Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Win10 upgrade, "Win Command Processor"?

This is a discussion on Win10 upgrade, "Win Command Processor"? within the Resolved HJT Threads forums, part of the Tech Support Forum category. This problem is very similar to the one described in thread: https://www.techsupportforum.com/foru...p-1046785.html HP Pavilion g6 laptop purchased with Win8 now


 
 
Thread Tools Search this Thread
Old 12-02-2015, 07:26 AM   #1
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



This problem is very similar to the one described in thread:
https://www.techsupportforum.com/foru...p-1046785.html

HP Pavilion g6 laptop purchased with Win8 now upgraded to Win10, running Norton Antivirus.

Norton Startup Manager lists "Windows Command Processor", and when I deselect it, it re-selects when I click on APPLY.

Win10 task manager does not show this task in the Startup list.

No noticable symptoms, but I was wondering if it was some kind of infection.

Following the advice given to the member in the thread mentioned above, I downloaded and ran FRST, then ran it again with the fixlist. The problem persists.

Any advice would be greatly appreciated.
Andy Kay is offline  
Sponsored Links
Advertisement
 
Old 12-02-2015, 01:37 PM   #2
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



Just updated to version 1511-10586 and now have "Windows Command Processor" TWICE in the Norton Startup list.
Andy Kay is offline  
Old 12-07-2015, 10:36 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Delete your existing copy of FRST.

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 12-07-2015, 12:04 PM   #4
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



Thank you for welcome and for your interest in my problem chemist.
Quote:
Originally Posted by chemist View Post
Please download AdwCleaner from here and save it to your desktop.[list][*]Run AdwCleaner and select Scan
I downloaded AdwCleaner, but when I tried to run it, Norton SONAR deleted it as a security risk. Should I turn off Norton SONAR protection for the duration of the scan?

Quote:
Delete your existing copy of FRST.
FRST does not appear in the list of installed programs, so I don't know how to uninstall it.
Andy Kay is offline  
Old 12-07-2015, 05:11 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Yes, turn off Norton and let AdwCleaner run, it is a legit application.

And, FRST doesn't uninstall. Just delete it from your desktop or wherever you saved it.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2015, 01:11 AM   #6
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



Quote:
Originally Posted by chemist View Post
Yes, turn off Norton and let AdwCleaner run, it is a legit application.

AdwCleaner had been quarantined after the restart, but the log it produced was available. Consequently I'm unsure as to whether or not AdwCleaner was able to complete its work, but here is the log anyway:


# AdwCleaner v5.024 - Logfile created 08/12/2015 at 05:43:17
# Updated 07/12/2015 by Xplode
# Database : 2015-12-07.3 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Andy K - ANDY
# Running from : C:\Users\Andy K\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\FreeHDSport.TV
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\Babylon
[-] Folder Deleted : C:\Users\Andy K\AppData\Local\FileTypeAssistant
[-] Folder Deleted : C:\Users\Andy K\AppData\Roaming\Babylon
[-] Folder Deleted : C:\Users\Andy K\AppData\Roaming\Systweak
[-] Folder Deleted : C:\Users\Andy K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender

***** [ Files ] *****

[-] File Deleted : C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage
[-] File Deleted : C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_uk.ask.com_0.localstorage-journal
[-] File Deleted : C:\Users\Andy K\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
[-] Key Deleted : HKCU\Software\5355d8dde63def12
[-] Key Deleted : HKLM\SOFTWARE\5355d8dde63def12
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
[-] Key Deleted : HKCU\Software\Bitberry
[-] Key Deleted : HKCU\Software\FileTypeAssistant
[-] Key Deleted : HKCU\Software\InstalledBrowserExtensions
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
[-] Key Deleted : HKU\.DEFAULT\Software\VNT
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

***** [ Web browsers ] *****

[-] [C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : uk.ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2326 bytes] ##########


Quote:
And, FRST doesn't uninstall. Just delete it from your desktop or wherever you saved it.
Attached Files
File Type: txt Addition.txt (32.5 KB, 17 views)
Andy Kay is offline  
Old 12-08-2015, 05:47 AM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Andy Kay. It appears you didn't post the FRST.txt log in your last reply.

It should be on your desktop. I need to see it before we can proceed.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2015, 07:08 AM   #8
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



Quote:
Originally Posted by chemist View Post
Hello Andy Kay. It appears you didn't post the FRST.txt log in your last reply.

It should be on your desktop. I need to see it before we can proceed.

------------------------------------------------------
Apologies for my omission.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-12-2015
Ran by Andy K (administrator) on ANDY (08-12-2015 07:56:06)
Running from C:\Users\Andy K\Desktop
Loaded Profiles: Andy K (Available Profiles: Andy K & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15361.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-05-30] (IDT, Inc.)
HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-08-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [36713096 2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy K\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-12-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy K\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-12-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy K\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\amd64\FileSyncShell64.dll [2015-12-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-11-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Andy K\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-12-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Andy K\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-12-02] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Andy K\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileSyncShell.dll [2015-12-02] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{0224e2d8-61ab-4f1c-9bb8-80cdbf85ca43}: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{c5342b2b-e2ad-4c65-80d3-ee10ac995c4c}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT13/2
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT13/2
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3695692278-1667467862-1095516362-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=nis&pvid=21.7.0.11
HKU\S-1-5-21-3695692278-1667467862-1095516362-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome
HKU\S-1-5-21-3695692278-1667467862-1095516362-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3695692278-1667467862-1095516362-1002\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3695692278-1667467862-1095516362-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3695692278-1667467862-1095516362-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/2
SearchScopes: HKLM -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3695692278-1667467862-1095516362-1002 -> {00FFC827-6B2B-4007-91B2-D317BD4A2E22} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-3695692278-1667467862-1095516362-1002 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\S-1-5-21-3695692278-1667467862-1095516362-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL [2001-01-22] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Andy K\AppData\Roaming\Mozilla\Firefox\Profiles\i6x8iicv.default-1443219810610
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_245.dll [2015-11-10] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll [2015-11-10] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin HKU\S-1-5-21-3695692278-1667467862-1095516362-1002: hp.com/HPDetect -> C:\Users\Andy K\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF SearchPlugin: C:\Users\Andy K\AppData\Roaming\Mozilla\Firefox\Profiles\i6x8iicv.default-1443219810610\searchplugins\norton-safe-search.xml [2015-11-08]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2015-11-26] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon

Chrome:
=======
CHR Profile: C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Ask Toolbar) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajabnoiehionljhjpclogplgillib [2014-02-22]
CHR Extension: (Google Docs) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-31]
CHR Extension: (Google Drive) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-26]
CHR Extension: (YouTube) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-04-14]
CHR Extension: (Google) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-04-04]
CHR Extension: (Ask Toolbar) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-22]
CHR Extension: (Google Wallet) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (Gmail) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-25]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2015-11-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-09-10] (Advanced Micro Devices, Inc.) [File not signed]
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-28] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-11-28] (Dropbox, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2259224 2015-11-24] (IBM Corp.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-09-06] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20151113.001\BHDrvx64.sys [1665608 2015-10-21] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-18] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-18] (Symantec Corporation)
S3 HP8207_8307; C:\Windows\System32\drivers\HP8207_8307.sys [15360 2010-02-04] (Windows (R) Win 7 DDK provider)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20151205.001\IDSvia64.sys [767224 2015-12-04] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151207.023\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20151207.023\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
R1 RapportCerberus_1507079; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1507079.sys [961880 2015-12-08] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [502904 2015-11-24] (IBM Corp.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [141304 2015-11-24] (IBM Corp.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [396152 2015-11-24] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [496408 2015-11-24] (IBM Corp.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-11-11] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30384 2015-06-18] (HP Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 07:56 - 2015-12-08 07:58 - 00025066 _____ C:\Users\Andy K\Desktop\FRST.txt
2015-12-08 07:54 - 2015-12-08 07:55 - 02369024 _____ (Farbar) C:\Users\Andy K\Desktop\FRST64.exe
2015-12-08 05:40 - 2015-12-08 05:43 - 00000000 ____D C:\AdwCleaner
2015-12-05 07:57 - 2015-12-05 07:57 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-04 06:53 - 2015-11-22 10:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-04 06:53 - 2015-11-22 10:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-04 06:53 - 2015-11-22 10:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-04 06:53 - 2015-11-22 10:41 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-04 06:53 - 2015-11-22 10:34 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-04 06:53 - 2015-11-22 10:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-04 06:53 - 2015-11-22 10:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-04 06:53 - 2015-11-22 10:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-04 06:53 - 2015-11-22 09:56 - 22394880 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-04 06:53 - 2015-11-22 09:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-04 06:53 - 2015-11-22 09:52 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-04 06:53 - 2015-11-22 09:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-04 06:53 - 2015-11-22 09:43 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-04 06:53 - 2015-11-22 09:42 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-04 06:53 - 2015-11-22 09:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-04 06:53 - 2015-11-22 09:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-04 06:53 - 2015-11-22 09:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-04 06:53 - 2015-11-22 09:41 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-04 06:53 - 2015-11-22 09:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-04 06:53 - 2015-11-22 09:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-04 06:53 - 2015-11-22 09:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-04 06:53 - 2015-11-22 09:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-04 06:53 - 2015-11-22 09:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-04 06:53 - 2015-11-22 09:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-04 06:53 - 2015-11-22 09:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-04 06:53 - 2015-11-22 09:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-04 06:53 - 2015-11-22 09:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-04 06:53 - 2015-11-22 09:33 - 13380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-04 06:53 - 2015-11-22 09:33 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-04 06:53 - 2015-11-22 09:30 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-04 06:53 - 2015-11-22 09:30 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-04 06:53 - 2015-11-22 09:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-04 06:53 - 2015-11-22 09:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-04 06:53 - 2015-11-22 09:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-04 06:53 - 2015-11-22 09:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-04 06:53 - 2015-11-22 09:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-04 06:53 - 2015-11-22 09:24 - 12124672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-04 06:53 - 2015-11-22 09:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-04 06:53 - 2015-11-22 09:24 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-04 06:53 - 2015-11-22 09:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-04 06:53 - 2015-11-22 09:19 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-04 06:53 - 2015-11-22 09:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-04 06:53 - 2015-11-22 09:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-04 06:53 - 2015-11-22 09:16 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-04 06:53 - 2015-11-22 09:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-04 06:52 - 2015-11-22 10:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-04 06:52 - 2015-11-22 10:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-04 06:52 - 2015-11-22 10:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-04 06:52 - 2015-11-22 10:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-04 06:52 - 2015-11-22 10:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-04 06:52 - 2015-11-22 10:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-04 06:52 - 2015-11-22 10:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-04 06:52 - 2015-11-22 10:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-04 06:52 - 2015-11-22 10:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-04 06:52 - 2015-11-22 10:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-04 06:52 - 2015-11-22 10:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-04 06:52 - 2015-11-22 10:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-04 06:52 - 2015-11-22 10:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-04 06:52 - 2015-11-22 09:57 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-04 06:52 - 2015-11-22 09:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-04 06:52 - 2015-11-22 09:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-04 06:52 - 2015-11-22 09:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-04 06:52 - 2015-11-22 09:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-04 06:52 - 2015-11-22 09:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-04 06:52 - 2015-11-22 09:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-04 06:52 - 2015-11-22 09:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-04 06:52 - 2015-11-22 09:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-04 06:52 - 2015-11-22 09:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-04 06:52 - 2015-11-22 09:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-04 06:52 - 2015-11-22 09:55 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-04 06:52 - 2015-11-22 09:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-04 06:52 - 2015-11-22 09:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-04 06:52 - 2015-11-22 09:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-04 06:52 - 2015-11-22 09:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-04 06:52 - 2015-11-22 09:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-04 06:52 - 2015-11-22 09:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-04 06:52 - 2015-11-22 09:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-04 06:52 - 2015-11-22 09:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-04 06:52 - 2015-11-22 09:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-04 06:52 - 2015-11-22 09:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-04 06:52 - 2015-11-22 09:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-04 06:52 - 2015-11-22 09:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-04 06:52 - 2015-11-22 09:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-04 06:52 - 2015-11-22 09:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-04 06:52 - 2015-11-22 09:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-04 06:52 - 2015-11-22 09:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-04 06:52 - 2015-11-22 09:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-04 06:52 - 2015-11-22 09:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-04 06:52 - 2015-11-22 09:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-04 06:52 - 2015-11-22 09:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-04 06:52 - 2015-11-22 09:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-04 06:52 - 2015-11-22 09:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-04 06:52 - 2015-11-22 09:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-04 06:52 - 2015-11-22 09:47 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-04 06:52 - 2015-11-22 09:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-04 06:52 - 2015-11-22 09:46 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-04 06:52 - 2015-11-22 09:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-04 06:52 - 2015-11-22 09:45 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-04 06:52 - 2015-11-22 09:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-04 06:52 - 2015-11-22 09:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-04 06:52 - 2015-11-22 09:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-04 06:52 - 2015-11-22 09:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-04 06:52 - 2015-11-22 09:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-04 06:52 - 2015-11-22 09:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-04 06:52 - 2015-11-22 09:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-04 06:52 - 2015-11-22 09:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-04 06:52 - 2015-11-22 09:44 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-04 06:52 - 2015-11-22 09:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-04 06:52 - 2015-11-22 09:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-04 06:52 - 2015-11-22 09:43 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-04 06:52 - 2015-11-22 09:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-04 06:52 - 2015-11-22 09:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-04 06:52 - 2015-11-22 09:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-04 06:52 - 2015-11-22 09:42 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-04 06:52 - 2015-11-22 09:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-04 06:52 - 2015-11-22 09:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-04 06:52 - 2015-11-22 09:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-04 06:52 - 2015-11-22 09:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-04 06:52 - 2015-11-22 09:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-04 06:52 - 2015-11-22 09:40 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-04 06:52 - 2015-11-22 09:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-04 06:52 - 2015-11-22 09:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-04 06:52 - 2015-11-22 09:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-04 06:52 - 2015-11-22 09:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-04 06:52 - 2015-11-22 09:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-04 06:52 - 2015-11-22 09:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-04 06:52 - 2015-11-22 09:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-04 06:52 - 2015-11-22 09:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-04 06:52 - 2015-11-22 09:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-04 06:52 - 2015-11-22 09:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-04 06:52 - 2015-11-22 09:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-04 06:52 - 2015-11-22 09:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-04 06:52 - 2015-11-22 09:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-04 06:52 - 2015-11-22 09:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-04 06:52 - 2015-11-22 09:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-04 06:52 - 2015-11-22 09:32 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-04 06:52 - 2015-11-22 09:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-04 06:52 - 2015-11-22 09:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-04 06:52 - 2015-11-22 09:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-04 06:52 - 2015-11-22 09:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-04 06:52 - 2015-11-22 09:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-04 06:52 - 2015-11-22 09:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-04 06:52 - 2015-11-22 09:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-04 06:52 - 2015-11-22 09:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-04 06:52 - 2015-11-22 09:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-04 06:52 - 2015-11-22 09:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-04 06:52 - 2015-11-22 09:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-04 06:52 - 2015-11-22 09:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-04 06:52 - 2015-11-22 09:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-04 06:52 - 2015-11-22 09:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-04 06:52 - 2015-11-22 09:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-04 06:52 - 2015-11-22 09:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-04 06:52 - 2015-11-22 09:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-04 06:52 - 2015-11-22 09:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-04 06:52 - 2015-11-22 09:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-04 06:52 - 2015-11-22 09:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-04 06:52 - 2015-11-22 09:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-04 06:52 - 2015-11-22 09:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-04 06:52 - 2015-11-22 09:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-03 17:52 - 2015-12-03 17:56 - 00000000 ____D C:\Users\Andy K\Downloads\mobius
2015-12-02 21:10 - 2015-12-02 21:10 - 00000000 ____D C:\Users\Andy K\AppData\Local\ActiveSync
2015-12-02 21:07 - 2015-12-02 21:07 - 00000020 ___SH C:\Users\Andy K\ntuser.ini
2015-12-02 21:00 - 2015-12-08 05:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-02 20:41 - 2015-12-02 20:41 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-02 20:41 - 2015-12-02 20:41 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-12-02 20:41 - 2015-12-02 20:41 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2015-12-02 20:41 - 2015-12-02 20:41 - 00000000 ____D C:\Users\Default\AppData\Local\Trusteer
2015-12-02 20:41 - 2015-12-02 20:41 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-12-02 20:41 - 2015-12-02 20:41 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2015-12-02 20:41 - 2015-12-02 20:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Trusteer
2015-12-02 20:34 - 2015-12-02 20:43 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-02 20:31 - 2015-12-08 05:53 - 00972104 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-02 20:31 - 2015-12-06 20:05 - 00000000 ____D C:\Users\Andy K
2015-12-02 20:31 - 2015-12-02 20:51 - 00000000 ____D C:\Users\Administrator
2015-12-02 20:31 - 2015-12-02 20:31 - 00929278 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-02 20:28 - 2015-12-02 20:43 - 00000000 ____D C:\Program Files\IDT
2015-12-02 20:28 - 2015-12-02 20:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-12-02 20:28 - 2015-12-02 20:28 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-12-02 20:28 - 2015-12-02 20:28 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-12-02 20:28 - 2015-12-02 20:28 - 00000000 ____D C:\Program Files\Synaptics
2015-12-02 20:28 - 2015-12-02 20:28 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2015-12-02 20:28 - 2013-05-30 22:01 - 06085632 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-12-02 20:28 - 2013-05-30 22:01 - 03308376 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64A.dll
2015-12-02 20:28 - 2013-05-30 22:01 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-12-02 20:28 - 2013-05-30 22:01 - 01664000 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-12-02 20:28 - 2013-05-30 22:01 - 00426328 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64A.dll
2015-12-02 20:28 - 2013-05-30 22:01 - 00136024 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64A.dll
2015-12-02 20:28 - 2013-05-30 22:01 - 00118104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64A.dll
2015-12-02 20:27 - 2015-12-02 20:34 - 00000000 ____D C:\Program Files\AMD
2015-12-02 20:27 - 2015-12-02 20:27 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2015-12-02 20:27 - 2015-10-30 07:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-02 20:24 - 2015-12-02 20:46 - 00323440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-02 20:22 - 2015-12-03 00:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-02 20:17 - 2015-12-02 20:18 - 00000000 ____D C:\Windows.old
2015-12-02 20:16 - 2015-12-02 20:16 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 03670832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-02 20:16 - 2015-12-02 20:16 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-02 20:16 - 2015-12-02 20:16 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-02 20:16 - 2015-12-02 20:16 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-02 20:16 - 2015-12-02 20:16 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-02 20:16 - 2015-12-02 20:16 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-02 20:16 - 2015-12-02 20:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-02 20:16 - 2015-12-02 20:16 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-02 20:16 - 2015-12-02 20:16 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-02 20:16 - 2015-12-02 20:16 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-02 20:16 - 2015-12-02 20:16 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-02 20:14 - 2015-12-02 20:14 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-02 20:10 - 2015-12-02 20:10 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-02 20:10 - 2015-12-02 20:10 - 00000000 ____D C:\Program Files\MSBuild
2015-12-02 20:10 - 2015-12-02 20:10 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-02 20:10 - 2015-12-02 20:10 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-02 20:10 - 2015-12-02 20:10 - 00000000 ____D C:\inetpub
2015-12-02 20:09 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-02 20:09 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-02 20:09 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-02 20:09 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-02 20:09 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-02 20:09 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-02 12:45 - 2015-12-08 07:56 - 00000000 ____D C:\FRST
2015-12-02 11:58 - 2015-12-02 12:31 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-12-01 22:34 - 2015-12-01 22:34 - 00181552 _____ C:\Users\Andy K\Downloads\Fichtes_idea_of_complete_consciousness.pdf
2015-11-28 23:54 - 2015-12-02 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-11-28 22:23 - 2015-12-05 22:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-11-28 22:23 - 2015-12-02 20:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-28 22:23 - 2015-11-28 23:10 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-28 22:22 - 2015-11-28 22:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-28 22:22 - 2015-11-28 22:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-28 22:22 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-11-28 22:22 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-11-28 22:22 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-11-28 22:18 - 2015-11-28 22:20 - 22908888 _____ (Malwarebytes ) C:\Users\Andy K\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-28 18:34 - 2015-11-28 18:35 - 00000000 ____D C:\NPE
2015-11-28 18:33 - 2015-12-02 12:27 - 00350298 _____ C:\WINDOWS\ntbtlog.txt
2015-11-26 18:47 - 2015-12-08 05:51 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2015-11-26 18:46 - 2015-12-02 21:00 - 00002640 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-11-24 10:39 - 2015-11-24 10:39 - 01072352 _____ C:\Users\Andy K\Downloads\April 30 final draft.pdf
2015-11-21 18:56 - 2015-11-21 18:57 - 00118930 _____ C:\Users\Andy K\Downloads\1_searle_mind_s_brain_a_computer_program__.pdf
2015-11-11 18:44 - 2015-11-11 18:44 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-11-11 18:44 - 2015-11-11 18:44 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-11-11 18:43 - 2015-12-04 06:51 - 00002496 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2015-11-11 18:37 - 2015-12-04 06:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2015-11-11 18:37 - 2015-11-11 18:37 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2015-11-11 15:45 - 2015-11-11 15:46 - 00866448 _____ (Igor Pavlov) C:\Users\Andy K\Downloads\NortonMountPointRepairExtractor.exe
2015-11-10 15:59 - 2015-11-11 18:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-08 07:59 - 2014-03-03 21:37 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6CFBB1B3-F49E-4A03-95DE-F6BD6366D319}
2015-12-08 07:58 - 2015-06-27 17:34 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-08 07:42 - 2014-04-11 22:15 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-08 06:16 - 2015-07-26 20:50 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForAndy K.job
2015-12-08 05:53 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-08 05:50 - 2014-02-19 07:28 - 00000404 _____ C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job
2015-12-08 05:49 - 2015-08-04 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2015-12-08 05:47 - 2015-06-27 17:34 - 00000914 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-08 05:44 - 2015-10-30 06:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-08 05:44 - 2015-07-29 13:21 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2015-12-07 11:37 - 2013-12-04 13:43 - 00000000 ____D C:\Users\Andy K\AppData\Roaming\vlc
2015-12-06 20:27 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-06 20:19 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-06 20:03 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-12-06 20:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-06 20:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-06 20:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-06 06:01 - 2015-03-04 09:02 - 00000000 ____D C:\Users\Andy K\Desktop\FWTLCAM
2015-12-05 07:55 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-04 21:06 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-04 17:07 - 2015-10-30 06:28 - 00000000 ____D C:\Windows
2015-12-04 07:19 - 2012-08-16 20:31 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-12-03 17:53 - 2015-11-06 20:37 - 08258048 _____ (Isoprop) C:\Users\Andy K\Desktop\mSetup.exe
2015-12-03 08:04 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-02 21:28 - 2013-01-18 11:25 - 00000000 ____D C:\Users\Andy K\AppData\Local\Packages
2015-12-02 21:27 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-02 21:13 - 2015-07-29 13:46 - 00002375 _____ C:\Users\Andy K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-02 21:13 - 2015-05-11 10:34 - 00000000 ___RD C:\Users\Andy K\OneDrive
2015-12-02 21:09 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-02 21:09 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-02 21:08 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-02 21:08 - 2013-01-18 11:19 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-02 21:06 - 2013-11-12 12:27 - 00057153 _____ C:\WINDOWS\diagwrn.xml
2015-12-02 21:06 - 2013-11-12 12:27 - 00057153 _____ C:\WINDOWS\diagerr.xml
2015-12-02 21:03 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-02 21:03 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-02 21:00 - 2015-07-26 20:50 - 00002786 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForAndy K
2015-12-02 21:00 - 2015-06-27 17:34 - 00003432 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-12-02 21:00 - 2015-06-27 17:34 - 00003208 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-12-02 21:00 - 2015-02-26 12:55 - 00002846 _____ C:\WINDOWS\System32\Tasks\Wdtimes
2015-12-02 21:00 - 2014-04-11 22:15 - 00003044 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-02 21:00 - 2014-02-19 07:28 - 00002744 _____ C:\WINDOWS\System32\Tasks\FreeFileViewerUpdateChecker
2015-12-02 21:00 - 2013-11-12 12:41 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-02 21:00 - 2013-07-07 12:25 - 00002628 _____ C:\WINDOWS\System32\Tasks\{439D99FF-41C8-4B19-B34F-6CCDCE12A1D5}
2015-12-02 21:00 - 2013-05-24 06:35 - 00002536 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2015-12-02 21:00 - 2013-01-23 15:54 - 00002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3695692278-1667467862-1095516362-1002
2015-12-02 21:00 - 2012-10-13 00:54 - 00002254 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-12-02 20:59 - 2015-10-30 07:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-02 20:44 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-02 20:43 - 2015-10-30 18:04 - 00000000 ____D C:\WINDOWS\en-GB
2015-12-02 20:43 - 2015-10-30 06:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-02 20:43 - 2015-05-13 12:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-02 20:43 - 2014-04-18 18:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-02 20:43 - 2014-04-18 18:55 - 00000000 ____D C:\WINDOWS\en
2015-12-02 20:43 - 2014-02-19 07:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeFileViewer
2015-12-02 20:43 - 2013-12-04 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-02 20:43 - 2013-05-13 16:08 - 00000000 ____D C:\Users\Andy K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MetaGeek
2015-12-02 20:43 - 2013-03-25 14:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bing Desktop
2015-12-02 20:43 - 2013-02-12 18:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2015-12-02 20:43 - 2013-01-23 15:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-12-02 20:43 - 2012-10-13 01:11 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-12-02 20:43 - 2012-10-13 01:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-12-02 20:43 - 2012-08-16 20:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-02 20:43 - 2012-08-16 20:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-02 20:43 - 2012-08-16 20:05 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2015-12-02 20:41 - 2015-07-10 09:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-02 20:38 - 2015-10-30 18:04 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-12-02 20:38 - 2015-10-30 18:04 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-12-02 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-02 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-02 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-02 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-02 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-02 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-02 20:38 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-02 20:38 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-02 20:38 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-02 20:36 - 2015-10-30 18:08 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-02 20:36 - 2015-10-30 18:05 - 00000000 ____D C:\WINDOWS\OCR
2015-12-02 20:36 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-02 20:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-02 20:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-02 20:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-02 20:36 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-02 20:34 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-02 20:34 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-02 20:34 - 2012-08-16 20:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-12-02 20:32 - 2012-08-03 22:28 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-12-02 20:30 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-02 20:24 - 2015-10-30 18:15 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-02 20:22 - 2015-10-30 07:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-02 20:17 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-02 20:17 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-02 20:17 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-02 20:17 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-02 20:10 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-02 20:10 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-02 20:10 - 2015-10-30 07:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-02 20:10 - 2015-10-30 07:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-02 20:10 - 2015-10-30 07:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-02 20:10 - 2015-10-30 07:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-02 20:10 - 2015-10-30 07:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-02 20:10 - 2015-10-30 07:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-02 20:10 - 2015-10-30 07:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-02 20:10 - 2015-10-30 07:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-02 20:10 - 2015-10-30 07:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-02 20:10 - 2015-10-30 07:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-02 20:10 - 2015-10-30 07:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-02 20:10 - 2015-10-30 07:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-02 19:46 - 2015-10-30 19:02 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-02 12:56 - 2013-10-12 11:17 - 00000000 ____D C:\Users\Andy K\AppData\Local\CrashDumps
2015-11-28 23:55 - 2015-06-27 17:37 - 00000000 ___RD C:\Users\Andy K\Dropbox
2015-11-28 23:55 - 2015-06-27 17:33 - 00000000 ____D C:\Users\Andy K\AppData\Local\Dropbox
2015-11-28 23:54 - 2015-06-27 17:34 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-11-28 23:10 - 2015-07-29 16:38 - 00001051 _____ C:\Users\Andy K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-11-28 23:10 - 2014-04-18 18:54 - 00001321 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-11-28 23:10 - 2014-03-08 08:17 - 00001175 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-11-28 23:10 - 2014-03-08 08:17 - 00001163 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-11-28 23:10 - 2013-12-04 13:42 - 00001086 _____ C:\Users\Public\Desktop\VLC media player.lnk
2015-11-28 23:10 - 2013-06-12 17:28 - 00001101 _____ C:\ProgramData\Microsoft\Windows\Start Menu\FreeFileViewer.lnk
2015-11-28 23:10 - 2013-03-08 16:21 - 00001476 _____ C:\Users\Andy K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Cancel Shutdown.lnk
2015-11-28 23:10 - 2013-03-08 16:21 - 00001472 _____ C:\Users\Andy K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fast Shutdown.lnk
2015-11-28 23:10 - 2013-03-08 16:21 - 00001460 _____ C:\Users\Andy K\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\shutdown.lnk
2015-11-28 23:10 - 2013-02-12 18:43 - 00002655 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2015-11-28 23:10 - 2013-02-12 18:43 - 00002603 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2015-11-28 23:10 - 2013-02-12 18:43 - 00002593 _____ C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2015-11-28 23:10 - 2013-01-26 20:00 - 00002502 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2015-11-28 23:10 - 2013-01-26 20:00 - 00001474 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-11-28 23:10 - 2013-01-26 20:00 - 00001390 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-11-28 23:10 - 2012-08-16 20:21 - 00001115 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connected Music powered by Meridian.lnk
2015-11-28 23:10 - 2012-08-16 20:09 - 00002435 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2015-11-28 23:09 - 2015-08-13 17:34 - 00002294 _____ C:\Users\Andy K\Desktop\HP Support Assistant.lnk
2015-11-28 23:09 - 2015-07-29 16:32 - 00001365 _____ C:\Users\Andy K\Desktop\Norton Installation Files.lnk
2015-11-28 23:09 - 2015-06-27 17:37 - 00001234 _____ C:\Users\Andy K\Desktop\Dropbox.lnk
2015-11-28 23:09 - 2013-06-12 17:28 - 00001095 _____ C:\Users\Andy K\Desktop\FreeFileViewer.lnk
2015-11-28 23:09 - 2013-05-13 16:08 - 00002935 _____ C:\Users\Andy K\Desktop\inSSIDer 3.lnk
2015-11-28 20:06 - 2013-12-10 07:22 - 00000000 ____D C:\Users\Andy K\AppData\Local\NPE
2015-11-26 18:46 - 2012-10-13 01:27 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2015-11-24 16:27 - 2015-08-04 18:39 - 00396152 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2015-11-24 16:27 - 2015-08-04 18:39 - 00141304 _____ (IBM Corp.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2015-11-20 14:20 - 2013-01-25 07:25 - 00000000 ____D C:\Users\Andy K\Documents\Youcam
2015-11-11 18:48 - 2012-10-13 01:27 - 00000000 ____D C:\ProgramData\Norton
2015-11-11 18:44 - 2015-07-29 16:36 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-11-11 18:37 - 2012-10-13 01:27 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2015-11-11 18:34 - 2013-09-24 06:13 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-11-11 18:26 - 2014-03-08 08:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-11-11 08:17 - 2013-07-18 22:24 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-11-11 07:26 - 2013-01-26 09:23 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-01-23 18:40 - 2013-02-12 18:52 - 0002960 _____ () C:\Users\Andy K\AppData\Roaming\wklnhst.dat
2013-05-13 16:08 - 2013-05-13 16:08 - 0000037 ___SH () C:\Users\Andy K\AppData\Local\70149b02515b3bb20dd492.47983420
2014-06-30 11:31 - 2014-06-30 11:31 - 0003584 _____ () C:\Users\Andy K\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-21 05:59 - 2014-02-13 07:05 - 0007618 _____ () C:\Users\Andy K\AppData\Local\Resmon.ResmonCfg
2014-10-24 15:27 - 2014-10-24 15:28 - 0000377 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\Andy K\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-02 20:23

==================== End of FRST.txt ============================
Andy Kay is offline  
Old 12-08-2015, 12:48 PM   #9
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Why didn't you tell me you were already being helped on another forum?
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-08-2015, 03:45 PM   #10
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



Quote:
Originally Posted by chemist View Post
Why didn't you tell me you were already being helped on another forum?
It never occurred to me that it was relevant. This forum was my first port of call, but after a few days I mistakenly concluded that there was no interest here. The Norton forum just directed me to another set of malware forums. The Bleepingcomputer forum was very unhelpful and didn't go into the kind of analysis that you've offered. I sincerely apologise if I've transgressed some kind of unspoken protocol. The more I read around the subject for myself the more concerned I became (especially about these rootkit thingies), so I remain concerned, but if I am now unwelcome here then I will let the matter rest and thank you for the interest you have shown.
Andy Kay is offline  
Old 12-09-2015, 09:24 AM   #11
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Andy Kay. No worries. It is mentioned in our First Steps link:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum

I take it the Win Command Processor problem is solved?

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------

Quote:
Following the advice given to the member in the thread mentioned above, I downloaded and ran FRST, then ran it again with the fixlist
Just so you know, fixlist.txt fixes are machine specific. Running a fixlist not specifically created for your machine may leave your machine unbootable.

------------------------------------------------------

I noticed you have Free File Viewer installed.

Please read this and decide if you want to keep it >> Free File Viewer 2014 by Bitberry Software - Should I Remove It?

You can uninstall it via Programs and Features(right-click the Windows "logo" button > Programs and Features).

If you decide to uninstall it, please delete the following Folder if it still exists:

C:\Program Files (x86)\FreeFileViewer

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {08D7FBA9-99B9-482E-861A-31490F9B0D7A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0FC8FBE4-E94B-4126-8EF4-42FCB242521C} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
    Task: {3E68D4B8-469B-457E-82F0-FF8E5DD793A3} - \ProgramUpdateCheck -> No File <==== ATTENTION
    Task: {48C8EA53-F9D5-4D66-AE67-E99D20B95481} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {5169D4B4-0A01-4F3F-988A-AD1FA1CE47E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {538FB30D-E931-4536-BCB3-DAD825F491EF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {5838E2D2-5B92-4874-8E94-890E94CA01D2} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
    Task: {7B6C89B2-A40D-482A-B6B4-EF204535FE1A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {82198B9C-8DFA-4B42-8154-E09A4D42BBAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {84D9CDB7-DF7B-4C5F-8BAE-CD7E30B2C06E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9442C4E4-C53F-4B04-9963-05711E8BB914} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A5EFF9E3-52F7-40EF-9E0A-2EE86BB0E9F5} - \EPUpdater -> No File <==== ATTENTION
    Task: {B003E226-09B0-4728-BA88-1E47C13C701A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {B7201D36-D068-4A2B-B7A8-A1F33DF8829E} - System32\Tasks\Wdtimes => C:\Users\Andy K\AppData\Roaming\Wdtimes\wdtimes.exe [2015-02-26] (World Time Sync) <==== ATTENTION
    Task: {D3FD6DEE-0F6C-41A4-AB39-055D8436C8AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {F1A4CBDA-5C1F-4BC6-A923-7207D92715B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
    FirewallRules: [{ADF8164F-FB5D-4FD1-8554-673CD4353C69}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zSC291.tmp\SymNRT.exe
    FirewallRules: [{12CA56DD-5D0A-44D0-8534-128166A54D4D}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zSC291.tmp\SymNRT.exe
    FirewallRules: [{B061F0B9-54CA-40FA-AFA1-B8F7C366722A}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS76E7.tmp\SymNRT.exe
    FirewallRules: [{D1C58D25-515A-4C4A-8AC4-6CF60EA53B0B}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS76E7.tmp\SymNRT.exe
    FirewallRules: [{17362F79-C983-4794-8F64-687CDC091000}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS7825.tmp\SymNRT.exe
    FirewallRules: [{AD43A9C2-14C9-465B-B450-3451EE53C154}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS7825.tmp\SymNRT.exe
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    CHR Extension: (Ask Toolbar) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajabnoiehionljhjpclogplgillib [2014-02-22]
    CHR Extension: (Ask Toolbar) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-22]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-09-2015, 03:36 PM   #12
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



Quote:
Originally Posted by chemist View Post
Hello again, Andy Kay. No worries. It is mentioned in our First Steps link:

NEW INSTRUCTIONS - Read This Before Posting For Malware Removal Help - Tech Support Forum
Damn... I remember reading those posts. Must have forgotten all about bumping.

Quote:
I take it the Win Command Processor problem is solved?
The two questionable entries in Norton Startup Manager have disappeared. This coincided with a Windows update, so there may be a connection, but I don't really know what happened.

Quote:
Just so you know, fixlist.txt fixes are machine specific. Running a fixlist not specifically created for your machine may leave your machine unbootable.
The fixlist I used before your intervention was created on my machine, so hopefully that shouldn't be a problem.

Quote:
I noticed you have Free File Viewer installed.
Now uninstalled.

Quote:
If you decide to uninstall it, please delete the following Folder if it still exists:

C:\Program Files (x86)\FreeFileViewer
No such folder present.

Quote:
When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.
Fix result of Farbar Recovery Scan Tool (x64) Version:05-12-2015
Ran by Andy K (2015-12-09 18:21:45) Run:2
Running from C:\Users\Andy K\Desktop
Loaded Profiles: Andy K (Available Profiles: Andy K & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {08D7FBA9-99B9-482E-861A-31490F9B0D7A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0FC8FBE4-E94B-4126-8EF4-42FCB242521C} - \ProgramRefresh-ATFST -> No File <==== ATTENTION
Task: {3E68D4B8-469B-457E-82F0-FF8E5DD793A3} - \ProgramUpdateCheck -> No File <==== ATTENTION
Task: {48C8EA53-F9D5-4D66-AE67-E99D20B95481} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5169D4B4-0A01-4F3F-988A-AD1FA1CE47E2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {538FB30D-E931-4536-BCB3-DAD825F491EF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5838E2D2-5B92-4874-8E94-890E94CA01D2} - System32\Tasks\FreeFileViewerUpdateChecker => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe [2013-03-25] (Bitberry Software) <==== ATTENTION
Task: {7B6C89B2-A40D-482A-B6B4-EF204535FE1A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {82198B9C-8DFA-4B42-8154-E09A4D42BBAE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {84D9CDB7-DF7B-4C5F-8BAE-CD7E30B2C06E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9442C4E4-C53F-4B04-9963-05711E8BB914} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A5EFF9E3-52F7-40EF-9E0A-2EE86BB0E9F5} - \EPUpdater -> No File <==== ATTENTION
Task: {B003E226-09B0-4728-BA88-1E47C13C701A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B7201D36-D068-4A2B-B7A8-A1F33DF8829E} - System32\Tasks\Wdtimes => C:\Users\Andy K\AppData\Roaming\Wdtimes\wdtimes.exe [2015-02-26] (World Time Sync) <==== ATTENTION
Task: {D3FD6DEE-0F6C-41A4-AB39-055D8436C8AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {F1A4CBDA-5C1F-4BC6-A923-7207D92715B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe <==== ATTENTION
FirewallRules: [{ADF8164F-FB5D-4FD1-8554-673CD4353C69}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zSC291.tmp\SymNRT.exe
FirewallRules: [{12CA56DD-5D0A-44D0-8534-128166A54D4D}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zSC291.tmp\SymNRT.exe
FirewallRules: [{B061F0B9-54CA-40FA-AFA1-B8F7C366722A}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS76E7.tmp\SymNRT.exe
FirewallRules: [{D1C58D25-515A-4C4A-8AC4-6CF60EA53B0B}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS76E7.tmp\SymNRT.exe
FirewallRules: [{17362F79-C983-4794-8F64-687CDC091000}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS7825.tmp\SymNRT.exe
FirewallRules: [{AD43A9C2-14C9-465B-B450-3451EE53C154}] => (Allow) C:\Users\Andy K\AppData\Local\Temp\7zS7825.tmp\SymNRT.exe
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
CHR Extension: (Ask Toolbar) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajabnoiehionljhjpclogplgillib [2014-02-22]
CHR Extension: (Ask Toolbar) - C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-22]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{08D7FBA9-99B9-482E-861A-31490F9B0D7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{08D7FBA9-99B9-482E-861A-31490F9B0D7A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FC8FBE4-E94B-4126-8EF4-42FCB242521C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FC8FBE4-E94B-4126-8EF4-42FCB242521C}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramRefresh-ATFST => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3E68D4B8-469B-457E-82F0-FF8E5DD793A3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E68D4B8-469B-457E-82F0-FF8E5DD793A3}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProgramUpdateCheck => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{48C8EA53-F9D5-4D66-AE67-E99D20B95481}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{48C8EA53-F9D5-4D66-AE67-E99D20B95481}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5169D4B4-0A01-4F3F-988A-AD1FA1CE47E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5169D4B4-0A01-4F3F-988A-AD1FA1CE47E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{538FB30D-E931-4536-BCB3-DAD825F491EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{538FB30D-E931-4536-BCB3-DAD825F491EF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5838E2D2-5B92-4874-8E94-890E94CA01D2} => key not found.
C:\WINDOWS\System32\Tasks\FreeFileViewerUpdateChecker => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\FreeFileViewerUpdateChecker => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B6C89B2-A40D-482A-B6B4-EF204535FE1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B6C89B2-A40D-482A-B6B4-EF204535FE1A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82198B9C-8DFA-4B42-8154-E09A4D42BBAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82198B9C-8DFA-4B42-8154-E09A4D42BBAE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{84D9CDB7-DF7B-4C5F-8BAE-CD7E30B2C06E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84D9CDB7-DF7B-4C5F-8BAE-CD7E30B2C06E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9442C4E4-C53F-4B04-9963-05711E8BB914}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9442C4E4-C53F-4B04-9963-05711E8BB914}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A5EFF9E3-52F7-40EF-9E0A-2EE86BB0E9F5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A5EFF9E3-52F7-40EF-9E0A-2EE86BB0E9F5}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\EPUpdater => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B003E226-09B0-4728-BA88-1E47C13C701A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B003E226-09B0-4728-BA88-1E47C13C701A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B7201D36-D068-4A2B-B7A8-A1F33DF8829E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B7201D36-D068-4A2B-B7A8-A1F33DF8829E}" => key removed successfully
C:\WINDOWS\System32\Tasks\Wdtimes => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Wdtimes" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3FD6DEE-0F6C-41A4-AB39-055D8436C8AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3FD6DEE-0F6C-41A4-AB39-055D8436C8AA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1A4CBDA-5C1F-4BC6-A923-7207D92715B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1A4CBDA-5C1F-4BC6-A923-7207D92715B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
C:\WINDOWS\Tasks\FreeFileViewerUpdateChecker.job => not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ADF8164F-FB5D-4FD1-8554-673CD4353C69} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{12CA56DD-5D0A-44D0-8534-128166A54D4D} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B061F0B9-54CA-40FA-AFA1-B8F7C366722A} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D1C58D25-515A-4C4A-8AC4-6CF60EA53B0B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{17362F79-C983-4794-8F64-687CDC091000} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{AD43A9C2-14C9-465B-B450-3451EE53C154} => value removed successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajabnoiehionljhjpclogplgillib => moved successfully
C:\Users\Andy K\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
EmptyTemp: => 10.6 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:28:19 ====
Andy Kay is offline  
Old 12-09-2015, 05:54 PM   #13
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-10-2015, 02:12 AM   #14
Registered Member
 
Join Date: Dec 2015
Posts: 23
OS: Windows 10



Quote:
Originally Posted by chemist View Post
Your logs appear clean. You should be good to go.
Thank you for your assistance and for your patience in the face of my clumsiness chemist.
Andy Kay is offline  
Old 12-10-2015, 08:57 AM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're very welcome, Andy Kay! Glad to have helped.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Windows 7 upgrade advisor found 6 issues.
This is HP DV4-1435dx running windows vista. I want to use my retail copy of windows 7 to upgrade. It found 6 issues, not sure how serius are they. On this computer, there is D drive which is restore partition (about 15GB) and i have splitted C drive to C and F. I am planning to install Windows...
drosera01 Windows 7 , Windows Vista Support 3 10-20-2012 08:20 AM
Activation scenario across two computers due to computer upgrade
Tied contacting MS support but apparently: Wee!!! And I couldn't find a product ID for the new OEM license I purchased. PC1: Built PC myself. 1HDD: Had WinXP on it. Used XP for many years. Purchased Win 7 Pro upgrade and new HDD.
FireWynd Windows 7 , Windows Vista Support 6 12-09-2011 06:38 PM
Installing a Windows 7 upgrade on a new machine.
A week ago, I decided it's finally time to upgrade my PC. I bought a new MoBo, APU, graphics card, RAM, and power supply. I'm really excited about it. On my current PC, I am running Windows 7 Pro 64-bit (Upgrade version) which replaced an OEM Windows XP. Now I've done a ton of research and...
DeGarmo2 Windows 7 , Windows Vista Support 3 12-06-2011 11:06 AM
PC Upgrade Talk
PC Upgrade Talk with Experts, RAM, CPU, Graphics Card, ETC...? Hi People I will like this, from a professional point of view. I have a computer, the specs are as follow: Ram: 2048 MB of DDR2 800 MHz (1GB each Stick) CPU: Intel Core 2 Duo E4500 2.20 GHz (Socket 775 LGA)...
JoseTech PC Gaming Support 14 08-29-2011 12:15 AM
Should I Upgrade Power Suppy For My New Hardware?
Hi!, I posted in this section many times and always change from building a PC or upgrading. Now I am just thinking of upgrading. Links for all the hardware will be below. My PC is a Hp a6683w and I am just trying to make a light gaming upgrade. Now, I want to upgrade my processor to a "AMD...
jacker300 Building 4 06-11-2011 05:53 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 03:14 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts