Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mouse cursor auto jumps to top right corner of screen and clicks


  • This topic is locked This topic is locked
11 replies to this topic

#1 simona91

simona91

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 26 August 2015 - 10:00 AM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:32:24 AM, on 27/08/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Users\Simon\AppData\Roaming\Spotify\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Simon\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coNatHst.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Simon\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Simon\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.jp.msn.com/HPALL13/14
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.jp.msn.com/HPALL13/14
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.jp.msn.com/HPALL13/14
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Simon\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [Spotify] "C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5DAEC53D8C099B1094B921010676FA41] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Simon\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.hola.org
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\WINDOWS\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Hola Better Internet Engine (hola_svc) - Hola Networks Ltd. - C:\Program Files\Hola\app\hola_svc.exe
O23 - Service: Hola Better Internet Updater (hola_updater) - Hola Networks Ltd. - C:\Program Files\Hola\app\hola_updater.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Connected Remote Service (HPConnectedRemote) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem8.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\WINDOWS\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 14717 bytes

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 27 August 2015 - 09:24 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

How is the computer running now?
Wait for further instructions.

===

p.s.
HijackThis is no longer supported and is not ready for 64 bit system.
I suggest your remove it Using the Add/Remove programs applet.
Use the Farbar tool from now on to report problems.
<<<>>>

#3 simona91

simona91
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 31 August 2015 - 07:30 AM

Hi Nasdaq, thanks for the help. It is much appreciated.
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 31/08/2015
Scan Time: 9:54 PM
Logfile: MBAM LOG.txt
Administrator: Yes
 
Version: 2.1.8.1057
Malware Database: v2015.08.31.01
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Simon
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 458436
Time Elapsed: 29 min, 28 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#4 simona91

simona91
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 31 August 2015 - 07:44 AM

# AdwCleaner v5.004 - Logfile created 31/08/2015 at 22:36:15
# Updated 26/08/2015 by Xplode
# Database : 2015-08-30.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Simon - JBHIFI
# Running from : C:\Users\Simon\Downloads\adwcleaner_5.004.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[x] Service Not Deleted : hola_svc
[x] Service Not Deleted : hola_updater
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Hola
[-] Folder Deleted : C:\Program Files\Hola
[-] Folder Deleted : C:\Users\Simon\AppData\Local\Hola
[-] Folder Deleted : C:\Users\Simon\AppData\Roaming\RHEng
[-] Folder Deleted : C:\Users\Simon\AppData\Roaming\Hola
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Public\Desktop\eBay.lnk
[-] File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1252 bytes] ##########


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 31 August 2015 - 07:49 AM

Waiting for the Farbar logs.

#6 simona91

simona91
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 31 August 2015 - 07:50 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Simon (administrator) on JBHIFI (31-08-2015 22:46:11)
Running from C:\Users\Simon\Downloads
Loaded Profiles: Simon (Available Profiles: UpdatusUser & Simon)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Simon\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Users\Simon\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\nacl64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\nacl64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coNatHst.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Farbar) C:\Users\Simon\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [HotKeysCmds] => "C:\WINDOWS\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\WINDOWS\system32\igfxpers.exe"
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe --silent
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-15] (Hewlett-Packard Development Company, L.P.)
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [22344224 2015-07-29] (Google)
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\...\Run: [Spotify Web Helper] => C:\Users\Simon\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-08-19] (Spotify Ltd)
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\...\Run: [Spotify] => C:\Users\Simon\AppData\Roaming\Spotify\Spotify.exe [7675448 2015-08-19] (Spotify Ltd)
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\...\Run: [GoogleChromeAutoLaunch_5DAEC53D8C099B1094B921010676FA41] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-08-18] (Google Inc.)
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\...\Run: [OneDrive] => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-20] (Microsoft Corporation)
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\...\RunOnce: [Uninstall C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs: ,C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [176904 2015-07-23] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-23] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\buShell.dll [2015-07-13] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Simon\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\FileSyncShell.dll [2015-08-20] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 61.9.133.193 61.9.134.49
Tcpip\..\Interfaces\{0922e941-8fbb-4673-8114-5c3b85b2deb3}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{35601866-0482-4b9f-901f-2fee4220da8f}: [DhcpNameServer] 61.9.133.193 61.9.134.49
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL13/14
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/14
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.jp.msn.com/HPALL13/14
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL13/14
HKU\S-1-5-21-1230303569-731849898-1422414841-1005\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.jp.msn.com/HPALL13/14
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-1230303569-731849898-1422414841-1005 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/705-29546-12064-14/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\coIEPlg.dll [2015-07-10] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-13] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll [2012-08-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-18] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-10-13] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Simon\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFPlgn [2015-08-31]
 
Chrome: 
=======
CHR Profile: C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-12]
CHR Extension: (Google Docs) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-12]
CHR Extension: (Google Drive) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-12]
CHR Extension: (YouTube) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-12]
CHR Extension: (Norton Security Toolbar) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2015-08-17]
CHR Extension: (Google Search) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-12]
CHR Extension: (Google Sheets) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-12]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-04-12]
CHR Extension: (Norton Identity Safe) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-08-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-12]
CHR Extension: (Gmail) - C:\Users\Simon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-12]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-17]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\Exts\Chrome.crx [2015-08-17]
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-13] (Hewlett-Packard)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.2.15\N360.exe [282016 2015-07-17] (Symantec Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-11] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-08-11] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-09-30] (Atheros) [File not signed]
S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]
S2 hola_updater; "C:\Program Files\Hola\app\hola_updater.exe" --service --run-as hola_updater [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R3 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20150821.001\BHDrvx64.sys [1650936 2015-07-24] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605020.00F\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [153936 2015-07-27] (Symantec Corporation)
R3 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20150828.001\IDSvia64.sys [767224 2015-08-29] (Symantec Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-31] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150830.020\ENG64.SYS [138488 2015-05-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\VirusDefs\20150830.020\EX64.SYS [2146040 2015-05-20] (Symantec Corporation)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek                                            )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSP64.SYS [926448 2015-07-11] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\N360x64\1605020.00F\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R3 SymEFASI; C:\Windows\system32\drivers\N360x64\1605020.00F\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605020.00F\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-08-17] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\N360x64\1605020.00F\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R3 SymNetS; C:\Windows\system32\drivers\N360x64\1605020.00F\SYMNETS.SYS [576248 2015-07-11] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-09-01] (Hewlett-Packard Development Company, L.P.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 22:46 - 2015-08-31 22:47 - 00026587 _____ C:\Users\Simon\Downloads\FRST.txt
2015-08-31 22:45 - 2015-08-31 22:46 - 00000000 ____D C:\FRST
2015-08-31 22:42 - 2015-08-31 22:42 - 00001331 _____ C:\Users\Simon\Desktop\AdwCleaner[C1].txt
2015-08-31 22:39 - 2015-08-31 22:39 - 00016148 _____ C:\WINDOWS\system32\JBHIFI_Simon_HistoryPrediction.bin
2015-08-31 22:33 - 2015-08-31 22:36 - 00000000 ____D C:\AdwCleaner
2015-08-31 22:18 - 2015-08-31 22:45 - 02188288 _____ (Farbar) C:\Users\Simon\Downloads\FRST64 (1).exe
2015-08-31 22:15 - 2015-08-31 22:15 - 01618432 _____ C:\Users\Simon\Downloads\adwcleaner_5.004.exe
2015-08-31 21:52 - 2015-08-31 22:39 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-31 21:51 - 2015-08-31 21:51 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-31 21:51 - 2015-08-31 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-31 21:51 - 2015-08-31 21:51 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-31 21:51 - 2015-08-31 21:51 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-31 21:51 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-08-31 21:51 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-31 21:51 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-08-31 21:50 - 2015-08-31 21:50 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Simon\Downloads\mbam-setup-2.1.8.1057.exe
2015-08-31 18:38 - 2015-08-31 18:39 - 130542994 _____ C:\Users\Simon\Downloads\audio-vga.m4v
2015-08-30 18:59 - 2015-08-30 18:59 - 09926214 _____ C:\Users\Simon\Downloads\Lecture 2 - Origins of Global Governance.pptx
2015-08-30 16:03 - 2015-08-30 16:03 - 00167085 _____ C:\Users\Simon\Downloads\Lecture 01.pptx
2015-08-29 01:37 - 2015-08-29 01:37 - 00000000 ___HD C:\OneDriveTemp
2015-08-29 00:15 - 2015-08-20 16:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-29 00:15 - 2015-08-20 15:21 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-29 00:15 - 2015-08-20 14:31 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-29 00:14 - 2015-08-20 16:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-29 00:14 - 2015-08-20 16:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-29 00:14 - 2015-08-20 15:57 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-08-29 00:14 - 2015-08-20 15:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-29 00:14 - 2015-08-20 15:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-29 00:14 - 2015-08-20 15:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-29 00:14 - 2015-08-20 15:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-29 00:14 - 2015-08-20 15:09 - 00929280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-08-29 00:14 - 2015-08-18 17:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-29 00:14 - 2015-08-18 17:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-29 00:14 - 2015-08-18 17:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-29 00:14 - 2015-08-18 17:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-29 00:14 - 2015-08-18 17:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-29 00:14 - 2015-08-18 17:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-29 00:14 - 2015-08-18 17:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-29 00:14 - 2015-08-18 17:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-29 00:14 - 2015-08-18 17:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-29 00:14 - 2015-08-18 17:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-29 00:14 - 2015-08-18 17:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-29 00:14 - 2015-08-18 16:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-29 00:14 - 2015-08-18 16:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-29 00:14 - 2015-08-18 16:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-29 00:14 - 2015-08-18 16:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-29 00:14 - 2015-08-18 16:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-29 00:14 - 2015-08-18 16:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-29 00:14 - 2015-08-18 16:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-29 00:14 - 2015-08-18 16:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-29 00:14 - 2015-08-18 16:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-29 00:14 - 2015-08-18 16:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-29 00:14 - 2015-08-18 16:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-29 00:14 - 2015-08-18 16:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-29 00:14 - 2015-08-18 16:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-29 00:14 - 2015-08-18 16:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-29 00:14 - 2015-08-18 16:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-29 00:14 - 2015-08-18 16:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-29 00:14 - 2015-08-18 16:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-29 00:14 - 2015-08-18 16:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-29 00:14 - 2015-08-18 16:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-29 00:14 - 2015-08-18 16:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-29 00:14 - 2015-08-18 16:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-29 00:14 - 2015-08-18 16:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-29 00:14 - 2015-08-18 14:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-28 17:28 - 2015-08-28 17:28 - 00000000 ____D C:\Users\Simon\AppData\Local\Windows Live
2015-08-28 00:37 - 2015-08-28 00:37 - 00000000 ____D C:\Users\Simon\Documents\Fax
2015-08-27 23:49 - 2015-08-27 23:49 - 02186752 _____ (Farbar) C:\Users\Simon\Downloads\frst64.exe
2015-08-27 23:27 - 2015-08-27 23:27 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-27 23:26 - 2015-08-27 23:27 - 23136200 _____ (SUPERAntiSpyware) C:\Users\Simon\Downloads\SUPERAntiSpyware.exe
2015-08-27 00:33 - 2015-08-27 00:33 - 00014719 _____ C:\Users\Simon\Desktop\hijackthis.log
2015-08-27 00:21 - 2015-08-27 00:32 - 00014719 _____ C:\Users\Simon\Downloads\hijackthis.log
2015-08-27 00:19 - 2015-08-27 00:19 - 00388608 _____ (Trend Micro Inc.) C:\Users\Simon\Downloads\HijackThis (1).exe
2015-08-27 00:17 - 2015-08-27 00:17 - 00388608 _____ (Trend Micro Inc.) C:\Users\Simon\Downloads\HijackThis.exe
2015-08-26 23:30 - 2015-08-26 23:33 - 00000000 ____D C:\NPE
2015-08-26 23:27 - 2015-08-26 23:40 - 00000000 ____D C:\Users\Simon\AppData\Local\NPE
2015-08-26 23:27 - 2015-08-26 23:27 - 03088296 _____ (Symantec Corporation) C:\Users\Simon\Downloads\NPE.exe
2015-08-26 23:27 - 2015-08-26 23:27 - 00000000 ____D C:\ProgramData\SMR501
2015-08-26 23:14 - 2015-08-26 23:14 - 00001327 _____ C:\Users\Simon\Downloads\URLLink (3).acsm
2015-08-26 22:11 - 2015-08-26 22:11 - 00001327 _____ C:\Users\Simon\Downloads\URLLink (2).acsm
2015-08-26 22:06 - 2015-08-26 22:06 - 00001631 _____ C:\Users\Simon\Downloads\URLLink (1).acsm
2015-08-26 19:38 - 2015-08-26 19:38 - 00001633 _____ C:\Users\Simon\Downloads\URLLink.acsm
2015-08-25 17:51 - 2015-08-25 17:51 - 04775424 _____ C:\Users\Simon\Downloads\week1 notes.ppt
2015-08-25 17:21 - 2015-08-25 17:21 - 00067946 _____ C:\Users\Simon\Downloads\Summary Slide on Theories-2.pptx
2015-08-25 15:07 - 2015-08-25 15:07 - 00524551 _____ C:\Users\Simon\Downloads\Lecture 4.pptx
2015-08-25 11:46 - 2015-08-25 11:46 - 00000000 ____D C:\Users\Simon\AppData\Local\Microsoft Help
2015-08-24 14:49 - 2015-08-24 14:50 - 05151232 _____ C:\Users\Simon\Downloads\Week 3 Notes (1).ppt
2015-08-24 14:40 - 2015-08-24 14:40 - 05153792 _____ C:\Users\Simon\Downloads\Week 3 Notes.ppt
2015-08-20 16:42 - 2015-08-20 16:42 - 01436870 _____ C:\Users\Simon\Downloads\EDF 1304 Week 3 tute.pptx
2015-08-19 21:43 - 2015-08-13 14:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 21:43 - 2015-08-13 14:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 21:43 - 2015-08-13 14:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 21:43 - 2015-08-13 14:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 21:43 - 2015-08-13 13:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 21:43 - 2015-08-11 20:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 21:43 - 2015-08-11 20:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 21:43 - 2015-08-11 20:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 21:43 - 2015-08-11 20:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 21:43 - 2015-08-11 20:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 21:43 - 2015-08-11 20:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 21:43 - 2015-08-11 20:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 21:43 - 2015-08-11 19:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-19 21:43 - 2015-08-11 19:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 21:43 - 2015-08-11 19:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 21:43 - 2015-08-11 19:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 21:43 - 2015-08-11 19:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 21:43 - 2015-08-11 19:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 21:43 - 2015-08-11 19:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 21:43 - 2015-08-11 19:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 21:43 - 2015-08-11 19:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-19 21:43 - 2015-08-11 19:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 21:43 - 2015-08-11 19:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 21:43 - 2015-08-11 19:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 21:43 - 2015-08-11 19:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 21:43 - 2015-08-11 19:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 21:43 - 2015-08-11 19:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 21:43 - 2015-08-11 19:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 21:43 - 2015-08-11 19:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 21:43 - 2015-08-11 19:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 21:43 - 2015-08-11 19:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 21:43 - 2015-08-11 19:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 21:43 - 2015-08-11 19:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 21:43 - 2015-08-11 19:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 21:43 - 2015-08-11 19:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 21:43 - 2015-08-11 19:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 21:43 - 2015-08-11 19:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 21:43 - 2015-08-11 19:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 21:43 - 2015-08-11 19:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 21:43 - 2015-08-11 19:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 21:43 - 2015-08-11 19:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 21:43 - 2015-08-11 19:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 21:43 - 2015-08-11 19:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 21:43 - 2015-08-11 19:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 21:43 - 2015-08-11 19:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 21:43 - 2015-08-11 19:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 21:43 - 2015-08-11 19:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 21:43 - 2015-08-11 19:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 21:43 - 2015-08-11 19:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 21:43 - 2015-08-11 19:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 21:43 - 2015-08-11 19:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 21:43 - 2015-08-11 19:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-19 21:43 - 2015-08-11 19:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 21:43 - 2015-08-11 19:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 21:43 - 2015-08-11 19:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 21:43 - 2015-08-11 19:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 21:43 - 2015-08-11 19:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 21:43 - 2015-08-11 18:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 21:43 - 2015-08-11 18:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 21:43 - 2015-08-11 18:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 21:43 - 2015-08-11 18:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 21:43 - 2015-08-11 18:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 21:43 - 2015-08-11 18:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 21:43 - 2015-08-11 18:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 21:43 - 2015-08-11 18:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 21:43 - 2015-08-11 18:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 21:43 - 2015-08-11 18:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 21:43 - 2015-08-11 18:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 21:43 - 2015-08-11 18:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 21:43 - 2015-08-11 18:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 21:43 - 2015-08-11 18:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 21:43 - 2015-08-11 18:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 21:43 - 2015-08-11 18:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 21:43 - 2015-08-11 18:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 21:43 - 2015-08-11 18:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 21:43 - 2015-08-11 18:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 21:43 - 2015-08-11 18:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 21:43 - 2015-08-11 18:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 21:43 - 2015-08-11 18:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 21:43 - 2015-08-11 18:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-19 16:07 - 2015-08-19 16:07 - 00000000 ____D C:\Users\Simon\AppData\Local\CEF
2015-08-18 20:10 - 2015-08-27 22:41 - 00000000 ____D C:\Users\Simon\AppData\Local\CrashDumps
2015-08-18 11:13 - 2015-08-18 11:13 - 00000000 ____D C:\Users\Simon\AppData\Local\NetworkTiles
2015-08-17 17:58 - 2015-08-31 22:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2015-08-17 17:56 - 2015-08-17 17:56 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2015-08-17 17:56 - 2015-08-17 17:56 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2015-08-17 17:56 - 2015-08-17 17:56 - 00003376 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-08-17 17:56 - 2015-08-17 17:56 - 00002402 _____ C:\Users\Public\Desktop\Norton 360 Premier.LNK
2015-08-17 17:56 - 2015-08-17 17:56 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2015-08-17 17:55 - 2015-08-17 17:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-08-17 17:55 - 2015-08-17 17:55 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-08-17 17:55 - 2015-08-17 17:55 - 00000000 ____D C:\Program Files (x86)\Norton 360
2015-08-17 17:54 - 2015-08-17 17:54 - 00001393 _____ C:\Users\Simon\Desktop\Norton Installation Files.lnk
2015-08-17 17:54 - 2015-08-17 17:54 - 00000000 ____D C:\Users\Public\Downloads\Norton
2015-08-17 17:53 - 2015-08-17 17:54 - 01110960 _____ (Symantec Corporation) C:\Users\Simon\Downloads\NortonN360PDownloader.exe
2015-08-17 16:43 - 2015-08-17 18:05 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-08-17 16:41 - 2015-08-17 16:41 - 00000000 ____D C:\WINDOWS\pss
2015-08-13 22:40 - 2015-08-03 12:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-13 22:40 - 2015-08-03 11:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-13 22:12 - 2015-08-08 17:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-13 22:12 - 2015-08-08 17:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-13 22:12 - 2015-08-08 17:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-13 22:12 - 2015-08-08 16:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-13 22:12 - 2015-08-08 16:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-13 22:12 - 2015-08-08 16:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-13 22:12 - 2015-08-08 16:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-13 22:12 - 2015-08-08 16:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-13 22:12 - 2015-08-08 16:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-13 22:12 - 2015-08-06 13:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-13 22:12 - 2015-08-06 13:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-13 22:12 - 2015-08-06 12:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-13 22:12 - 2015-08-05 14:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-13 22:12 - 2015-08-05 14:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-13 22:12 - 2015-08-05 14:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-13 22:12 - 2015-08-05 13:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-13 22:12 - 2015-08-05 13:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-13 22:12 - 2015-08-05 13:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-13 22:12 - 2015-08-04 14:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-13 22:12 - 2015-08-04 14:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-13 22:12 - 2015-08-04 14:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-13 22:12 - 2015-08-04 13:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-13 22:12 - 2015-08-04 12:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-13 22:12 - 2015-08-04 12:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-13 22:12 - 2015-08-03 12:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-13 22:12 - 2015-08-03 12:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-13 22:12 - 2015-08-03 12:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-13 22:12 - 2015-08-03 12:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-13 22:12 - 2015-08-03 12:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-13 22:12 - 2015-08-03 12:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-13 22:12 - 2015-08-03 12:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-13 22:12 - 2015-08-03 12:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-13 22:12 - 2015-08-03 12:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-13 22:12 - 2015-08-03 11:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-13 22:12 - 2015-08-03 11:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-13 22:12 - 2015-08-03 11:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-13 22:12 - 2015-08-03 11:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-13 22:12 - 2015-08-03 11:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-13 22:12 - 2015-08-03 11:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-13 22:12 - 2015-08-03 11:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-13 22:12 - 2015-08-03 11:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-13 22:12 - 2015-08-03 11:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-13 22:12 - 2015-08-03 11:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-13 22:12 - 2015-08-03 11:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-13 22:12 - 2015-08-03 11:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-13 22:12 - 2015-08-03 11:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-13 22:12 - 2015-08-03 11:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-13 22:12 - 2015-08-03 11:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-13 22:12 - 2015-08-03 11:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-13 22:12 - 2015-08-03 11:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-13 22:12 - 2015-08-03 11:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-13 22:12 - 2015-08-03 11:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-13 22:12 - 2015-08-03 11:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-13 22:12 - 2015-08-03 11:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-13 22:12 - 2015-08-03 10:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-13 22:11 - 2015-08-03 12:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-13 22:11 - 2015-08-03 11:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-13 22:11 - 2015-08-03 11:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-13 22:11 - 2015-08-03 11:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-13 22:11 - 2015-08-03 11:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-13 22:11 - 2015-08-03 11:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-13 22:11 - 2015-08-03 11:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-13 22:11 - 2015-08-03 11:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-13 22:11 - 2015-08-03 11:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-13 22:11 - 2015-08-03 11:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-13 22:11 - 2015-08-03 11:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-13 22:11 - 2015-08-03 11:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-12 23:28 - 2015-08-12 23:28 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-12 03:34 - 2015-08-12 03:34 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-08-11 02:22 - 2015-08-10 09:06 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-11 02:22 - 2015-08-10 08:29 - 00000000 __SHD C:\Recovery
2015-08-11 02:17 - 2015-08-11 02:17 - 00000000 ____D C:\Windows.old
2015-08-11 02:16 - 2015-08-11 02:16 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-11 02:16 - 2015-08-11 02:16 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-11 02:16 - 2015-08-11 02:16 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-11 02:16 - 2015-08-11 02:16 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-11 02:16 - 2015-08-11 02:16 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-11 02:16 - 2015-08-11 02:16 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-11 02:16 - 2015-08-11 02:16 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-11 02:13 - 2015-08-11 02:13 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-11 02:11 - 2015-08-11 02:11 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-11 02:11 - 2015-08-11 02:11 - 00000000 ____D C:\Program Files\MSBuild
2015-08-11 02:11 - 2015-08-11 02:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-11 02:11 - 2015-08-11 02:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-11 02:11 - 2015-08-11 02:11 - 00000000 ____D C:\inetpub
2015-08-11 02:10 - 2015-06-18 12:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-11 02:10 - 2015-06-18 12:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 02:10 - 2015-06-18 12:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-11 02:10 - 2015-05-30 15:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-11 02:10 - 2015-05-30 15:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 02:10 - 2015-05-30 15:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-10 14:17 - 2015-08-10 14:17 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-10 11:56 - 2015-07-30 16:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-10 11:56 - 2015-07-30 16:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-10 11:56 - 2015-07-30 16:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-10 11:56 - 2015-07-30 16:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-10 11:56 - 2015-07-30 16:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-10 11:56 - 2015-07-30 16:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-10 11:56 - 2015-07-30 16:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-10 11:56 - 2015-07-30 16:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-10 11:56 - 2015-07-30 16:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-10 11:56 - 2015-07-30 16:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-10 11:56 - 2015-07-30 16:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-10 11:56 - 2015-07-30 16:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-10 11:56 - 2015-07-30 15:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-10 11:56 - 2015-07-30 14:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-10 11:56 - 2015-07-30 14:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-10 11:56 - 2015-07-30 14:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-10 11:56 - 2015-07-30 14:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-10 11:56 - 2015-07-30 14:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-10 11:56 - 2015-07-30 14:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-10 11:56 - 2015-07-30 14:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-10 11:56 - 2015-07-30 14:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-10 11:56 - 2015-07-30 14:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-10 11:56 - 2015-07-30 14:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-10 11:56 - 2015-07-30 14:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-10 11:56 - 2015-07-30 14:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-10 11:56 - 2015-07-30 14:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-10 11:56 - 2015-07-30 14:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-10 11:56 - 2015-07-30 14:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-10 11:56 - 2015-07-30 13:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-10 11:56 - 2015-07-30 13:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-10 11:56 - 2015-07-30 13:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-10 11:56 - 2015-07-30 13:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-10 11:56 - 2015-07-30 13:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-10 11:56 - 2015-07-30 13:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-10 11:56 - 2015-07-30 13:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-10 11:56 - 2015-07-30 13:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-10 11:56 - 2015-07-30 13:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-10 11:56 - 2015-07-30 13:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-10 11:56 - 2015-07-30 13:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-10 11:56 - 2015-07-30 13:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-10 11:56 - 2015-07-30 13:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-10 11:56 - 2015-07-30 13:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-10 11:56 - 2015-07-30 13:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-10 11:56 - 2015-07-30 13:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-10 11:56 - 2015-07-30 13:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-10 11:56 - 2015-07-30 13:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-10 11:56 - 2015-07-30 13:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-10 11:56 - 2015-07-30 13:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-10 11:56 - 2015-07-30 13:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-10 11:56 - 2015-07-30 13:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-10 11:56 - 2015-07-30 13:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-10 11:56 - 2015-07-30 13:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-10 11:56 - 2015-07-30 13:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-10 11:56 - 2015-07-30 13:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-10 11:56 - 2015-07-30 13:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-10 11:56 - 2015-07-30 13:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-10 11:56 - 2015-07-30 13:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-10 11:56 - 2015-07-30 12:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-10 11:56 - 2015-07-30 12:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-10 09:21 - 2015-08-10 09:21 - 00001047 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-08-10 09:19 - 2015-08-20 16:31 - 00002370 _____ C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-10 09:12 - 2015-08-11 21:38 - 00000000 ____D C:\Users\Simon\AppData\Local\MicrosoftEdge
2015-08-10 09:09 - 2015-08-10 09:09 - 00000000 ____D C:\Users\Simon\AppData\Local\Publishers
2015-08-10 09:07 - 2015-08-11 22:05 - 00000000 ____D C:\Users\Simon\AppData\Local\Comms
2015-08-10 09:06 - 2015-08-10 09:06 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-10 09:06 - 2015-08-10 09:06 - 00000020 ___SH C:\Users\Simon\ntuser.ini
2015-08-10 09:06 - 2015-08-10 09:06 - 00000000 ____D C:\Users\Simon\AppData\Local\TileDataLayer
2015-08-10 08:46 - 2015-07-10 20:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-10 08:40 - 2015-08-10 08:40 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-10 08:40 - 2015-08-10 08:40 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-08-10 08:40 - 2015-08-10 08:40 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-10 08:40 - 2015-08-10 08:40 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-08-10 08:40 - 2015-08-10 08:40 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-10 08:32 - 2015-08-10 08:32 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-10 08:30 - 2015-08-31 22:38 - 00000000 ____D C:\Users\Simon
2015-08-10 08:30 - 2015-08-10 09:06 - 00000000 ___RD C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-10 08:30 - 2015-08-10 08:32 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-10 08:30 - 2015-08-10 08:32 - 00000000 ___RD C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-10 08:30 - 2015-07-10 21:04 - 00000000 __RSD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-10 08:30 - 2015-07-10 21:04 - 00000000 __RSD C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-10 08:30 - 2015-07-10 21:04 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-10 08:30 - 2015-07-10 21:04 - 00000000 ___RD C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-10 08:30 - 2015-07-10 21:04 - 00000000 ___RD C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-10 08:30 - 2015-07-10 21:04 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-10 08:30 - 2015-07-10 21:04 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-10 08:29 - 2015-08-31 21:44 - 00969890 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-10 08:29 - 2015-08-10 08:49 - 00968074 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-08-10 08:29 - 2015-08-10 08:32 - 00011587 _____ C:\WINDOWS\iis.log
2015-08-10 08:27 - 2015-08-10 08:33 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-10 08:27 - 2015-08-10 08:27 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-10 08:27 - 2015-08-10 08:27 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-08-10 08:27 - 2015-08-10 08:27 - 00000000 ____D C:\WINDOWS\system32\NV
2015-08-10 08:27 - 2015-08-10 08:27 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-08-10 08:27 - 2015-07-23 11:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-08-10 08:27 - 2015-07-23 11:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-08-10 08:27 - 2015-07-23 11:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-08-10 08:27 - 2015-07-23 11:10 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-08-10 08:27 - 2015-07-23 11:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-08-10 08:27 - 2015-07-23 11:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-08-10 08:27 - 2015-07-23 11:10 - 00074896 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-08-10 08:27 - 2015-07-23 11:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-08-10 08:27 - 2015-07-22 14:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-08-10 08:26 - 2015-08-10 08:42 - 00000000 ____D C:\Program Files\IDT
2015-08-10 08:26 - 2015-08-10 08:33 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-08-10 08:26 - 2015-08-10 08:33 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-08-10 08:26 - 2015-08-10 08:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-10 08:26 - 2015-08-10 08:26 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-08-10 08:26 - 2015-08-10 08:26 - 00000000 ____D C:\Program Files\Synaptics
2015-08-10 08:26 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-08-10 08:26 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-08-10 08:26 - 2012-08-20 15:45 - 06085632 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2015-08-10 08:26 - 2012-08-20 15:45 - 01821184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2015-08-10 08:26 - 2012-08-20 15:45 - 01664000 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2015-08-10 08:26 - 2011-05-03 08:27 - 03308376 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEP64A.dll
2015-08-10 08:26 - 2011-05-03 08:27 - 00426328 _____ (Dolby Laboratories) C:\WINDOWS\system32\EED64A.dll
2015-08-10 08:26 - 2011-05-03 08:27 - 00136024 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEL64A.dll
2015-08-10 08:26 - 2011-05-03 08:27 - 00118104 _____ (Dolby Laboratories) C:\WINDOWS\system32\EEA64A.dll
2015-08-10 08:25 - 2015-08-10 08:33 - 00000000 ____D C:\Program Files\Intel
2015-08-10 08:25 - 2015-08-10 08:25 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-08-10 08:23 - 2015-08-31 22:38 - 00027894 _____ C:\WINDOWS\PFRO.log
2015-08-10 08:23 - 2015-08-10 08:24 - 00040099 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-08 22:01 - 2015-08-10 08:32 - 00000000 ___RD C:\Users\Simon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-31 22:42 - 2015-01-11 08:54 - 00000000 ____D C:\Users\Simon\AppData\Roaming\Spotify
2015-08-31 22:41 - 2015-01-11 08:54 - 00000000 ____D C:\Users\Simon\AppData\Local\Spotify
2015-08-31 22:41 - 2014-01-05 20:12 - 00000000 ___DO C:\Users\Simon\SkyDrive
2015-08-31 22:40 - 2014-01-10 20:29 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 22:39 - 2015-07-10 22:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-31 22:39 - 2015-07-10 22:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-31 22:39 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-31 22:38 - 2015-07-10 19:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-31 22:37 - 2014-01-10 20:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 22:31 - 2015-07-03 21:45 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-31 21:51 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-31 21:50 - 2013-12-19 09:34 - 00000000 ____D C:\Users\Simon\AppData\Local\Packages
2015-08-31 21:38 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-31 21:38 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-31 17:57 - 2014-01-05 20:09 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5C9DE2F0-45AB-4791-BBB5-5CA1A0BDD954}
2015-08-31 11:27 - 2015-07-10 22:20 - 00023146 _____ C:\WINDOWS\setupact.log
2015-08-30 04:32 - 2014-01-10 20:29 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 04:32 - 2014-01-10 20:29 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-29 00:17 - 2015-07-10 20:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-28 21:43 - 2015-07-10 21:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-28 16:55 - 2013-12-20 11:38 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-08-27 00:20 - 2013-12-19 09:34 - 00000000 ____D C:\Users\Simon\AppData\Local\VirtualStore
2015-08-26 23:33 - 2015-07-10 19:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-26 23:29 - 2015-07-10 21:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-26 23:27 - 2013-02-02 10:37 - 00000000 ____D C:\ProgramData\Norton
2015-08-26 18:18 - 2015-07-27 21:18 - 00000000 ____D C:\Users\Simon\Documents\Uni 2015 - Semester 2
2015-08-25 22:16 - 2015-02-25 17:31 - 00000000 ____D C:\Users\Simon\AppData\Local\PokerStars
2015-08-25 22:11 - 2015-02-25 17:29 - 00000000 ____D C:\Program Files (x86)\PokerStars
2015-08-24 22:24 - 2015-02-13 00:24 - 00003238 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSimon
2015-08-24 22:24 - 2014-07-14 19:00 - 00000346 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSimon.job
2015-08-23 12:07 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-23 11:42 - 2014-12-18 13:12 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-23 11:41 - 2014-12-18 13:18 - 00005228 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for JBHIFI-Simon JBHiFi
2015-08-22 04:17 - 2015-04-12 19:31 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-22 02:42 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-22 02:16 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 17:16 - 2014-01-10 20:30 - 00002115 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-08-20 17:16 - 2014-01-10 20:30 - 00002113 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-08-20 17:16 - 2014-01-10 20:30 - 00002103 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-08-20 17:16 - 2014-01-10 20:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-17 17:17 - 2015-07-27 21:19 - 00000000 ____D C:\Users\Simon\AppData\Local\Lenovo
2015-08-16 03:46 - 2015-07-10 22:20 - 00357552 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-16 03:43 - 2015-07-10 21:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-16 03:43 - 2015-07-10 21:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-14 17:26 - 2013-12-19 13:29 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 17:17 - 2013-12-19 13:29 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-13 23:31 - 2015-07-03 21:45 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-12 03:30 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-11 21:39 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-11 02:22 - 2015-07-10 21:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-11 02:17 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-11 02:17 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-11 02:17 - 2015-07-10 19:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-11 02:17 - 2015-07-10 19:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-11 02:11 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-08-11 02:11 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-08-11 02:10 - 2015-07-10 21:01 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-08-11 02:10 - 2015-07-10 21:01 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-08-11 02:10 - 2015-07-10 21:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-08-11 02:10 - 2015-07-10 21:01 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-08-11 02:10 - 2015-07-10 21:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-08-11 02:10 - 2015-07-10 21:01 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-08-11 02:10 - 2015-07-10 21:00 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-08-11 02:10 - 2015-07-10 21:00 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-08-11 02:10 - 2015-07-10 21:00 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-08-11 02:10 - 2015-07-10 21:00 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-08-11 02:10 - 2015-07-10 21:00 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-08-11 02:10 - 2015-07-10 21:00 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-08-10 11:56 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-10 09:21 - 2015-07-10 23:12 - 00000000 ____D C:\WINDOWS\OCR
2015-08-10 09:19 - 2015-05-13 23:06 - 00000000 ___RD C:\Users\Simon\OneDrive
2015-08-10 09:08 - 2015-07-10 21:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-10 09:08 - 2015-07-10 21:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-10 09:08 - 2015-07-10 21:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-10 09:08 - 2015-07-10 21:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-10 09:02 - 2014-01-05 16:35 - 00041913 _____ C:\WINDOWS\diagwrn.xml
2015-08-10 09:02 - 2014-01-05 16:35 - 00041913 _____ C:\WINDOWS\diagerr.xml
2015-08-10 08:58 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-10 08:57 - 2014-01-05 15:52 - 00013219 _____ C:\WINDOWS\comsetup.log
2015-08-10 08:56 - 2014-01-05 16:49 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-10 08:56 - 2013-12-19 11:48 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1230303569-731849898-1422414841-1005
2015-08-10 08:56 - 2013-06-06 05:38 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1230303569-731849898-1422414841-1002
2015-08-10 08:56 - 2013-02-02 10:26 - 00003258 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-08-10 08:56 - 2013-02-02 10:01 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-08-10 08:52 - 2015-07-10 21:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-10 08:42 - 2015-05-22 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-10 08:42 - 2015-04-12 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-10 08:42 - 2015-02-25 17:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars
2015-08-10 08:42 - 2014-12-18 13:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-10 08:42 - 2013-12-19 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IBM SPSS Statistics
2015-08-10 08:42 - 2013-02-02 10:26 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-08-10 08:42 - 2013-02-02 10:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-08-10 08:42 - 2013-02-02 10:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-10 08:42 - 2013-02-02 10:09 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2015-08-10 08:42 - 2013-02-02 09:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-08-10 08:42 - 2013-02-02 09:46 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-08-10 08:42 - 2013-02-02 09:42 - 00000000 ____D C:\WINDOWS\en
2015-08-10 08:40 - 2015-07-10 21:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-10 08:40 - 2013-08-22 23:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-10 08:36 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-10 08:36 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-10 08:36 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-10 08:36 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-10 08:36 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-10 08:36 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-10 08:36 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-10 08:36 - 2013-02-02 10:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-10 08:36 - 2013-02-02 09:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-10 08:34 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-10 08:34 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-10 08:34 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-10 08:33 - 2015-05-21 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EndNote
2015-08-10 08:33 - 2013-08-23 01:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-10 08:33 - 2013-06-06 05:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-08-10 08:33 - 2013-02-02 09:37 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-08-10 08:33 - 2013-02-02 09:32 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2015-08-10 08:33 - 2012-08-04 08:29 - 00000000 ____D C:\ProgramData\PRICache
2015-08-10 08:32 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-10 08:32 - 2013-08-23 01:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-08-10 08:29 - 2015-07-10 19:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-10 08:27 - 2015-07-10 21:04 - 00000000 ____D C:\WINDOWS\Help
2015-08-10 08:23 - 2015-07-10 19:05 - 00000000 __RHD C:\Users\Default
2015-08-10 08:03 - 2014-01-05 16:30 - 01767256 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-10 07:58 - 2015-07-10 23:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-09 01:38 - 2015-07-10 21:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-09 01:38 - 2015-07-10 21:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2013-12-19 12:13 - 2013-12-19 12:13 - 0000036 _____ () C:\Users\Simon\AppData\Local\housecall.guid.cache
2013-06-06 05:34 - 2013-06-06 05:34 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Some files in TEMP:
====================
C:\Users\Simon\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-26 17:49
 
==================== End of FRST.txt ============================Attached File  Addition.txt   45.82KB   1 downloadsAttached File  Addition.txt   45.82KB   1 downloads


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 31 August 2015 - 01:17 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe --silent
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Simon\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]
S2 hola_updater; "C:\Program Files\Hola\app\hola_updater.exe" --service --run-as hola_updater [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {0D51F7A4-424E-484E-88B5-7BC50F0292E6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1851246D-2BB2-41CC-A7C7-8F5F4EDE4F1F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C04D349-3123-4D54-97A7-693DC127CB87} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CDBADDD-5BB2-4382-85F6-78031CAF1431} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9B198A74-721C-432F-BBA3-17A0F323D822} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AE928E9E-8695-45F5-90F3-575496E724B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B9841149-072A-4155-9DB9-FD525EF64EFD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CDC62751-EB6B-4D5C-8BA4-708809B32ACE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CFF0AF59-5D0B-4D8D-BC44-63C092CD156C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DDF02219-32AA-4B3E-95FD-8043CBC11DFF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F2A83D1C-EC6B-4B4E-A222-A48CE6D111F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
C:\Program Files\Hola

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Clear your cache and cookies
https://support.google.com/chromebook/answer/183083?hl=en
Select "From the beginning of time"

Restart Chrome.
===

How is the computer running now?

#8 simona91

simona91
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 31 August 2015 - 08:25 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Simon (2015-09-01 11:10:49) Run:1
Running from C:\Users\Simon\Downloads
Loaded Profiles: Simon &  (Available Profiles: UpdatusUser & Simon)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
 
HKLM\...\Run: [hola] => C:\Program Files\Hola\app\hola.exe --silent
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Simon\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll No File
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]
S2 hola_updater; "C:\Program Files\Hola\app\hola_updater.exe" --service --run-as hola_updater [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
Task: {0D51F7A4-424E-484E-88B5-7BC50F0292E6} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1851246D-2BB2-41CC-A7C7-8F5F4EDE4F1F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2C04D349-3123-4D54-97A7-693DC127CB87} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3CDBADDD-5BB2-4382-85F6-78031CAF1431} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {9B198A74-721C-432F-BBA3-17A0F323D822} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {AE928E9E-8695-45F5-90F3-575496E724B5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {B9841149-072A-4155-9DB9-FD525EF64EFD} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CDC62751-EB6B-4D5C-8BA4-708809B32ACE} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {CFF0AF59-5D0B-4D8D-BC44-63C092CD156C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DDF02219-32AA-4B3E-95FD-8043CBC11DFF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F2A83D1C-EC6B-4B4E-A222-A48CE6D111F7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
C:\Program Files\Hola
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\hola => value removed successfully
"HKU\.DEFAULT\Software\MozillaPlugins\@hola.org/vlc" => key removed successfully
C:\Users\Simon\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll => not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bmiabdepfhhiieiipmeecdmeljggmfee" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
hola_svc => service removed successfully
hola_updater => service removed successfully
wfpcapture => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D51F7A4-424E-484E-88B5-7BC50F0292E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D51F7A4-424E-484E-88B5-7BC50F0292E6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1851246D-2BB2-41CC-A7C7-8F5F4EDE4F1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1851246D-2BB2-41CC-A7C7-8F5F4EDE4F1F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C04D349-3123-4D54-97A7-693DC127CB87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C04D349-3123-4D54-97A7-693DC127CB87}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3CDBADDD-5BB2-4382-85F6-78031CAF1431}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3CDBADDD-5BB2-4382-85F6-78031CAF1431}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9B198A74-721C-432F-BBA3-17A0F323D822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B198A74-721C-432F-BBA3-17A0F323D822}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AE928E9E-8695-45F5-90F3-575496E724B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE928E9E-8695-45F5-90F3-575496E724B5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9841149-072A-4155-9DB9-FD525EF64EFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9841149-072A-4155-9DB9-FD525EF64EFD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CDC62751-EB6B-4D5C-8BA4-708809B32ACE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CDC62751-EB6B-4D5C-8BA4-708809B32ACE}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CFF0AF59-5D0B-4D8D-BC44-63C092CD156C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFF0AF59-5D0B-4D8D-BC44-63C092CD156C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DDF02219-32AA-4B3E-95FD-8043CBC11DFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DDF02219-32AA-4B3E-95FD-8043CBC11DFF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F2A83D1C-EC6B-4B4E-A222-A48CE6D111F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2A83D1C-EC6B-4B4E-A222-A48CE6D111F7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"C:\Program Files\Hola" => File/Folder not found.
EmptyTemp: => 3.9 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 11:14:54 ====


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 01 September 2015 - 07:12 AM

How is the computer running now?

#10 simona91

simona91
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  

Posted 01 September 2015 - 07:43 AM

So far it is running fine with no issues - hopefully this lasts because it has laid dormant before and then popped up again after a couple of days.

 

Thank you for all your help!

 

Would you recommend that I stay away from Hola VPN? The clean up uninstalled it. 



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 01 September 2015 - 07:58 AM

You can make you own research about Hola.
If you install a free version you may experience this.

http://www.pcworld.com/article/2928340/ultra-popular-hola-vpn-extension-sold-your-bandwidth-for-use-in-a-botnet-attack.html

Possibly some Adds etc...

Your call.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:39 PM

Posted 07 September 2015 - 07:37 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users