt
2016-08-14 19:57 - 2016-08-14 19:57 - 01610560 _____ (Malwarebytes) C:\Users\Erin\Desktop\JRT.exe
2016-08-10 08:21 - 2016-08-02 10:54 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-08-10 08:21 - 2016-08-02 10:08 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-08-10 08:21 - 2016-08-02 02:54 - 25808384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-08-10 08:21 - 2016-08-02 02:47 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-08-10 08:21 - 2016-08-02 02:47 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-08-10 08:21 - 2016-08-02 02:32 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-08-10 08:21 - 2016-08-02 02:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-08-10 08:21 - 2016-08-02 02:31 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-08-10 08:21 - 2016-08-02 02:31 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-08-10 08:21 - 2016-08-02 02:31 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-08-10 08:21 - 2016-08-02 02:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-08-10 08:21 - 2016-08-02 02:24 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-08-10 08:21 - 2016-08-02 02:23 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-08-10 08:21 - 2016-08-02 02:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-08-10 08:21 - 2016-08-02 02:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-08-10 08:21 - 2016-08-02 02:19 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-08-10 08:21 - 2016-08-02 02:18 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-08-10 08:21 - 2016-08-02 02:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-08-10 08:21 - 2016-08-02 02:18 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-08-10 08:21 - 2016-08-02 02:11 - 00969216 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-08-10 08:21 - 2016-08-02 02:08 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-08-10 08:21 - 2016-08-02 02:03 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-08-10 08:21 - 2016-08-02 02:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-08-10 08:21 - 2016-08-02 01:59 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-08-10 08:21 - 2016-08-02 01:56 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-08-10 08:21 - 2016-08-02 01:55 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-08-10 08:21 - 2016-08-02 01:54 - 20343808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-08-10 08:21 - 2016-08-02 01:53 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-08-10 08:21 - 2016-08-02 01:51 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-08-10 08:21 - 2016-08-02 01:51 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-08-10 08:21 - 2016-08-02 01:51 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-08-10 08:21 - 2016-08-02 01:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-08-10 08:21 - 2016-08-02 01:51 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-08-10 08:21 - 2016-08-02 01:50 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-08-10 08:21 - 2016-08-02 01:47 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-08-10 08:21 - 2016-08-02 01:45 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-08-10 08:21 - 2016-08-02 01:44 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-08-10 08:21 - 2016-08-02 01:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-08-10 08:21 - 2016-08-02 01:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-08-10 08:21 - 2016-08-02 01:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-08-10 08:21 - 2016-08-02 01:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-08-10 08:21 - 2016-08-02 01:40 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-08-10 08:21 - 2016-08-02 01:38 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-08-10 08:21 - 2016-08-02 01:38 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-08-10 08:21 - 2016-08-02 01:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-08-10 08:21 - 2016-08-02 01:36 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-08-10 08:21 - 2016-08-02 01:33 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-08-10 08:21 - 2016-08-02 01:29 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-08-10 08:21 - 2016-08-02 01:28 - 15412224 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-08-10 08:21 - 2016-08-02 01:28 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-08-10 08:21 - 2016-08-02 01:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-08-10 08:21 - 2016-08-02 01:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-08-10 08:21 - 2016-08-02 01:24 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-08-10 08:21 - 2016-08-02 01:23 - 02868224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-08-10 08:21 - 2016-08-02 01:22 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-08-10 08:21 - 2016-08-02 01:21 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-08-10 08:21 - 2016-08-02 01:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-08-10 08:21 - 2016-08-02 01:15 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-08-10 08:21 - 2016-08-02 01:14 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-08-10 08:21 - 2016-08-02 01:14 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-08-10 08:21 - 2016-08-02 01:11 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-08-10 08:21 - 2016-08-02 01:10 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-08-10 08:21 - 2016-08-02 00:59 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-08-10 08:21 - 2016-08-02 00:56 - 02393088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-08-10 08:21 - 2016-08-02 00:53 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-08-10 08:21 - 2016-08-02 00:51 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-08-10 08:21 - 2016-07-08 11:37 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-08-10 08:21 - 2016-07-08 11:37 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-08-10 08:21 - 2016-07-08 11:32 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00343552 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-08-10 08:21 - 2016-07-08 11:32 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-08-10 08:21 - 2016-07-08 11:17 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-08-10 08:21 - 2016-07-08 11:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-08-10 08:21 - 2016-07-08 11:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-08-10 08:21 - 2016-07-08 11:03 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-08-10 08:21 - 2016-07-08 11:01 - 03218944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-08-10 08:21 - 2016-07-08 10:57 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-08-10 08:21 - 2016-07-08 10:56 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-08-10 08:21 - 2016-07-08 10:56 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-08-10 08:21 - 2016-07-08 10:55 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-08-10 08:21 - 2016-07-08 10:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-08-10 08:21 - 2016-07-08 10:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-08-09 19:29 - 2016-08-14 20:14 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-08-09 19:29 - 2016-08-09 19:29 - 00001109 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-08-09 19:29 - 2016-08-09 19:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-08-09 19:29 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-08-09 19:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-08-09 19:29 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-08-09 19:28 - 2016-08-09 19:29 - 22851472 _____ (Malwarebytes ) C:\Users\Erin\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-09 19:28 - 2016-08-09 19:28 - 08136664 _____ (Piriform Ltd) C:\Users\Erin\Downloads\ccsetup520.exe
2016-08-09 19:28 - 2016-08-09 19:28 - 00002786 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2016-08-09 19:28 - 2016-08-09 19:28 - 00000829 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-08-09 19:23 - 2016-08-14 20:46 - 02394624 _____ (Farbar) C:\Users\Erin\Desktop\FRST64.exe
2016-08-09 19:23 - 2016-08-09 19:23 - 00002721 _____ C:\Users\Erin\Desktop\Fixlog.txt
2016-08-09 19:21 - 2016-08-09 19:21 - 02393600 _____ (Farbar) C:\Users\Erin\Downloads\FRST64.exe
2016-08-08 18:10 - 2016-08-08 18:10 - 00008763 _____ C:\Users\Erin\Desktop\CheckResults.txt
2016-08-08 18:09 - 2016-08-08 18:09 - 00023414 _____ C:\Users\Erin\Desktop\Addition.txt
2016-08-08 18:08 - 2016-08-14 20:46 - 00010684 _____ C:\Users\Erin\Desktop\FRST.txt
2016-08-08 18:07 - 2016-08-14 20:46 - 00000000 ____D C:\FRST
2016-08-07 22:01 - 2016-08-07 22:01 - 00000000 _____ C:\Users\Erin\AppData\Local\{ED6E8F1B-352B-4F1B-A397-344E733BEBA0}
2016-08-06 17:42 - 2016-08-06 17:42 - 00000042 _____ C:\Users\Erin\Documents\WindScribeAccountInfo.txt
2016-08-06 17:39 - 2016-08-06 17:49 - 00000000 ____D C:\Users\Erin\Downloads\Interstellar (2014) (2014) [1080p]
2016-08-01 12:28 - 2016-08-01 12:28 - 00029605 _____ C:\Users\Erin\Downloads\likejsus.mid
2016-07-31 21:34 - 2016-07-31 21:34 - 00000000 ____D C:\Users\Erin\Desktop\Book 02 - Harry Potter and the Chamber of Secrets
2016-07-31 21:23 - 2016-07-31 21:24 - 00000000 ____D C:\Users\Erin\Desktop\Book 3. Harry Potter & the Prisoner of Azkaban
2016-07-31 21:23 - 2016-07-31 21:23 - 00000000 ____D C:\Users\Erin\Desktop\Harry Potter And The Chamber Of Secrets Audiobook Jim Dale ameyk123
2016-07-31 10:43 - 2016-08-09 19:28 - 00000000 ____D C:\Program Files\CCleaner
2016-07-31 10:43 - 2016-07-31 10:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-07-30 11:32 - 2016-07-30 11:32 - 00000000 ____D C:\Windows\system32\eoob
2016-07-30 11:26 - 2016-08-09 19:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-07-30 11:26 - 2016-07-30 11:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-07-30 10:35 - 2016-07-30 10:35 - 00000000 ____D C:\Windows\system32\kabs
2016-07-30 10:35 - 2016-07-30 10:35 - 00000000 ____D C:\Windows\system32\baek
2016-07-30 10:34 - 2016-07-30 11:33 - 00000000 ____D C:\Users\Erin\AppData\Roaming\VuudluAsaqv
2016-07-30 10:34 - 2016-07-30 11:33 - 00000000 ____D C:\Users\Erin\AppData\Roaming\Reveruxm
2016-07-30 10:34 - 2016-07-30 11:33 - 00000000 ____D C:\Users\Erin\AppData\Roaming\Cyabog
2016-07-30 10:34 - 2016-07-30 11:15 - 00000000 ____D C:\Windows\system32\SSL
2016-07-30 10:34 - 2016-07-30 10:34 - 00000000 ___HD C:\Users\Erin\AppData\Local\SatakMalwareBusterSetup
2016-07-30 10:34 - 2016-07-30 10:34 - 00000000 ____D C:\Users\Erin\AppData\Local\Tempfolder
2016-07-30 10:29 - 2016-07-30 10:29 - 07129600 _____ C:\Users\Erin\AppData\Roaming\agent.dat
2016-07-30 10:29 - 2016-07-30 10:29 - 00018432 _____ C:\Users\Erin\AppData\Roaming\Main.dat
2016-07-30 10:29 - 2016-07-30 10:29 - 00000000 ____D C:\Users\Erin\AppData\Roaming\Mozilla
2016-07-30 10:28 - 2016-07-30 10:28 - 00129024 _____ C:\Users\Erin\AppData\Roaming\Installer.dat
2016-07-30 10:28 - 2016-07-30 10:28 - 00000000 _____ C:\Users\Erin\AppData\Local\7(Standard
2016-07-28 22:09 - 2016-07-28 22:09 - 00271270 _____ C:\Users\Erin\Documents\Hawaiin VacationRev3-clockwise2.xlsx
2016-07-28 22:08 - 2016-07-28 22:08 - 00270867 _____ C:\Users\Erin\Downloads\Hawaiin VacationRev3 (1).xlsx
2016-07-19 14:24 - 2016-07-19 14:24 - 00160551 _____ C:\Users\Erin\Downloads\TaxDocument.pdf
2016-07-19 14:23 - 2016-07-19 14:23 - 00062782 _____ C:\Users\Erin\Downloads\Tax Document (1).pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-08-14 20:35 - 2015-12-25 16:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-14 20:19 - 2009-07-14 00:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-14 20:19 - 2009-07-14 00:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-14 20:16 - 2009-07-14 01:13 - 00781562 _____ C:\Windows\system32\PerfStringBackup.INI
2016-08-14 20:16 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-08-14 20:11 - 2015-12-25 16:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-14 20:11 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-14 19:55 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\NDF
2016-08-14 19:19 - 2016-02-27 20:53 - 00000000 ____D C:\Users\Erin\AppData\Roaming\vlc
2016-08-13 03:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-08-13 03:16 - 2009-07-14 00:45 - 00437848 _____ C:\Windows\system32\FNTCACHE.DAT
2016-08-09 19:17 - 2016-01-03 16:53 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-08-09 19:14 - 2016-01-24 21:01 - 00000000 ____D C:\Users\Erin\AppData\Roaming\uTorrent
2016-08-08 23:38 - 2015-12-25 16:13 - 00002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 23:38 - 2015-12-25 16:13 - 00002190 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 02:07 - 2016-07-06 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-08-08 02:07 - 2016-05-07 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atmel
2016-08-08 02:07 - 2016-02-27 20:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-08 02:07 - 2016-01-03 17:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series User Registration
2016-08-08 02:07 - 2016-01-03 16:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series Manual
2016-08-08 02:07 - 2014-12-01 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-08 02:07 - 2014-11-29 12:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2016-08-08 02:07 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-08-08 02:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\registration
2016-08-08 02:07 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\AppCompat
2016-08-08 02:06 - 2015-12-25 16:12 - 00000000 ____D C:\Users\Erin\AppData\Local\Google
2016-08-08 02:06 - 2015-12-25 16:12 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-07 22:32 - 2015-12-25 16:10 - 00000000 ____D C:\Users\Erin
2016-07-31 10:44 - 2014-12-01 08:58 - 00000000 ____D C:\Windows\Panther
2016-07-30 11:21 - 2015-12-25 16:12 - 00000000 ____D C:\Users\Erin\AppData\Local\Deployment
2016-07-28 18:30 - 2015-12-25 16:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 18:30 - 2015-12-25 16:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-28 17:45 - 2015-12-28 17:03 - 00065802 _____ C:\Users\Erin\Downloads\Luau.xlsx
2016-07-26 14:24 - 2010-11-20 23:27 - 00504488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-07-19 09:32 - 2015-12-25 17:22 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-19 09:31 - 2015-12-25 17:22 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

==================== Files in the root of some directories =======

2016-07-30 10:29 - 2016-07-30 10:29 - 7129600 _____ () C:\Users\Erin\AppData\Roaming\agent.dat
2016-07-30 10:28 - 2016-07-30 10:28 - 0129024 _____ () C:\Users\Erin\AppData\Roaming\Installer.dat
2016-07-30 10:29 - 2016-07-30 10:29 - 0018432 _____ () C:\Users\Erin\AppData\Roaming\Main.dat
2016-07-30 10:28 - 2016-07-30 10:28 - 0000000 _____ () C:\Users\Erin\AppData\Local\7(Standard
2016-08-07 22:01 - 2016-08-07 22:01 - 0000000 _____ () C:\Users\Erin\AppData\Local\{ED6E8F1B-352B-4F1B-A397-344E733BEBA0}

Some files in TEMP:
====================
C:\Users\Erin\AppData\Local\Temp\libeay32.dll
C:\Users\Erin\AppData\Local\Temp\msvcr120.dll
C:\Users\Erin\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-07 23:11

==================== End of FRST.txt ============================

 

Link to post
Share on other sites

  • Root Admin

At this time there are no more signs of an infection on your system.
However if you are still seeing any signs of an infection please let me know.

Let's go ahead and remove the tools and logs we've used during this process.

Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time.
They are often updated daily so if you went to use them again in the future they would be outdated anyways.

The following procedures will implement some cleanup procedures to remove these tools.
 
bwebb7v.jpgDownload Delfix from here and save it to your desktop. (you may already have this)

  • Ensure Remove disinfection tools is checked.
  • Click the Run button.
  • Reboot


Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete)
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.


 
If there are any other left over Folders, Files, Logs then you can delete them on your own.
 
Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.
How to Delete System Protection Restore Points in Windows 7 and Windows 8

Remove all but the most recent Restore Point on Windows XP


As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsers
How do I disable Java in my web browser? - Disable Java

A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data.
Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor.


If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection.

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.