Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer still seems to be infected even after Windows reinstall


  • This topic is locked This topic is locked
15 replies to this topic

#1 MIfuneKinski

MIfuneKinski

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 08 January 2016 - 02:09 PM

Hello, first thanks for any and all help! Computer still seems to be slowly losing war to virus.  I've even out of desperation downloaded a windows installer from another computer, done a clean install of windows and the problem persists after a day or so.  Norton powereaser found some bad drivers (ipnat.sys and ipfltdrv.sys) but said it was unable to fix them.  NPE's recommendation is to do a system reset which I have tried but run into errors. System restore also seems unable to work.  Here are my FRST txt files
FRST

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by Chris (administrator) on DESKTOP-3FM9N2D (08-01-2016 13:59:50)
Running from C:\Users\Chris\Downloads
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Flux Software LLC) C:\Users\Chris\AppData\Local\FluxSoftware\Flux\flux.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
() C:\Program Files (x86)\Ultimate Gaming Mouse\Monitor.exe
() C:\Program Files (x86)\Ultimate Gaming Mouse\OSD.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\conathst.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [Ultimate Gaming Mouse] => C:\Program Files (x86)\Ultimate Gaming Mouse\Monitor.exe [499712 2013-10-23] ()
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\Run: [f.lux] => C:\Users\Chris\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\Run: [uTorrent] => C:\Users\Chris\AppData\Roaming\uTorrent\uTorrent.exe [2026520 2016-01-07] (BitTorrent Inc.)
HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\MountPoints2: {e4e37a0b-b588-11e5-86bd-d050994d9345} - "E:\VZW_Software_upgrade_assistant.exe" 
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62
Tcpip\..\Interfaces\{82775215-f660-4024-b0d8-925d4fe95a31}: [DhcpNameServer] 209.18.47.61 209.18.47.62
 
Internet Explorer:
==================
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2015-12-01] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
 
FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2016-01-07] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-01-07]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.msn.com/?pc=UP21&ocid=UP21DHP&dt=031513
CHR StartupUrls: Default -> "hxxp://gmail.com/","hxxp://www.nytimes.com/","hxxp://slickdeals.net/","hxxp://classpass.com/","hxxp://nypl.com/","hxxps://www.google.com/calendar/render#main_7","hxxps://www.mint.com/","hxxp://rewardsurvey.com/","hxxps://duckduckgo.com/"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-01-07]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-01-07]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-01-07]
CHR Extension: (Norton Security Toolbar) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-01-07]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-01-07]
CHR Extension: (Email Game) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehbobaphhmjpchjknfpcnlhcbkjbclge [2016-01-07]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-01-07]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-01-07]
CHR Extension: (AdBlock) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-01-08]
CHR Extension: (The Email Game Button for Gmail™) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gphpmmbijedbdbdnmfffbncfagjapakc [2016-01-07]
CHR Extension: (Norton Identity Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-01-07]
CHR Extension: (ReChat for Twitch™) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipplilmaapjjklilmmaccfemdmhkoacd [2016-01-07]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2016-01-07]
CHR Extension: (StayFocusd) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2016-01-07]
CHR Extension: (Chrono Download Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mciiogijehkdemklbdcbfkefimifhecn [2016-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-01-07]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-01-07]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-07]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts\Chrome.crx [2016-01-07]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160104.001\BHDrvx64.sys [1665608 2016-01-04] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2015-11-12] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160107.001\IDSvia64.sys [767224 2016-01-06] (Symantec Corporation)
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [85504 2015-10-30] (Microsoft Corporation) [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [143360 2015-10-30] (Microsoft Corporation) [File not signed]
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-07-10] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160108.004\ENG64.SYS [138488 2015-10-16] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160108.004\EX64.SYS [2148080 2015-10-16] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-08 13:59 - 2016-01-08 13:59 - 00016049 _____ C:\Users\Chris\Downloads\FRST.txt
2016-01-08 13:59 - 2016-01-08 13:59 - 00000000 ____D C:\FRST
2016-01-08 13:58 - 2016-01-08 13:59 - 02370560 _____ (Farbar) C:\Users\Chris\Downloads\frst64.exe
2016-01-08 13:52 - 2016-01-08 13:55 - 00011344 _____ C:\Windows\ntbtlog.txt
2016-01-08 05:41 - 2016-01-08 05:41 - 142991452 _____ C:\Users\Chris\Downloads\18 TYPES OF ASIAN GIRLS.mp4
2016-01-08 04:53 - 2016-01-08 04:53 - 00000000 ____D C:\Users\Chris\Downloads\snute2
2016-01-08 01:57 - 2016-01-08 02:00 - 940541418 _____ C:\Users\Chris\Downloads\Dota 2 The International 2015 Grand Final CDEC vs EG.mp4
2016-01-07 23:15 - 2016-01-07 23:20 - 948566092 _____ C:\Users\Chris\Downloads\[GSL 2016 Pre-Season] Legacy of the Void Week 2 Day 1 in AfreecaTV (ENG) #3-4.mp4
2016-01-07 23:15 - 2016-01-07 23:18 - 984892966 _____ C:\Users\Chris\Downloads\[GSL 2016 Pre-Season] Legacy of the Void Week 2 Day 2 in AfreecaTV (ENG) #3-4.mp4
2016-01-07 22:41 - 2016-01-08 13:17 - 00000000 ____D C:\Users\Chris\AppData\Local\CrashDumps
2016-01-07 22:15 - 2016-01-07 22:15 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-01-07 22:06 - 2016-01-07 22:06 - 00000000 ____D C:\Users\Chris\Downloads\snute
2016-01-07 21:37 - 2016-01-08 07:30 - 00000000 ____D C:\Users\Chris\AppData\Roaming\vlc
2016-01-07 21:21 - 2016-01-08 07:03 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\uTorrent
2016-01-07 21:19 - 2016-01-08 03:29 - 00000000 ____D C:\Users\Chris\AppData\Roaming\MusicBee
2016-01-07 21:19 - 2016-01-07 21:20 - 197237901 _____ C:\Users\Chris\Downloads\The Riff Raff Weight Gain Diet- FUEL.mp4
2016-01-07 18:07 - 2016-01-07 15:08 - 00000000 ____D C:\Users\Chris\AppData\Local\MicrosoftEdge
2016-01-07 18:06 - 2016-01-08 13:58 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-07 18:05 - 2016-01-07 15:16 - 00002363 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-07 18:05 - 2016-01-07 15:16 - 00000000 ___RD C:\Users\Chris\OneDrive
2016-01-07 18:04 - 2016-01-07 18:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-01-07 18:03 - 2016-01-07 18:03 - 00000020 ___SH C:\Users\Chris\ntuser.ini
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 _SHDL C:\Users\Chris\My Documents
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 _SHDL C:\Users\Chris\Documents\My Videos
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 _SHDL C:\Users\Chris\Documents\My Pictures
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 _SHDL C:\Users\Chris\Documents\My Music
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 ____D C:\Windows\CSC
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Adobe
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 ____D C:\Users\Chris\AppData\Local\TileDataLayer
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 ____D C:\Users\Chris\AppData\Local\Publishers
2016-01-07 18:03 - 2016-01-07 18:03 - 00000000 ____D C:\Users\Chris\AppData\Local\ActiveSync
2016-01-07 18:03 - 2016-01-07 16:51 - 00000000 ____D C:\Users\Chris
2016-01-07 18:03 - 2016-01-07 16:50 - 00000000 ____D C:\Users\Chris\AppData\Local\VirtualStore
2016-01-07 18:03 - 2016-01-07 15:29 - 00000000 ____D C:\Users\Chris\AppData\Local\Packages
2016-01-07 18:03 - 2016-01-07 15:16 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-07 18:03 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2016-01-07 18:02 - 2016-01-07 18:02 - 00000000 ____D C:\ProgramData\USOShared
2016-01-07 18:01 - 2016-01-08 13:52 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Public\Documents\My Videos
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Public\Documents\My Pictures
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Public\Documents\My Music
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Default\My Documents
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 _SHDL C:\Documents and Settings
2016-01-07 18:01 - 2016-01-07 18:01 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-07 18:00 - 2016-01-07 18:01 - 00000000 ____D C:\Windows\Panther
2016-01-07 18:00 - 2016-01-07 15:16 - 00189240 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-07 17:07 - 2016-01-07 17:07 - 00000000 ____D C:\Users\Chris\AppData\Local\PeerDistRepub
2016-01-07 16:53 - 2016-01-07 15:15 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20160107-165327.backup
2016-01-07 15:36 - 2016-01-08 13:52 - 00000000 ____D C:\NPE
2016-01-07 15:30 - 2016-01-08 13:55 - 00000000 ____D C:\Users\Chris\AppData\Local\NPE
2016-01-07 15:29 - 2016-01-07 15:29 - 00001160 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-01-07 15:29 - 2016-01-07 15:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
2016-01-07 15:25 - 2016-01-07 15:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\Chris\Downloads\HijackThis.exe
2016-01-07 15:22 - 2016-01-07 19:47 - 00000000 ____D C:\Program Files (x86)\StarCraft II
2016-01-07 15:22 - 2016-01-07 15:59 - 00000000 ____D C:\Users\Chris\Documents\StarCraft II
2016-01-07 15:21 - 2016-01-08 13:56 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-01-07 15:21 - 2016-01-08 13:55 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-01-07 15:21 - 2016-01-08 13:42 - 00000000 ____D C:\Users\Chris\AppData\Local\Battle.net
2016-01-07 15:21 - 2016-01-07 15:59 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2016-01-07 15:21 - 2016-01-07 15:37 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Battle.net
2016-01-07 15:21 - 2016-01-07 15:21 - 00001213 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-01-07 15:21 - 2016-01-07 15:21 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-07 15:21 - 2016-01-07 15:21 - 00000000 ____D C:\Users\Chris\AppData\Local\Blizzard Entertainment
2016-01-07 15:21 - 2016-01-07 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-07 15:21 - 2016-01-07 15:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2016-01-07 15:21 - 2016-01-07 15:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-07 15:21 - 2016-01-07 15:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-07 15:21 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-01-07 15:21 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-01-07 15:21 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-01-07 15:19 - 2016-01-07 15:37 - 00000000 ____D C:\ProgramData\Battle.net
2016-01-07 15:19 - 2016-01-07 15:20 - 22908888 _____ (Malwarebytes ) C:\Users\Chris\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-07 15:19 - 2016-01-07 15:19 - 02950200 _____ (Blizzard Entertainment) C:\Users\Chris\Downloads\Battle.net-Setup.exe
2016-01-07 15:18 - 2016-01-07 15:18 - 00000000 ____D C:\Users\Chris\AppData\Local\Comms
2016-01-07 15:16 - 2016-01-07 20:16 - 00000000 ____D C:\Users\Chris\AppData\Local\Google
2016-01-07 15:16 - 2016-01-07 15:28 - 00000000 ____D C:\Program Files (x86)\Ultimate Gaming Mouse
2016-01-07 15:16 - 2016-01-07 15:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-07 15:16 - 2016-01-07 15:16 - 00000000 ____D C:\Users\Chris\Downloads\aLLreli_M8111
2016-01-07 15:16 - 2016-01-07 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ultimate Gaming Mouse
2016-01-07 15:15 - 2015-10-30 02:21 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20160107-151507.backup
2016-01-07 15:14 - 2016-01-08 01:20 - 00000000 ____D C:\Program Files (x86)\MusicBee
2016-01-07 15:14 - 2016-01-07 15:14 - 00002523 _____ C:\Users\Public\Desktop\Evernote.lnk
2016-01-07 15:14 - 2016-01-07 15:14 - 00000916 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-01-07 15:14 - 2016-01-07 15:14 - 00000838 _____ C:\Users\Public\Desktop\MusicBee.lnk
2016-01-07 15:14 - 2016-01-07 15:14 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Evernote
2016-01-07 15:14 - 2016-01-07 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-01-07 15:14 - 2016-01-07 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MusicBee
2016-01-07 15:14 - 2016-01-07 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
2016-01-07 15:14 - 2016-01-07 15:14 - 00000000 ____D C:\Program Files\VideoLAN
2016-01-07 15:14 - 2016-01-07 15:14 - 00000000 ____D C:\Program Files (x86)\Evernote
2016-01-07 15:13 - 2016-01-08 13:59 - 00000000 ____D C:\Windows\System32\Tasks\Norton Internet Security
2016-01-07 15:13 - 2016-01-08 13:52 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-07 15:13 - 2016-01-08 13:24 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-07 15:13 - 2016-01-08 07:04 - 00000000 ____D C:\Users\Chris\AppData\Roaming\uTorrent
2016-01-07 15:13 - 2016-01-07 15:19 - 00003996 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-01-07 15:13 - 2016-01-07 15:19 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-01-07 15:13 - 2016-01-07 15:13 - 00307200 _____ (Secure By Design Inc.) C:\Users\Chris\Downloads\Ninite 7Zip Chrome Evernote MusicBee Revo VLC flux Installer.exe
2016-01-07 15:13 - 2016-01-07 15:13 - 00003404 _____ C:\Windows\System32\Tasks\Norton WSC Integration
2016-01-07 15:13 - 2016-01-07 15:13 - 00002278 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-01-07 15:13 - 2016-01-07 15:13 - 00002162 _____ C:\Users\Chris\Desktop\Flux.lnk
2016-01-07 15:13 - 2016-01-07 15:13 - 00001337 _____ C:\Users\Chris\Desktop\Revo Uninstaller.lnk
2016-01-07 15:13 - 2016-01-07 15:13 - 00000896 _____ C:\Users\Chris\Desktop\µTorrent.lnk
2016-01-07 15:13 - 2016-01-07 15:13 - 00000876 _____ C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\Users\Chris\AppData\Local\FluxSoftware
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\Program Files\7-Zip
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-01-07 15:13 - 2016-01-07 15:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-01-07 15:12 - 2016-01-07 15:12 - 00000000 ____D C:\Windows\system32\MRT
2016-01-07 15:12 - 2016-01-07 15:12 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-07 15:12 - 2015-11-23 19:10 - 140158008 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-07 15:11 - 2016-01-08 13:52 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-01-07 15:11 - 2016-01-08 13:52 - 00000000 __SHD C:\Users\Chris\IntelGraphicsProfiles
2016-01-07 15:11 - 2016-01-07 15:13 - 00002496 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2016-01-07 15:11 - 2016-01-07 15:13 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-01-07 15:11 - 2016-01-07 15:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-01-07 15:11 - 2016-01-07 15:13 - 00000000 ____D C:\Windows\system32\Drivers\NISx64
2016-01-07 15:11 - 2016-01-07 15:12 - 06650047 _____ C:\Users\Chris\Downloads\aLLreli_M8111.rar
2016-01-07 15:11 - 2016-01-07 15:11 - 00111344 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2016-01-07 15:11 - 2016-01-07 15:11 - 00008214 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2016-01-07 15:11 - 2016-01-07 15:11 - 00000000 ____D C:\Program Files\Intel
2016-01-07 15:11 - 2016-01-07 15:11 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-01-07 15:11 - 2016-01-07 15:11 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-01-07 15:11 - 2016-01-07 15:11 - 00000000 ____D C:\Program Files (x86)\Intel
2016-01-07 15:11 - 2016-01-07 15:11 - 00000000 ____D C:\Intel
2016-01-07 15:11 - 2015-12-19 01:08 - 00099848 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2016-01-07 15:11 - 2015-12-06 23:57 - 00973664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-01-07 15:11 - 2015-12-06 23:55 - 01281376 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-01-07 15:11 - 2015-12-06 23:49 - 00412512 _____ (Microsoft Corporation) C:\Windows\system32\wifitask.exe
2016-01-07 15:11 - 2015-12-06 23:48 - 02544256 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 01299504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 01155944 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 01118208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 01092456 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 01065080 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 01020096 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00983464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00884256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00823264 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00794888 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00670928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00526856 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00502112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00462760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00450904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00337840 _____ (Microsoft Corporation) C:\Windows\system32\MFPlay.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00289248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFPlay.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00245848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00115040 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupApi.dll
2016-01-07 15:11 - 2015-12-06 23:48 - 00084832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupApi.dll
2016-01-07 15:11 - 2015-12-06 23:47 - 00925064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-07 15:11 - 2015-12-06 23:47 - 00898184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:47 - 00716928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-01-07 15:11 - 2015-12-06 23:47 - 00116720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-07 15:11 - 2015-12-06 23:46 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-07 15:11 - 2015-12-06 23:46 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-07 15:11 - 2015-12-06 23:45 - 00264544 _____ (Microsoft Corporation) C:\Windows\system32\ContentDeliveryManager.Utilities.dll
2016-01-07 15:11 - 2015-12-06 23:15 - 01035776 _____ (Microsoft Corporation) C:\Windows\system32\XboxNetApiSvc.dll
2016-01-07 15:11 - 2015-12-06 23:15 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-01-07 15:11 - 2015-12-06 23:10 - 00824320 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebFilter.dll
2016-01-07 15:11 - 2015-12-06 23:09 - 00133120 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2016-01-07 15:11 - 2015-12-06 23:09 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\policymanagerprecheck.dll
2016-01-07 15:11 - 2015-12-06 23:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\StorageUsage.dll
2016-01-07 15:11 - 2015-12-06 23:07 - 16984064 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-01-07 15:11 - 2015-12-06 23:07 - 00134656 _____ (Microsoft Corporation) C:\Windows\system32\wificonnapi.dll
2016-01-07 15:11 - 2015-12-06 23:07 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\ProvPluginEng.dll
2016-01-07 15:11 - 2015-12-06 23:06 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WpcWebFilter.dll
2016-01-07 15:11 - 2015-12-06 23:06 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2016-01-07 15:11 - 2015-12-06 23:06 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-01-07 15:11 - 2015-12-06 23:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-01-07 15:11 - 2015-12-06 23:05 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\BackgroundTransferHost.exe
2016-01-07 15:11 - 2015-12-06 23:04 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\moshost.dll
2016-01-07 15:11 - 2015-12-06 23:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\provtool.exe
2016-01-07 15:11 - 2015-12-06 23:03 - 13017600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-01-07 15:11 - 2015-12-06 23:02 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\moshostcore.dll
2016-01-07 15:11 - 2015-12-06 23:02 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-01-07 15:11 - 2015-12-06 23:01 - 00543232 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-01-07 15:11 - 2015-12-06 23:01 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BackgroundTransferHost.exe
2016-01-07 15:11 - 2015-12-06 23:00 - 00618496 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-01-07 15:11 - 2015-12-06 23:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2016-01-07 15:11 - 2015-12-06 23:00 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-01-07 15:11 - 2015-12-06 23:00 - 00203776 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-01-07 15:11 - 2015-12-06 22:59 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-01-07 15:11 - 2015-12-06 22:59 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-01-07 15:11 - 2015-12-06 22:59 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\provhandlers.dll
2016-01-07 15:11 - 2015-12-06 22:59 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\provdatastore.dll
2016-01-07 15:11 - 2015-12-06 22:58 - 24601600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-07 15:11 - 2015-12-06 22:58 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-01-07 15:11 - 2015-12-06 22:57 - 00409088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StoreAgent.dll
2016-01-07 15:11 - 2015-12-06 22:57 - 00387072 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-07 15:11 - 2015-12-06 22:57 - 00270848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2016-01-07 15:11 - 2015-12-06 22:56 - 00607232 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-01-07 15:11 - 2015-12-06 22:56 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-01-07 15:11 - 2015-12-06 22:55 - 07979008 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-01-07 15:11 - 2015-12-06 22:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-01-07 15:11 - 2015-12-06 22:54 - 00850432 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-01-07 15:11 - 2015-12-06 22:54 - 00569856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-07 15:11 - 2015-12-06 22:53 - 19339264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-07 15:11 - 2015-12-06 22:53 - 00381952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-01-07 15:11 - 2015-12-06 22:51 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-01-07 15:11 - 2015-12-06 22:51 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-01-07 15:11 - 2015-12-06 22:50 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-01-07 15:11 - 2015-12-06 22:49 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-01-07 15:11 - 2015-12-06 22:48 - 06297088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-01-07 15:11 - 2015-12-06 22:47 - 03428864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-01-07 15:11 - 2015-12-06 22:45 - 02582016 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-01-07 15:11 - 2015-12-06 22:45 - 00900608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2016-01-07 15:11 - 2015-12-06 22:45 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-01-07 15:11 - 2015-12-06 22:44 - 02796032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-01-07 15:11 - 2015-12-06 22:43 - 02598400 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-01-07 15:11 - 2015-12-06 22:43 - 00931328 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-01-07 15:11 - 2015-12-06 22:41 - 02061824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-01-07 15:11 - 2015-12-06 22:40 - 03593216 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-01-07 15:11 - 2015-12-06 22:40 - 01995776 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-01-07 15:11 - 2015-12-06 22:40 - 01706496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-01-07 15:11 - 2015-12-06 22:39 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-01-07 15:11 - 2015-12-06 22:38 - 00871936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-01-07 15:11 - 2015-12-06 22:33 - 00375296 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-01-07 15:11 - 2015-12-06 22:32 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\dialserver.dll
2016-01-07 15:11 - 2015-12-01 02:12 - 02152800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-01-07 15:11 - 2015-11-24 07:07 - 01817160 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-07 15:11 - 2015-11-24 06:06 - 01540768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-07 15:11 - 2015-11-24 05:26 - 01399224 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-01-07 15:11 - 2015-11-24 05:01 - 02756096 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-07 15:11 - 2015-11-24 04:54 - 00007680 _____ (Microsoft Corporation) C:\Windows\system32\readingviewresources.dll
2016-01-07 15:11 - 2015-11-24 04:53 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-07 15:11 - 2015-11-24 04:45 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wshrm.dll
2016-01-07 15:11 - 2015-11-24 04:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-01-07 15:11 - 2015-11-24 04:26 - 01337240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-01-07 15:11 - 2015-11-24 04:19 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2016-01-07 15:11 - 2015-11-24 04:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-01-07 15:11 - 2015-11-24 03:58 - 00604672 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-07 15:11 - 2015-11-24 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-01-07 15:11 - 2015-11-24 03:54 - 02756096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-07 15:11 - 2015-11-24 03:52 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-01-07 15:11 - 2015-11-24 03:49 - 01648640 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-01-07 15:11 - 2015-11-24 03:14 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-01-07 15:11 - 2015-11-24 03:03 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-07 15:11 - 2015-11-24 02:59 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-01-07 15:11 - 2015-11-24 02:57 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-01-07 15:11 - 2015-11-24 02:35 - 22393856 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-01-07 15:11 - 2015-11-24 02:29 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-01-07 15:11 - 2015-11-24 02:23 - 13381120 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-07 15:11 - 2015-11-24 02:11 - 18678272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-01-07 15:11 - 2015-11-24 02:08 - 12125184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-07 15:11 - 2015-11-24 02:04 - 02155008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-01-07 15:11 - 2015-11-22 05:47 - 07476576 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-07 15:11 - 2015-11-22 05:47 - 02653816 _____ C:\Windows\system32\CoreUIComponents.dll
2016-01-07 15:11 - 2015-11-22 05:41 - 01859448 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-01-07 15:11 - 2015-11-22 05:41 - 00026408 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-01-07 15:11 - 2015-11-22 05:35 - 00538632 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-01-07 15:11 - 2015-11-22 05:34 - 00080600 _____ (Microsoft Corporation) C:\Windows\system32\wwapi.dll
2016-01-07 15:11 - 2015-11-22 05:33 - 00095072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2016-01-07 15:11 - 2015-11-22 05:33 - 00058408 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.dll
2016-01-07 15:11 - 2015-11-22 05:33 - 00051680 _____ (Microsoft Corporation) C:\Windows\system32\SensorsUtilsV2.dll
2016-01-07 15:11 - 2015-11-22 05:30 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-01-07 15:11 - 2015-11-22 05:30 - 00161632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-07 15:11 - 2015-11-22 05:26 - 00431232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2016-01-07 15:11 - 2015-11-22 05:25 - 00063528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wwapi.dll
2016-01-07 15:11 - 2015-11-22 05:24 - 02772584 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-01-07 15:11 - 2015-11-22 05:20 - 00795840 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-01-07 15:11 - 2015-11-22 05:19 - 00440160 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2016-01-07 15:11 - 2015-11-22 05:14 - 02185840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-01-07 15:11 - 2015-11-22 05:00 - 00089088 _____ (Microsoft Corporation) C:\Windows\system32\MapsCSP.dll
2016-01-07 15:11 - 2015-11-22 05:00 - 00058368 _____ (Microsoft Corporation) C:\Windows\system32\MosResource.dll
2016-01-07 15:11 - 2015-11-22 04:57 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MapControls.dll
2016-01-07 15:11 - 2015-11-22 04:57 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCoreRes.dll
2016-01-07 15:11 - 2015-11-22 04:57 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosTrace.dll
2016-01-07 15:11 - 2015-11-22 04:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-MosHost.dll
2016-01-07 15:11 - 2015-11-22 04:56 - 01268736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.Resources.dll
2016-01-07 15:11 - 2015-11-22 04:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MosHostClient.dll
2016-01-07 15:11 - 2015-11-22 04:56 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\ihvrilproxy.dll
2016-01-07 15:11 - 2015-11-22 04:56 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rilproxy.dll
2016-01-07 15:11 - 2015-11-22 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManagerProxy.dll
2016-01-07 15:11 - 2015-11-22 04:55 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvcProxy.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\ETWCoreUIComponentsResources.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\capimg.sys
2016-01-07 15:11 - 2015-11-22 04:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SensorsNativeApi.V2.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\wsplib.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\WordBreakers.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\nativemap.dll
2016-01-07 15:11 - 2015-11-22 04:54 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\MapControlStringsRes.dll
2016-01-07 15:11 - 2015-11-22 04:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-01-07 15:11 - 2015-11-22 04:52 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthTokenBrokerExt.dll
2016-01-07 15:11 - 2015-11-22 04:52 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-07 15:11 - 2015-11-22 04:52 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mapsupdatetask.dll
2016-01-07 15:11 - 2015-11-22 04:51 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-01-07 15:11 - 2015-11-22 04:51 - 00119808 _____ (Microsoft Corporation) C:\Windows\system32\MapsBtSvc.dll
2016-01-07 15:11 - 2015-11-22 04:51 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\MosStorage.dll
2016-01-07 15:11 - 2015-11-22 04:51 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\mapstoasttask.dll
2016-01-07 15:11 - 2015-11-22 04:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-07 15:11 - 2015-11-22 04:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\mssign32.dll
2016-01-07 15:11 - 2015-11-22 04:49 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-01-07 15:11 - 2015-11-22 04:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-07 15:11 - 2015-11-22 04:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\Wwanpref.dll
2016-01-07 15:11 - 2015-11-22 04:48 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosResource.dll
2016-01-07 15:11 - 2015-11-22 04:46 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 00264192 _____ (Nokia) C:\Windows\system32\NmaDirect.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 00220672 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-07 15:11 - 2015-11-22 04:45 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MapControls.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wwancfg.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCoreRes.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-01-07 15:11 - 2015-11-22 04:45 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Microsoft-Windows-MosHost.dll
2016-01-07 15:11 - 2015-11-22 04:44 - 01268736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-01-07 15:11 - 2015-11-22 04:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosHostClient.dll
2016-01-07 15:11 - 2015-11-22 04:43 - 00704000 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2016-01-07 15:11 - 2015-11-22 04:43 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-07 15:11 - 2015-11-22 04:43 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\SensorService.dll
2016-01-07 15:11 - 2015-11-22 04:43 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthManagerProxy.dll
2016-01-07 15:11 - 2015-11-22 04:42 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2016-01-07 15:11 - 2015-11-22 04:42 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-01-07 15:11 - 2015-11-22 04:42 - 00138240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ETWCoreUIComponentsResources.dll
2016-01-07 15:11 - 2015-11-22 04:42 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WordBreakers.dll
2016-01-07 15:11 - 2015-11-22 04:42 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlStringsRes.dll
2016-01-07 15:11 - 2015-11-22 04:41 - 01814528 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-01-07 15:11 - 2015-11-22 04:41 - 00948224 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-01-07 15:11 - 2015-11-22 04:40 - 01056256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-01-07 15:11 - 2015-11-22 04:40 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-01-07 15:11 - 2015-11-22 04:40 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-01-07 15:11 - 2015-11-22 04:40 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XblAuthTokenBrokerExt.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 02126848 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-07 15:11 - 2015-11-22 04:39 - 01713664 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\NMAA.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00938496 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00783360 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\offlinelsa.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapsBtSvc.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MosStorage.dll
2016-01-07 15:11 - 2015-11-22 04:39 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-07 15:11 - 2015-11-22 04:38 - 01223168 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-01-07 15:11 - 2015-11-22 04:38 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-01-07 15:11 - 2015-11-22 04:38 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-01-07 15:11 - 2015-11-22 04:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\cryptngc.dll
2016-01-07 15:11 - 2015-11-22 04:38 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssign32.dll
2016-01-07 15:11 - 2015-11-22 04:37 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-01-07 15:11 - 2015-11-22 04:37 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-01-07 15:11 - 2015-11-22 04:37 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\LogonController.dll
2016-01-07 15:11 - 2015-11-22 04:36 - 01042432 _____ (Microsoft Corporation) C:\Windows\system32\BingOnlineServices.dll
2016-01-07 15:11 - 2015-11-22 04:34 - 02843136 _____ (Microsoft Corporation) C:\Windows\system32\cdp.dll
2016-01-07 15:11 - 2015-11-22 04:34 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-01-07 15:11 - 2015-11-22 04:34 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-01-07 15:11 - 2015-11-22 04:34 - 00166912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-01-07 15:11 - 2015-11-22 04:34 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-01-07 15:11 - 2015-11-22 04:34 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\EditBufferTestHook.dll
2016-01-07 15:11 - 2015-11-22 04:33 - 00205824 _____ (Nokia) C:\Windows\SysWOW64\NmaDirect.dll
2016-01-07 15:11 - 2015-11-22 04:32 - 00340480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2016-01-07 15:11 - 2015-11-22 04:32 - 00334848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-07 15:11 - 2015-11-22 04:31 - 07199232 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-01-07 15:11 - 2015-11-22 04:31 - 00470528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2016-01-07 15:11 - 2015-11-22 04:31 - 00416768 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-01-07 15:11 - 2015-11-22 04:29 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 01734656 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 01443328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 00948224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 00784896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NMAA.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 00686592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-07 15:11 - 2015-11-22 04:28 - 00100864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offlinelsa.dll
2016-01-07 15:11 - 2015-11-22 04:27 - 03993600 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-01-07 15:11 - 2015-11-22 04:27 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-07 15:11 - 2015-11-22 04:27 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-01-07 15:11 - 2015-11-22 04:27 - 00711680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-01-07 15:11 - 2015-11-22 04:27 - 00241664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptngc.dll
2016-01-07 15:11 - 2015-11-22 04:27 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-01-07 15:11 - 2015-11-22 04:26 - 03355136 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2016-01-07 15:11 - 2015-11-22 04:26 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-01-07 15:11 - 2015-11-22 04:26 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingOnlineServices.dll
2016-01-07 15:11 - 2015-11-22 04:26 - 00421888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LogonController.dll
2016-01-07 15:11 - 2015-11-22 04:25 - 02280448 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-01-07 15:11 - 2015-11-22 04:25 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-07 15:11 - 2015-11-22 04:24 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-07 15:11 - 2015-11-22 04:24 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-01-07 15:11 - 2015-11-22 04:24 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-01-07 15:11 - 2015-11-22 04:24 - 00059904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EditBufferTestHook.dll
2016-01-07 15:11 - 2015-11-22 04:23 - 05202944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-01-07 15:11 - 2015-11-22 04:20 - 01860096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdp.dll
2016-01-07 15:11 - 2015-11-22 04:18 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-07 15:11 - 2015-11-22 04:18 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2016-01-07 15:11 - 2015-11-22 04:18 - 00458752 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2016-01-07 15:11 - 2015-11-22 04:17 - 02680320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2016-01-07 15:11 - 2015-11-22 04:17 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-07 15:11 - 2015-11-22 04:11 - 00517632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2016-01-07 15:11 - 2015-11-21 01:21 - 00809312 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2016-01-07 15:11 - 2015-11-21 01:02 - 00704352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2016-01-07 15:11 - 2015-11-21 00:44 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-01-07 15:11 - 2015-11-21 00:29 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-01-07 15:11 - 2015-11-21 00:07 - 00227840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-01-07 15:11 - 2015-11-13 01:55 - 00035680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wimmount.sys
2016-01-07 15:11 - 2015-11-13 01:51 - 00698208 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2016-01-07 15:11 - 2015-11-13 01:51 - 00523616 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2016-01-07 15:11 - 2015-11-13 01:51 - 00334736 _____ (Microsoft Corporation) C:\Windows\system32\policymanager.dll
2016-01-07 15:11 - 2015-11-13 01:43 - 00586208 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-07 15:11 - 2015-11-13 01:43 - 00536768 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-01-07 15:11 - 2015-11-13 01:43 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-01-07 15:11 - 2015-11-13 01:43 - 00110032 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-01-07 15:11 - 2015-11-13 01:43 - 00035656 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-07 15:11 - 2015-11-13 01:42 - 00516544 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-01-07 15:11 - 2015-11-13 01:42 - 00408128 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-01-07 15:11 - 2015-11-13 01:42 - 00088392 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2016-01-07 15:11 - 2015-11-13 01:41 - 22572632 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-01-07 15:11 - 2015-11-13 01:33 - 00911648 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2016-01-07 15:11 - 2015-11-13 01:33 - 00586080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2016-01-07 15:11 - 2015-11-13 01:33 - 00092352 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-01-07 15:11 - 2015-11-13 01:32 - 00296488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\policymanager.dll
2016-01-07 15:11 - 2015-11-13 01:21 - 00511320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-07 15:11 - 2015-11-13 01:21 - 00454056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-01-07 15:11 - 2015-11-13 01:21 - 00405048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-01-07 15:11 - 2015-11-13 01:21 - 00366224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-01-07 15:11 - 2015-11-13 01:21 - 00073360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2016-01-07 15:11 - 2015-11-13 01:21 - 00032040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-07 15:11 - 2015-11-13 01:18 - 21125408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-01-07 15:11 - 2015-11-13 01:09 - 00675064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2016-01-07 15:11 - 2015-11-13 01:07 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-01-07 15:11 - 2015-11-13 01:06 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\RemovableMediaProvisioningPlugin.dll
2016-01-07 15:11 - 2015-11-13 01:05 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2016-01-07 15:11 - 2015-11-13 01:05 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\BarcodeProvisioningPlugin.dll
2016-01-07 15:11 - 2015-11-13 01:05 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.proxy.dll
2016-01-07 15:11 - 2015-11-13 01:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\tetheringconfigsp.dll
2016-01-07 15:11 - 2015-11-13 01:04 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\NFCProvisioningPlugin.dll
2016-01-07 15:11 - 2015-11-13 01:04 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-01-07 15:11 - 2015-11-13 01:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\IcsEntitlementHost.exe
2016-01-07 15:11 - 2015-11-13 01:03 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
2016-01-07 15:11 - 2015-11-13 01:00 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\tzautoupdate.dll
2016-01-07 15:11 - 2015-11-13 00:59 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-01-07 15:11 - 2015-11-13 00:58 - 11545088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-01-07 15:11 - 2015-11-13 00:58 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-01-07 15:11 - 2015-11-13 00:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\PhoneProviders.dll
2016-01-07 15:11 - 2015-11-13 00:56 - 00163328 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2016-01-07 15:11 - 2015-11-13 00:55 - 00450560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-01-07 15:11 - 2015-11-13 00:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-01-07 15:11 - 2015-11-13 00:53 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-01-07 15:11 - 2015-11-13 00:50 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-01-07 15:11 - 2015-11-13 00:49 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-01-07 15:11 - 2015-11-13 00:40 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-01-07 15:11 - 2015-11-13 00:40 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.proxy.dll
2016-01-07 15:11 - 2015-11-13 00:39 - 02444288 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2016-01-07 15:11 - 2015-11-13 00:34 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppCapture.dll
2016-01-07 15:11 - 2015-11-13 00:33 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-01-07 15:11 - 2015-11-13 00:30 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcastdvr.exe
2016-01-07 15:11 - 2015-11-13 00:30 - 00315904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Bluetooth.dll
2016-01-07 15:11 - 2015-11-13 00:29 - 09918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-01-07 15:11 - 2015-11-13 00:27 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-01-07 15:11 - 2015-11-13 00:23 - 00490496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-01-07 15:11 - 2015-11-13 00:19 - 02001408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2016-01-07 15:11 - 2015-11-05 07:05 - 00118624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-01-07 15:11 - 2015-11-05 05:40 - 00630632 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-01-07 15:11 - 2015-11-05 05:25 - 00578912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-01-07 15:11 - 2015-11-05 05:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-01-07 15:11 - 2015-11-05 05:08 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-01-07 15:11 - 2015-11-05 05:04 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-01-07 15:11 - 2015-11-05 05:00 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-01-07 15:11 - 2015-11-05 04:44 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-01-07 15:11 - 2015-11-05 04:41 - 00540752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-01-07 15:11 - 2015-11-05 04:13 - 00969728 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-07 15:11 - 2015-11-05 04:10 - 00803840 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-07 15:11 - 2015-11-05 04:03 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-01-07 15:11 - 2015-11-05 04:02 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-01-07 15:11 - 2015-11-05 03:59 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-01-07 15:11 - 2015-11-05 03:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-01-07 15:11 - 2015-11-05 03:42 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-01-07 15:11 - 2015-11-05 03:18 - 00791552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-07 15:11 - 2015-11-05 03:15 - 00647168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-07 15:10 - 2016-01-07 17:27 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-07 15:10 - 2016-01-07 15:30 - 00000000 ____D C:\ProgramData\Norton
2016-01-07 15:10 - 2016-01-07 15:28 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-01-07 15:10 - 2016-01-07 15:10 - 01111008 _____ (Symantec Corporation) C:\Users\Chris\Downloads\NortonNISDownloader.exe
2016-01-07 15:10 - 2016-01-07 15:10 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-01-07 15:10 - 2016-01-07 15:10 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-01-07 15:10 - 2016-01-07 15:10 - 00001327 _____ C:\Users\Chris\Desktop\Norton Installation Files.lnk
2016-01-07 15:10 - 2016-01-07 15:10 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2016-01-07 15:10 - 2016-01-07 15:10 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-01-07 15:10 - 2016-01-07 15:10 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-01-07 15:10 - 2016-01-07 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-01-07 15:10 - 2016-01-07 15:10 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-01-07 15:10 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2016-01-07 15:08 - 2016-01-07 15:10 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Chris\Downloads\spybot-2.4.exe
2016-01-07 15:08 - 2016-01-07 15:08 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Macromedia
2015-12-19 01:10 - 2015-12-19 01:10 - 35016296 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 34083104 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 29894272 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 15454976 _____ (Intel Corporation) C:\Windows\system32\igc64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 13427688 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 11441600 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 05028408 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 04482424 _____ (Intel Corporation) C:\Windows\system32\igd12umd64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 04324664 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 02145232 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 01816720 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 01814064 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 01665200 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00435088 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00433968 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00381936 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00379792 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00310160 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00295024 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00242160 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00222736 _____ (Intel Corporation) C:\Windows\system32\igdde64.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00205360 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00181328 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2015-12-19 01:10 - 2015-12-19 01:10 - 00055248 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 29101576 _____ (Intel Corporation) C:\Windows\system32\common_clang64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 19861512 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 11586056 _____ (Intel Corporation) C:\Windows\system32\ig75icd64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 08634888 _____ (Intel Corporation) C:\Windows\SysWOW64\ig75icd32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 05685768 _____ (Intel Corporation) C:\Windows\system32\igdmcl64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 05262864 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 04608520 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 04123144 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 03970056 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 01576968 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 01167880 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 01026464 _____ C:\Windows\system32\igfxSDK.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00962464 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00958880 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00626696 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00621472 _____ (Intel Corporation) C:\Windows\system32\IntelCpHDCPSvc.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00535968 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiUMS64.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00466344 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00439304 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00415752 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00390152 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00388616 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00350224 _____ (Intel Corporation) C:\Windows\system32\IntelWiDiMCComp64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00318472 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00300968 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00273416 _____ C:\Windows\system32\igfxCPL.cpl
2015-12-19 01:08 - 2015-12-19 01:08 - 00266248 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00255496 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00236456 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00231848 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00231336 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00225288 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00206344 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4331.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00193032 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00174504 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-12-19 01:08 - 2015-12-19 01:08 - 00173584 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00111624 _____ ( ) C:\Windows\system32\igfxSDKLibv2_0.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00103944 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00103432 _____ C:\Windows\system32\igfxCUIServicePS.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00100872 _____ ( ) C:\Windows\system32\igfxSDKLib.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00099848 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00095248 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00083464 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00052744 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00029192 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00029192 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00027656 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00027656 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00022536 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-12-19 01:08 - 2015-12-19 01:08 - 00022536 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-08 13:59 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-08 13:58 - 2015-10-30 02:21 - 00000000 ____D C:\Windows\INF
2016-01-08 13:52 - 2015-10-30 01:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-08 13:18 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-08 13:18 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\AppReadiness
2016-01-08 04:11 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\appcompat
2016-01-07 18:03 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\PrintDialog
2016-01-07 18:03 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\MiracastView
2016-01-07 18:03 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\spool
2016-01-07 18:03 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\FxsTmp
2016-01-07 18:02 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-01-07 18:01 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\system32\Sysprep
2016-01-07 18:00 - 2015-10-30 04:14 - 00000000 ____D C:\Windows\ServiceProfiles
2016-01-07 18:00 - 2015-10-30 02:24 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-01-07 17:23 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\rescache
2016-01-07 15:16 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\DevicesFlow
2016-01-07 15:16 - 2015-10-30 02:24 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-01-07 15:15 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-01-07 15:15 - 2015-10-30 02:24 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-01-07 15:15 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-01-07 15:15 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\oobe
2016-01-07 15:15 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-01-07 15:15 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\Provisioning
2016-01-07 15:15 - 2015-10-30 02:24 - 00000000 ____D C:\Windows\bcastdvr
2016-01-07 15:15 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-01-07 15:15 - 2015-10-30 01:28 - 00000000 ____D C:\Windows\system32\Dism
2016-01-07 15:13 - 2015-10-30 02:11 - 00000000 ____D C:\Windows\CbsTemp
2016-01-07 15:12 - 2015-10-30 01:28 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-19 01:10 - 2015-07-18 00:34 - 28612544 _____ (Intel Corporation) C:\Windows\system32\igd11dxva64.dll
2015-12-19 01:10 - 2015-07-18 00:34 - 13928480 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-12-19 01:10 - 2015-07-18 00:34 - 06560024 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-12-19 01:08 - 2015-10-30 02:18 - 00103944 _____ (Khronos Group) C:\Windows\SysWOW64\opencl.dll
2015-12-19 01:08 - 2015-07-18 00:36 - 07858088 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-12-19 01:08 - 2015-07-18 00:35 - 00402344 _____ C:\Windows\system32\igfxTray.exe
2015-12-19 01:08 - 2015-07-18 00:35 - 00373160 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2015-12-19 01:08 - 2015-07-18 00:35 - 00354216 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2015-12-19 01:08 - 2015-07-18 00:35 - 00268704 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-12-19 01:08 - 2015-07-18 00:28 - 02052104 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2015-12-19 01:08 - 2015-07-18 00:28 - 00750088 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2015-12-19 01:08 - 2015-07-18 00:28 - 00384008 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-07 17:07
 
==================== End of FRST.txt ============================
 
 
 
And Additional 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by Chris (2016-01-08 14:00:04)
Running from C:\Users\Chris\Downloads
Windows 10 Pro (X64) (2016-01-07 23:02:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3575105807-2576936594-407017812-500 - Administrator - Disabled)
Chris (S-1-5-21-3575105807-2576936594-407017812-1001 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-3575105807-2576936594-407017812-503 - Limited - Disabled)
Guest (S-1-5-21-3575105807-2576936594-407017812-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Evernote v. 5.9.6 (HKLM-x32\...\{A542D366-9877-11E5-B101-005056951CAD}) (Version: 5.9.6.9494 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\{0B5D7DA7-9220-392F-89C6-4C75AB36E977}) (Version: 47.0.2526.106 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MusicBee 2.5 (HKLM-x32\...\MusicBee) (Version: 2.5 - Steven Mayall)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)
Ultimate Gaming Mouse Driver (HKLM-x32\...\{7944AA0E-CFB0-4DE0-A9A8-01312A347BF8}) (Version:  - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3575105807-2576936594-407017812-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {2A8FAE87-A92E-49FC-9FC8-9BFDBED99A74} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {43FADB4B-6FC8-4DEC-89DC-F03B5149BE3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {530965E7-2441-4803-961A-C8E5F6AEB088} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {73433EB3-1620-47B9-880C-F00798572920} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {7E925A1D-A95A-486F-91F0-161B84EBA350} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-23] (Microsoft Corporation)
Task: {8190EF27-9814-49D1-9CB9-93F52B9EF722} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {8AD3F2DC-9EB0-44ED-9062-B7CCF410591B} - System32\Tasks\Norton Internet Security\Norton Autofix => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {90485565-C7A6-409B-AACB-D23CEC124C63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-07] (Google Inc.)
Task: {A6A27896-8814-4669-8664-D34927B3EABE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E04CBE88-B375-4DC8-BF9A-87AA5F3841BE} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\WSCStub.exe [2015-11-20] (Symantec Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2016-01-07 15:11 - 2015-11-22 05:47 - 02653816 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-01-07 15:11 - 2015-11-22 05:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-01-08 13:12 - 2016-01-08 13:12 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-07-18 00:35 - 2015-12-19 01:08 - 00402344 _____ () C:\Windows\system32\igfxTray.exe
2016-01-07 15:11 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-07 15:11 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-07 15:11 - 2015-12-06 22:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-07 15:11 - 2015-12-06 22:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-07 15:11 - 2015-12-06 22:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-07 15:11 - 2015-12-06 22:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-01-07 15:16 - 2013-10-23 14:18 - 00499712 _____ () C:\Program Files (x86)\Ultimate Gaming Mouse\Monitor.exe
2016-01-07 15:16 - 2013-10-23 09:35 - 00372736 _____ () C:\Program Files (x86)\Ultimate Gaming Mouse\OSD.exe
2016-01-07 15:13 - 2015-12-11 07:34 - 01971528 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2016-01-07 15:13 - 2015-12-11 07:34 - 00093512 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2016-01-07 15:10 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-01-07 15:10 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-01-07 15:10 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-07 15:10 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-01-07 15:10 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-01-08 13:12 - 2016-01-08 13:12 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-08 13:12 - 2016-01-08 13:12 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-01-07 15:16 - 2013-10-08 11:39 - 00057344 _____ () C:\Program Files (x86)\Ultimate Gaming Mouse\lan.dll
2016-01-07 15:16 - 2013-08-22 10:01 - 00061440 _____ () C:\Program Files (x86)\Ultimate Gaming Mouse\hiddriver.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\123simsen.com -> www.123simsen.com
 
There are 7866 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2016-01-07 16:53 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15463 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3575105807-2576936594-407017812-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-3575105807-2576936594-407017812-1001\...\StartupApproved\Run: => "OneDrive"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{84B72663-009B-4A7B-989C-F25D170CE744}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{A355A3F4-201A-4376-A91D-71D08A90E006}C:\users\chris\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\chris\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8354A7A3-D471-4C4A-9BF5-AD732FC87D05}C:\users\chris\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\chris\appdata\roaming\utorrent\utorrent.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
07-01-2016 15:11:34 Windows Update
07-01-2016 16:00:25 extra
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/08/2016 01:17:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540c3b
Exception code: 0xc0000005
Fault offset: 0x0000000000034f9c
Faulting process id: 0x1cc0
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (01/07/2016 10:41:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: mrt100_app.dll, version: 1.0.23406.0, time stamp: 0x561408ce
Exception code: 0xc0000005
Fault offset: 0x00000000000135ca
Faulting process id: 0x1a48
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5
 
Error: (01/07/2016 04:00:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (01/07/2016 03:41:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3FM9N2D)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/07/2016 03:36:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3FM9N2D)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/07/2016 03:28:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3FM9N2D)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/07/2016 03:27:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3FM9N2D)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/07/2016 03:22:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3FM9N2D)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/07/2016 03:17:18 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-3FM9N2D)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/07/2016 03:11:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (01/08/2016 01:52:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_272a6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/08/2016 01:52:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_272a6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/08/2016 01:52:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_272a6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/08/2016 01:52:37 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_272a6 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/08/2016 01:52:37 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/08/2016 01:52:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The NPEService service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (01/08/2016 01:26:44 PM) (Source: Ntfs) (EventID: 55) (User: NT AUTHORITY)
Description: A corruption was discovered in the file system structure on volume C:.
 
The Master File Table (MFT) contains a corrupted file record.  The file reference number is 0x1000000017359.  The name of the file is "\Windows\servicing\Packages\Package_874_for_KB3124200~31bf3856ad364e35~amd64~~10.0.1.3.cat".
 
Error: (01/08/2016 07:30:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_6bd297 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/08/2016 07:30:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_6bd297 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/08/2016 07:30:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_6bd297 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-01-07 17:49:53.945
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-07 15:16:21.418
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-07 18:01:20.441
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-4690K CPU @ 3.50GHz
Percentage of memory in use: 43%
Total physical RAM: 7884.89 MB
Available physical RAM: 4474.51 MB
Total Virtual: 9804.89 MB
Available Virtual: 5857.43 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:223.08 GB) (Free:134.02 GB) NTFS
Drive d: () (Fixed) (Total:1863.01 GB) (Free:1643.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: A45B4EF9)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 223.6 GB) (Disk ID: D1131698)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=223.1 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
Thanks for any help! 
 
- Chris

Edited by MIfuneKinski, 08 January 2016 - 04:22 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 13 January 2016 - 10:43 AM

Greetings Chris and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

After reinstalling the operating system did you reintroduce and backed up data into the fresh install?

Did you set all these Chrome homepages?
 

CHR StartupUrls: Default -> "hxxp://gmail.com/","hxxp://www.nytimes.com/","hxxp://slickdeals.net/","hxxp://classpass.com/","hxxp://nypl.com/","hxxps://www.google.com/calendar/render#main_7","hxxps://www.mint.com/","hxxp://rewardsurvey.com/","hxxps://duckduckgo.com/"


Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Running chkdsk with Report

--------------------
  • Click Start, type cmd, right click on cmd above and select Run as Administrator
  • Note: For Windows 8/10 press the windows key Windows_Logo_key.gif + X on your keyboard at the same time
  • Select Command Prompt (Admin)
  • Copy and paste the following in the Run box and click OK

cmd /c chkdsk c: |find /v "percent" >> "%userprofile%\desktop\chkdskreport.txt"

  • A black command window will open on your desktop and remain empty for a few minutes
  • When completed a chkdskreport.txt will appear on your desktop
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Chrome home pages?
  • Reintroduce files?
  • chkdskreport

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 MIfuneKinski

MIfuneKinski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 14 January 2016 - 04:55 PM

Hi thanks so much for your response, I should be able to get back to you Monday or Tuesday that's when I'll have access and time to respond. Until then I can answer your questions. 1) No I did not backup from any files just did an entirely fresh install. 2) yes I did set those as my chrome homepage (if that's indeed what you're asking?)

Thanks so much
Chris

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 14 January 2016 - 07:47 PM

Thanks Chris,

Yes the Chrome homepage is what I was referring to. See you next week.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 MIfuneKinski

MIfuneKinski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 20 January 2016 - 12:44 PM

Hello! I'm back! Thanks again Oh My!

 

OK so I answered your first two questions, here is the chkdsk report

 

The type of the file system is NTFS.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 130560 done; Stage:  0%; Total:  0%; ETA:   0:06:18    
Progress: 51713 of 130560 done; Stage: 39%; Total: 14%; ETA:   0:05:24 .  
Progress: 98561 of 130560 done; Stage: 75%; Total: 27%; ETA:   0:04:35 .. 
Progress: 130560 of 130560 done; Stage: 100%; Total: 35%; ETA:   0:00:03 ...
                                                                                       
                                                                                       
  130560 file records processed.                                                        
 
File verification completed.
Progress: 3724 of 3724 done; Stage: 100%; Total: 22%; ETA:   0:00:03    
                                                                                       
                                                                                       
  3724 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 22%; ETA:   0:00:03 .  
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 37862 of 184612 done; Stage: 20%; Total: 29%; ETA:   0:00:03 .. 
Progress: 129510 of 184612 done; Stage: 70%; Total: 44%; ETA:   0:00:03 ...
Progress: 133920 of 184612 done; Stage: 72%; Total: 51%; ETA:   0:00:03    
Progress: 138222 of 184612 done; Stage: 74%; Total: 59%; ETA:   0:00:03 .  
Progress: 143579 of 184612 done; Stage: 77%; Total: 62%; ETA:   0:00:03 .. 
Progress: 149719 of 184612 done; Stage: 81%; Total: 73%; ETA:   0:00:01 ...
Progress: 153650 of 184612 done; Stage: 83%; Total: 77%; ETA:   0:00:01    
Progress: 184612 of 184612 done; Stage: 100%; Total: 80%; ETA:   0:00:01 .  
                                                                                       
                                                                                       
  184612 index entries processed.                                                       
 
Index verification completed.
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:01 .. 
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:01 ...
                                                                                       
                                                                                       
  0 unindexed files recovered to lost and found.                    
 
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 3 of 3 done; Stage: 100%; Total: 99%; ETA:   0:00:00    
                                                                                       
                                                                                       
  27027 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Progress: 4204 of 4204 done; Stage: 100%; Total: 96%; ETA:   0:00:00 .  
                                                                                       
                                                                                       
  34446320 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 233916415 KB total disk space.
  50148760 KB in 95982 files.
     74288 KB in 27028 indexes.
         0 KB in bad sectors.
    238767 KB in use by the system.
     65536 KB occupied by the log file.
 183454600 KB available on disk.
 
      4096 bytes in each allocation unit.
  58479103 total allocation units on disk.
  45863650 allocation units available on disk.
The type of the file system is NTFS.
 
WARNING!  /F parameter not specified.
Running CHKDSK in read-only mode.
 
Stage 1: Examining basic file system structure ...
Progress: 0 of 130560 done; Stage:  0%; Total:  0%; ETA:   0:06:18    
Progress: 50945 of 130560 done; Stage: 39%; Total: 14%; ETA:   0:05:26 .  
Progress: 97209 of 130560 done; Stage: 74%; Total: 27%; ETA:   0:04:36 .. 
Progress: 130560 of 130560 done; Stage: 100%; Total: 35%; ETA:   0:00:03 ...
                                                                                       
                                                                                       
  130560 file records processed.                                                        
 
File verification completed.
Progress: 3725 of 3725 done; Stage: 100%; Total: 22%; ETA:   0:00:03    
                                                                                       
                                                                                       
  3725 large file records processed.                                   
 
Progress: 0 of 0 done; Stage: 99%; Total: 22%; ETA:   0:00:03 .  
                                                                                       
                                                                                       
  0 bad file records processed.                                     
 
 
Stage 2: Examining file name linkage ...
Progress: 37542 of 184612 done; Stage: 20%; Total: 29%; ETA:   0:00:03 .. 
Progress: 129137 of 184612 done; Stage: 69%; Total: 44%; ETA:   0:00:03 ...
Progress: 133917 of 184612 done; Stage: 72%; Total: 51%; ETA:   0:00:03    
Progress: 138317 of 184612 done; Stage: 74%; Total: 59%; ETA:   0:00:03 .  
Progress: 143711 of 184612 done; Stage: 77%; Total: 62%; ETA:   0:00:03 .. 
Progress: 149850 of 184612 done; Stage: 81%; Total: 73%; ETA:   0:00:01 ...
Progress: 153806 of 184612 done; Stage: 83%; Total: 77%; ETA:   0:00:01    
Progress: 184612 of 184612 done; Stage: 100%; Total: 80%; ETA:   0:00:01 .  
                                                                                       
                                                                                       
  184612 index entries processed.                                                       
 
Index verification completed.
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:01 .. 
                                                                                       
                                                                                       
  0 unindexed files scanned.                                        
 
Progress: 0 of 0 done; Stage: 99%; Total: 80%; ETA:   0:00:01 ...
                                                                                       
                                                                                       
  0 unindexed files recovered to lost and found.                    
 
 
Stage 3: Examining security descriptors ...
Security descriptor verification completed.
Progress: 3 of 3 done; Stage: 100%; Total: 99%; ETA:   0:00:00    
                                                                                       
                                                                                       
  27027 data files processed.                                           
 
CHKDSK is verifying Usn Journal...
Progress: 0 of 4208 done; Stage:  0%; Total: 99%; ETA:   0:00:00 .  
Progress: 4208 of 4208 done; Stage: 100%; Total: 96%; ETA:   0:00:00 .. 
                                                                                       
                                                                                       
  34475056 USN bytes processed.                                                           
 
Usn Journal verification completed.
 
Windows has scanned the file system and found no problems.
No further action is required.
 
 233916415 KB total disk space.
  50292236 KB in 95965 files.
     74288 KB in 27028 indexes.
         0 KB in bad sectors.
    238767 KB in use by the system.
     65536 KB occupied by the log file.
 183311124 KB available on disk.
 
      4096 bytes in each allocation unit.
  58479103 total allocation units on disk.
  45827781 allocation units available on disk.
 
 
Thanks again


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 20 January 2016 - 07:15 PM

Your computer is clean. Do you have the ipnat.sys and ipfltdrv.sys files in quarantine? If so I would like to scan the files to see if Norton is giving you a false positive.

It does appear that you have some system issues. That may be the result of the problems you say you ran into while attempting to do a system reset.

Let's address the 2 files first. Let me know if they are there.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 MIfuneKinski

MIfuneKinski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 23 January 2016 - 05:25 PM

Glad to hear that you think it's clean! It doesn't appear that those are in quarantine.  Norton Power Eraser still detects them as a problem but offers no solution for how to "fix" them.  I attached two screenshots of NPE and norton's quarantine history.  The other two files that NPE detected I know.  Monitor is apart of my asus monitoring software, scelight is a third party app for my game which I recently installed.

 

Thanks again for your help!

Chris

 

 

Attached Files

  • Attached File  1.png   502.78KB   0 downloads
  • Attached File  2.png   139.3KB   0 downloads


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 23 January 2016 - 09:17 PM

Thanks Chris, please do this.

===================================================

SystemLook by jpshortstuff

--------------------
  • Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2
Download Mirror #3 For 64-bit users

  • Double-click SystemLook.exe to run it.
  • Vista\Windows 7 users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following codebox into the main textfield:
:filefind
ipnat.sys
ipfltdrv.sys
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • SystemLook log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 MIfuneKinski

MIfuneKinski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 23 January 2016 - 11:26 PM

Thanks!
 

SystemLook 30.07.11 by jpshortstuff
Log created at 23:27 on 23/01/2016 by Chris
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "ipnat.sys"
C:\Windows\System32\drivers\ipnat.sys --a---- 143360 bytes [07:17 30/10/2015] [07:17 30/10/2015] 7882929962241BF14C7E34879754A1D6
C:\Windows\WinSxS\amd64_microsoft-windows-ipnat_31bf3856ad364e35_10.0.10586.0_none_e79daff125b30f59\ipnat.sys --a---- 143360 bytes [07:17 30/10/2015] [07:17 30/10/2015] 7882929962241BF14C7E34879754A1D6
 
Searching for "ipfltdrv.sys"
C:\Windows\System32\drivers\ipfltdrv.sys --a---- 85504 bytes [07:17 30/10/2015] [07:17 30/10/2015] 61B07C83D0A3F0E5DF93401705CF6496
C:\Windows\WinSxS\amd64_microsoft-windows-rasipfilter_31bf3856ad364e35_10.0.10586.0_none_73ef1c416986a2ea\ipfltdrv.sys --a---- 85504 bytes [07:17 30/10/2015] [07:17 30/10/2015] 61B07C83D0A3F0E5DF93401705CF6496
 
-= EOF =-


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 23 January 2016 - 11:44 PM

Thanks,

Please do this and I will check your reply in the morning.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\System32\drivers\ipnat.sys
C:\Windows\System32\drivers\ipfltdrv.sys

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Virustotal links

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 MIfuneKinski

MIfuneKinski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 24 January 2016 - 12:16 AM

Cool site!

https://www.virustotal.com/en/file/1b69b0a847af7fe8ed89084871666c50203f20a21190ff84f1e059814e35abb5/analysis/1453612342/

https://www.virustotal.com/en/file/398a1f96bde4aa8606857976249b277e5f1e1e5fbd351e0a6d4641ac3ad7907b/analysis/1453612443/

 

 

Thanks again

Chris



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 24 January 2016 - 10:53 AM

Hi Chris.

Let me explain what I have concluded through all of this.

Any time an antivirus program hits on an entry, or continues to hit on an entry some investigation is warranted. Neither Norton or any other program is infallible so there is always the potential for a false positive, which is what I have concluded in this case.

Initially I asked to see the quarantined file from Norton but it doesn't exist. So the next best thing is to look for a not yet quarantined file which is what we accomplished with the SystemLook step. That program will identify every instance of the file on your computer and will provide specific and unique information about that file in particular. One of the things that it identifies is what is known as an MD5 which is a sort of fingerprint for that exact file. Normally when we do a Google search using the MD5 information we will find similar "hits" identifying it as a legitimate or non-legitimate file. In this case that did not happen with my Google search. So what I then wanted to do is have VirusTotal scan those particular files on your computer to see what we came up with. As you saw, the files were determined to be legitimate and of no concern.

I am hesitant to tell someone a detection is a false positive unless I have done all I can to determine that is the case. As a result of all of our work together I am confident that you can have Norton ignore those files so that you will no longer get a notification that action has been taken to quarantine the files. You could even contact Norton if you want to advise them of the false positive.

Unless you have any other questions or concerns I think we are all set.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 MIfuneKinski

MIfuneKinski
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:02:52 AM

Posted 25 January 2016 - 01:15 PM

So we're the system problems coincidental? I reinstalled windows two or three times and system problems persisted. All seems well now though.

Possibly something else still lurking?

#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 25 January 2016 - 01:20 PM

Must have been. I can't really address what used to be, only where we are at now and things seem perfectly fine.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,502 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:12:52 AM

Posted 28 January 2016 - 03:36 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users