Jump to content

"chrome.exe *32" malware?


BUSean

Recommended Posts

Hello,

 

Over the last week or so I began to see chrome.exe *32 show up on my task manager, along with many, many chrome background processes when I run Google Chrome (currently there are 10 showing). I know chrome has many different tasks it runs in various ways once the browser is open, but I've seen the .exe *32 showing up in other parts of Task Manager as well. I also upgraded to Windows 10 a few days ago and so it's a bit tricky to figure out where everything is and how it should work. 

I used Malwarebytes but it didn't find anything particularly out of the ordinary. My computer has also slowed down considerably; also the audio on it is now horrific but that's its own, Windows-upgrade specific issue. I downloaded Farbar. Here are the logs. 

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01

Ran by owner (administrator) on OWNER-PC (12-12-2015 11:37:44)
Running from C:\Users\owner\Downloads
Loaded Profiles: owner (Available Profiles: owner)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SET5413.tmp
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Ricoh co.,Ltd.) C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [smartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-04-26] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2015-07-28] (Synaptics Incorporated)
HKLM\...\Run: [synLenovoHelper] => C:\Program Files\Synaptics\SynTP\SynLenovoHelper.exe [146600 2015-07-28] (Synaptics)
HKLM-x32\...\Run: [RotateImage] => C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe [55808 2008-10-30] (Ricoh co.,Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-06-25] (Avast Software s.r.o.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4076330621-4275105699-3220268613-1000\...\Run: [GoogleChromeAutoLaunch_BFB1AAC9AD5759BCC5B883652DF33E69] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
HKU\S-1-5-21-4076330621-4275105699-3220268613-1000\...\Run: [Dropbox Update] => C:\Users\owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-20] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-06-24] (Avast Software s.r.o.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-05]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-12-11]
ShortcutTarget: Dropbox.lnk -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 208.59.247.45 208.59.247.46 192.168.1.1
Tcpip\..\Interfaces\{1a26df7e-ffd6-437c-86a0-fd3cd20dacf6}: [DhcpNameServer] 208.59.247.45 208.59.247.46 192.168.1.1
Tcpip\..\Interfaces\{9cab2c27-d8eb-454a-8ca5-78033f27c3b8}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-4076330621-4275105699-3220268613-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-4076330621-4275105699-3220268613-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com
URLSearchHook: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-05-21] (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-06-24] (Avast Software s.r.o.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-05-21] (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4076330621-4275105699-3220268613-1000: @citrixonline.com/appdetectorplugin -> C:\Users\owner\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-10-14] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-01-05] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
FF HKU\S-1-5-21-4076330621-4275105699-3220268613-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR Profile: C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-29]
CHR Extension: (Google Search) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
CHR Extension: (Avast Online Security) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Gmail) - C:\Users\owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-03-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-06-24] (Avast Software s.r.o.)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [514048 2012-07-18] (Red Bend Ltd.) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2015-07-28] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [979456 2012-07-18] (Intel® Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-06-24] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-06-24] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-06-24] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-06-24] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-06-24] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-06-24] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-06-24] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2015-07-28] (Synaptics Incorporated)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 11:37 - 2015-12-12 11:38 - 00016643 _____ C:\Users\owner\Downloads\FRST.txt
2015-12-12 11:37 - 2015-12-12 11:37 - 00000000 ____D C:\FRST
2015-12-12 11:36 - 2015-12-12 11:37 - 02369536 _____ (Farbar) C:\Users\owner\Downloads\FRST64.exe
2015-12-12 11:21 - 2015-12-12 11:21 - 00000000 ____D C:\Users\owner\AppData\Local\PeerDistRepub
2015-12-12 11:07 - 2015-12-12 11:07 - 00000000 ____D C:\Users\owner\AppData\Local\MicrosoftEdge
2015-12-12 11:02 - 2015-12-12 11:02 - 00000000 ____D C:\Users\owner\AppData\Local\NetworkTiles
2015-12-12 11:01 - 2015-12-12 11:01 - 00000000 ___HD C:\OneDriveTemp
2015-12-11 09:52 - 2015-12-11 10:03 - 00000000 ____D C:\Users\owner\Documents\JCC Sheets
2015-12-11 09:36 - 2015-12-11 09:36 - 00000000 ____D C:\Users\owner\AppData\Local\Comms
2015-12-11 09:28 - 2015-12-11 09:28 - 00000000 ____D C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-11 09:18 - 2015-12-12 11:01 - 00000000 ___RD C:\Users\owner\OneDrive
2015-12-11 09:18 - 2015-12-11 09:18 - 00002376 _____ C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-11 09:17 - 2015-12-11 09:17 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-12-11 09:16 - 2015-12-11 09:16 - 00000000 ____D C:\Users\owner\AppData\Local\ActiveSync
2015-12-11 09:15 - 2015-12-11 09:15 - 00000000 ____D C:\Users\owner\AppData\Local\Publishers
2015-12-11 09:14 - 2015-12-12 10:53 - 00000000 ____D C:\Users\owner\AppData\Local\Packages
2015-12-11 09:14 - 2015-12-11 09:14 - 00000020 ___SH C:\Users\owner\ntuser.ini
2015-12-11 09:14 - 2015-12-11 09:14 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-11 09:14 - 2015-12-11 09:14 - 00000000 ____D C:\Users\owner\AppData\Local\TileDataLayer
2015-12-11 03:24 - 2015-12-11 09:13 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-11 03:19 - 2015-12-11 03:19 - 00000000 ____D C:\Windows.old
2015-12-11 03:18 - 2015-12-11 03:18 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-11 03:18 - 2015-12-11 03:18 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-11 03:18 - 2015-12-11 03:18 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-11 03:18 - 2015-12-11 03:18 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-11 03:18 - 2015-12-11 03:18 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-11 03:18 - 2015-12-11 03:18 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-11 03:18 - 2015-12-11 03:18 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-11 03:18 - 2015-12-11 03:18 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-11 03:18 - 2015-12-11 03:18 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-11 03:14 - 2015-12-11 03:14 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-11 03:11 - 2015-12-11 03:11 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-12-11 03:11 - 2015-12-11 03:11 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-12-11 03:11 - 2015-12-11 03:11 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-12-11 03:11 - 2015-12-11 03:11 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-11 03:11 - 2015-12-11 03:11 - 00000000 ____D C:\Program Files\MSBuild
2015-12-11 03:11 - 2015-12-11 03:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-11 03:11 - 2015-12-11 03:11 - 00000000 ____D C:\inetpub
2015-12-11 03:11 - 2015-12-11 01:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-11 03:10 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-11 03:10 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-11 03:10 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-11 03:10 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-11 03:10 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-11 03:10 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-11 01:51 - 2015-12-11 01:51 - 00000000 ____D C:\ProgramData\USOShared
2015-12-11 01:49 - 2015-12-11 01:49 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-11 01:49 - 2015-12-11 01:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-11 01:41 - 2015-12-11 01:41 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-11 01:41 - 2015-12-11 01:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-11 01:41 - 2015-12-11 01:41 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-11 01:41 - 2015-12-11 01:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-11 01:41 - 2015-12-11 01:41 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-11 01:37 - 2015-12-11 01:37 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-11 01:35 - 2015-12-11 21:24 - 00000000 ____D C:\Users\owner
2015-12-11 01:35 - 2015-12-11 01:35 - 00000000 _SHDL C:\Users\owner\My Documents
2015-12-11 01:35 - 2015-12-11 01:35 - 00000000 _SHDL C:\Users\owner\Documents\My Videos
2015-12-11 01:35 - 2015-12-11 01:35 - 00000000 _SHDL C:\Users\owner\Documents\My Pictures
2015-12-11 01:35 - 2015-12-11 01:35 - 00000000 _SHDL C:\Users\owner\Documents\My Music
2015-12-11 01:34 - 2015-12-11 01:51 - 01009628 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-11 01:34 - 2015-12-11 01:34 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-11 01:30 - 2015-12-11 01:37 - 00000000 ____D C:\Program Files\CONEXANT
2015-12-11 01:30 - 2015-12-11 01:30 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-12-11 01:29 - 2015-12-11 01:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-12-11 01:29 - 2015-12-11 01:29 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bpenum_01007.Wdf
2015-12-11 01:29 - 2015-12-11 01:29 - 00000000 ____D C:\Program Files\Synaptics
2015-12-11 01:29 - 2015-10-30 01:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-11 01:25 - 2015-12-11 01:43 - 00335792 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-11 00:44 - 2015-12-11 01:51 - 00010449 _____ C:\WINDOWS\diagerr.xml
2015-12-11 00:44 - 2015-12-11 01:51 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-12-09 23:51 - 2015-12-12 10:32 - 00000000 ____D C:\Users\owner\AppData\Local\ElevatedDiagnostics
2015-12-09 23:49 - 2015-12-09 23:50 - 00219644 _____ C:\WINDOWS\ntbtlog.txt
2015-12-09 23:27 - 2015-12-09 23:48 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-09 23:26 - 2015-12-09 23:48 - 00000000 ____D C:\Program Files\mbar
2015-12-09 23:26 - 2015-12-09 23:26 - 16563352 _____ (Malwarebytes Corp.) C:\Users\owner\Downloads\mbar-1.09.3.1001.exe
2015-12-09 23:15 - 2015-12-12 11:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-12-09 23:15 - 2015-12-11 01:50 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-09 22:43 - 2015-12-12 11:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-09 22:42 - 2015-12-11 01:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-09 22:42 - 2015-12-09 23:26 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-09 22:42 - 2015-12-09 22:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-12-09 22:42 - 2015-12-09 22:42 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-12-09 22:42 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-12-09 22:42 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-12-09 22:41 - 2015-12-09 22:41 - 22908888 _____ (Malwarebytes ) C:\Users\owner\Downloads\mbam-setup-2.2.0.1024.exe
2015-12-08 12:41 - 2015-11-20 12:54 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-12-08 12:40 - 2015-11-09 17:35 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2015-12-08 12:40 - 2015-11-08 15:52 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2015-12-08 12:40 - 2015-11-08 15:14 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2015-12-07 13:34 - 2015-12-07 13:40 - 00030720 _____ C:\Users\owner\Documents\Onion Sports 12.7.15.xls
2015-12-04 17:42 - 2015-12-11 09:16 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2015-12-04 17:42 - 2015-12-04 17:42 - 00000000 ____D C:\Program Files\Common Files\AV
2015-12-02 14:46 - 2015-12-02 14:36 - 25110018 _____ C:\Users\owner\Desktop\VID_20151202_143628392.mp4
2015-11-30 13:14 - 2015-11-30 13:26 - 00029696 _____ C:\Users\owner\Documents\Onion Sports 11.30.15.xls
2015-11-25 16:02 - 2015-11-25 16:02 - 00018432 _____ C:\Users\owner\Documents\tecmo stuff for the weekend.xls
2015-11-25 15:24 - 2015-11-25 15:24 - 00043008 _____ C:\Users\owner\Downloads\JCC Timesheet 11-15-15.xls
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-12 11:37 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
2015-12-12 11:26 - 2015-06-20 17:16 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000UA.job
2015-12-12 11:02 - 2015-03-12 22:29 - 00000000 ___RD C:\Users\owner\Dropbox
2015-12-12 11:02 - 2015-03-12 11:57 - 00000000 ____D C:\Users\owner\AppData\Roaming\Dropbox
2015-12-12 11:00 - 2014-12-23 19:07 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-12 10:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-12 10:51 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-12 10:51 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-12 10:47 - 2014-12-23 19:08 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-12 10:20 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-11 20:26 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-11 09:49 - 2014-12-23 19:09 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-12-11 09:33 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-11 09:18 - 2015-03-12 11:44 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-12-11 09:15 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-11 09:15 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-11 09:15 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-11 09:14 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-11 03:24 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-11 03:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-11 03:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-11 03:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-11 03:19 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-11 03:19 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-11 03:11 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-11 03:11 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-11 03:11 - 2015-10-30 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-12-11 03:11 - 2015-10-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-12-11 03:11 - 2015-10-30 01:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-12-11 03:11 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-12-11 03:11 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-11 03:11 - 2015-10-30 01:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-11 03:11 - 2015-10-30 01:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-12-11 03:11 - 2015-10-30 01:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-12-11 03:11 - 2015-10-30 01:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-12-11 03:11 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-11 03:11 - 2015-10-30 01:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-12-11 03:11 - 2015-10-30 01:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-12-11 03:11 - 2015-10-30 01:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-12-11 03:11 - 2015-10-30 01:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-12-11 03:11 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-11 03:11 - 2015-10-30 01:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-12-11 03:11 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-11 03:11 - 2015-10-30 01:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-12-11 03:11 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-11 03:11 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-11 03:11 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-11 03:10 - 2015-10-30 01:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-12-11 03:10 - 2015-10-30 01:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-12-11 03:10 - 2015-10-30 01:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-12-11 03:10 - 2015-10-30 01:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-12-11 03:10 - 2015-10-30 01:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-12-11 03:10 - 2015-10-30 01:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-12-11 03:10 - 2015-10-30 01:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-12-11 03:10 - 2015-10-30 01:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-12-11 03:10 - 2015-10-30 01:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-12-11 01:54 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-11 01:51 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-11 01:51 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-11 01:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-11 01:50 - 2015-06-20 17:16 - 00003998 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000UA
2015-12-11 01:50 - 2015-06-20 17:16 - 00003602 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000Core
2015-12-11 01:50 - 2015-05-12 08:09 - 00003996 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-11 01:50 - 2014-12-23 19:08 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-11 01:50 - 2014-12-23 19:07 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-11 01:50 - 2014-03-26 22:35 - 00003092 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-12-11 01:49 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-11 01:49 - 2015-10-30 01:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-11 01:45 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-11 01:43 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-11 01:42 - 2015-10-30 03:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-11 01:42 - 2015-03-12 11:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-11 01:42 - 2015-01-05 13:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-11 01:42 - 2014-12-23 19:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sports Mogul
2015-12-11 01:42 - 2014-12-23 19:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-11 01:42 - 2014-03-27 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-11 01:42 - 2014-03-27 12:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video Booth
2015-12-11 01:41 - 2009-07-13 21:20 - 00000000 ____D C:\Users\Default.migrated
2015-12-11 01:39 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-11 01:39 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-11 01:39 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-11 01:39 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-11 01:39 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-11 01:39 - 2014-03-27 11:22 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-12-11 01:39 - 2014-03-27 11:22 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-12-11 01:39 - 2014-03-26 21:49 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2015-12-11 01:38 - 2015-10-30 01:26 - 00000000 ____D C:\WINDOWS\Setup
2015-12-11 01:38 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\schemas
2015-12-11 01:38 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-11 01:38 - 2009-07-14 01:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-11 01:37 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-11 01:37 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-11 01:37 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-11 01:37 - 2014-03-26 21:48 - 00000000 ____D C:\Program Files\Intel
2015-12-11 01:37 - 2014-03-26 21:41 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-12-11 01:37 - 2014-03-26 21:37 - 00000000 ____D C:\Program Files (x86)\Intel
2015-12-11 01:37 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-11 01:37 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-12-11 01:33 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-11 01:25 - 2015-10-30 03:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-11 00:54 - 2009-07-13 22:45 - 00017360 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-11 00:54 - 2009-07-13 22:45 - 00017360 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-11 00:44 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-09 23:26 - 2015-06-20 17:16 - 00000866 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000Core.job
2015-12-09 19:30 - 2014-03-27 12:17 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 19:25 - 2014-03-26 23:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 19:13 - 2014-03-26 23:21 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-02 13:18 - 2014-03-26 22:54 - 00301728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-11-30 18:33 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 18:33 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-27 15:49 - 2015-05-12 08:07 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-18 20:18 - 2015-07-22 12:33 - 00031744 _____ C:\Users\owner\Documents\The Tecmo Sims.xls
 
==================== Files in the root of some directories =======
 
2015-01-03 15:01 - 2015-01-03 15:01 - 0003584 _____ () C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-05 13:01 - 2015-02-11 12:49 - 0001784 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\owner\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpkiql2p.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-11 01:25
 
==================== End of FRST.txt ============================
Link to post
Share on other sites

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-12-2015 01

Ran by owner (2015-12-12 11:38:58)
Running from C:\Users\owner\Downloads
Windows 10 Pro (X64) (2015-12-11 15:13:44)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4076330621-4275105699-3220268613-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4076330621-4275105699-3220268613-503 - Limited - Disabled)
Guest (S-1-5-21-4076330621-4275105699-3220268613-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4076330621-4275105699-3220268613-1002 - Limited - Enabled)
owner (S-1-5-21-4076330621-4275105699-3220268613-1000 - Administrator - Enabled) => C:\Users\owner
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2218 - AVAST Software)
Baseball Mogul 2009 (HKLM-x32\...\{9A3071D0-B51E-11DD-72AE-01EFE8642CD6}) (Version: 11.24 - Sports Mogul Inc.)
BisonCam Twain Pro (HKLM-x32\...\{F2672232-FF17-4DC9-8F24-A1E1829FE086}) (Version: 1.5.4.7 - Bison WebCam Ap)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
C4700 (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Citrix Online Launcher (HKLM-x32\...\{E5F6D26D-E180-4547-A865-565EAB61000C}) (Version: 1.0.362 - Citrix)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.32.27.0 - Conexant)
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-4076330621-4275105699-3220268613-1000\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.80 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart C4700 All-In-One Driver Software 13.0 Rel .6 (HKLM\...\{2012D762-5DCA-455A-B5FE-EDF79BC93E18}) (Version: 13.0 - HP)
HP Print Projects 1.0 (HKLM\...\HP Print Projects) (Version: 1.0 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
hpPrintProjects (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
hpWLPGInstaller (x32 Version: 130.0.303.000 - Hewlett-Packard) Hidden
Integrated Camera Driver Installer Package Ver.1.1.0.1147 (HKLM-x32\...\{B2CA6F37-1602-4823-81B5-0384B6888AA6}) (Version: 1.1.0.1147 - RICOH)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2509 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{86b86e21-7c9b-4baa-b284-69ce4a918661}) (Version: 16.10.0 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5F588B19-C575-4750-86FD-6ED2B76E61F1}) (Version: 7.50.0000 - Intel Corporation)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.10.15 - Lenovo)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
PS_AIO_06_C4700_SW_Min (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
RICOH_Media_Driver_v2.14.18.01 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.14.18.01 - RICOH)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.0 - Synaptics Incorporated)
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0031.1 - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Video Booth (HKLM-x32\...\VideoBooth) (Version: 2.4.2.8 - )
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4076330621-4275105699-3220268613-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\owner\AppData\Roaming\Dropbox\bin\DropboxExt64.28.dll (Dropbox, Inc.)
 
==================== Restore Points =========================
 
11-12-2015 20:24:54 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {056B112A-A3C4-42E3-8603-F3300CC95D94} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {0FA45480-84FE-44A1-A072-2F5D587F8214} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {13CD3419-2805-493A-AFA5-70147A336692} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {149689B9-B215-4EDF-BEE0-CCC10D609634} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000UA => C:\Users\owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {157C12BC-1972-4148-B67F-C035129DA852} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1C9C4404-6F6D-46D5-B053-6323066200B3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {1D39C7D9-1915-4303-B046-9DF66072DA19} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-06-24] (Avast Software s.r.o.)
Task: {23FAE650-0B15-496F-914F-DB112C30DC97} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {269F7552-9A82-4F21-B904-80D82B1D23EB} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {2980FADB-4C7E-46F2-A5EE-DC340714F543} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {2C3AC6E2-D835-4488-9D59-F0D67B898691} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {2CBE8BB6-CDAF-45CF-83DA-49284F6BC85F} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {358B9AEF-AA73-408B-9B5A-962A596403DA} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {3675EC76-9045-482C-9542-A0C874154C02} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3A2BC444-D840-4F0A-8A84-ACF70298F0D0} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {440C3008-ECA5-4343-81D7-93B5BAF70846} - System32\Tasks\Synaptics TouchPad Enhancements => Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: {44235A4A-8EE0-4705-8AE4-760F821A930D} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {47921466-4D2D-476F-8CAE-DA09F768AB41} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {582A604A-0941-425A-9FC1-2BBFD80F27C8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {5C15D74E-FB4F-4732-8DCB-29D5CF51430D} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {5D77B203-173A-48D5-9776-47AD920B8FFC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {64F4F325-09CE-43D6-B1B6-B0EEC6E92A68} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {781EA319-E00D-4365-8C4F-467409B036F9} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {7957D82B-D771-4E71-A1C4-7C04D955A1E7} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000Core => C:\Users\owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-20] (Dropbox, Inc.)
Task: {7D89D789-E601-4E6A-882D-A9D25F4D65B2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {83A5E3EE-562C-4734-970E-1EBE2D0FDBF1} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {914C66C3-D6EB-4BE4-9952-1FC30AD0EEBF} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {978E506A-215C-49D8-A476-04E5A7B59C10} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {9B740734-42E5-40CB-996A-E5A85C8D3A71} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9C2D1756-E543-4159-8C67-194EFEC8F30E} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A1BB1775-8073-4836-ABC3-0C5CD98EA966} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {A9F2A43F-ADEC-4DBC-A4D5-A5897DC5EB0B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-09] (Adobe Systems Incorporated)
Task: {B3BDF3DB-462B-4848-A79E-6EF42E8B2EE2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {BAB8C247-3440-4447-9BD8-6D2AB6CA7D8A} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {D9DADDDF-4D1E-4183-8553-A52E817E0AD0} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {DEF75C7D-763E-4640-996F-FC968FBF6762} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {E0B00748-3342-44B7-AAAE-2D3EE36EB505} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {E115BDB8-35E2-4624-86FE-A722B15853DB} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E93D70F4-031F-4613-BFF5-00F09EE73932} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {EAF320A2-7067-41A9-869E-B05CCF383A42} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {EEF589EA-6F29-4790-8186-C17A0058CD31} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {F9AA621F-E628-4831-9E89-AF2CC8B2AA52} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000Core.job => C:\Users\owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4076330621-4275105699-3220268613-1000UA.job => C:\Users\owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 01:17 - 2015-10-30 01:17 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-10-30 01:17 - 2015-10-30 01:17 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-10-30 01:17 - 2015-10-30 01:17 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 08005632 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 00936448 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-11 03:18 - 2015-12-11 03:18 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-03-26 21:46 - 2010-10-26 13:40 - 00049056 ____N () C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
2015-12-11 10:06 - 2015-12-11 10:06 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-11 09:55 - 2015-12-11 09:55 - 09074176 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-12-11 09:55 - 2015-12-11 09:55 - 02416640 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.23.23.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
2015-10-30 01:18 - 2015-10-30 01:18 - 00218456 _____ () c:\windows\system32\WerEtw.dll
2015-06-24 18:08 - 2015-06-24 18:08 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-06-24 18:08 - 2015-06-24 18:08 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-12-10 23:50 - 2015-12-10 23:50 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121000\algo.dll
2015-12-11 09:51 - 2015-12-11 09:51 - 02803200 _____ () C:\Program Files\AVAST Software\Avast\defs\15121100\algo.dll
2015-12-11 09:28 - 2015-10-30 18:59 - 00034768 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00022848 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\Crypto.Random.OSRNG.winrandom.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00023352 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\Crypto.Util._counter.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00042296 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\Crypto.Cipher._AES.pyd
2015-12-11 09:28 - 2015-10-30 18:59 - 00116688 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2015-12-11 09:28 - 2015-10-30 18:59 - 00093640 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2015-12-11 09:28 - 2015-10-30 18:59 - 00018376 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\select.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00019760 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00105928 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32api.pyd
2015-12-11 09:28 - 2015-10-30 18:59 - 00392144 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2015-12-11 09:28 - 2015-12-08 15:36 - 00381752 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2015-12-11 09:28 - 2015-10-30 18:59 - 00692688 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00020816 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00109520 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 01737032 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00020808 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00020800 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_cffi_python_x66cf7a7cx17a72769.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00021840 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_cffi_unicode_environ_win32_x8bf8e68bx9968e850.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00038696 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\fastpath.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00024528 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32event.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00020936 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00114640 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32security.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00021320 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_cffi_pywin_kernel32_xde9e4433x360333f0.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00124880 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32file.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00030160 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00043472 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32process.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00175560 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32gui.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00028616 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32ts.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00048592 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32service.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00024392 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00036296 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\librsync.dll
2015-12-11 09:28 - 2015-10-30 19:00 - 00024016 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\win32profile.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00117056 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00031568 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\enterprise_data.compiled._enterprise_data.pyd
2015-10-01 23:28 - 2015-11-04 18:04 - 00293392 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\EnterpriseDataAdapter.dll
2015-12-11 09:28 - 2015-12-08 15:36 - 00023376 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 09:28 - 2015-10-30 18:59 - 00134608 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_elementtree.pyd
2015-12-11 09:28 - 2015-10-30 18:59 - 00134088 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00240584 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\jpegtran.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00020280 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00052024 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00021304 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\Crypto.Util.strxor.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00350152 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00084792 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2015-12-11 09:28 - 2015-12-08 15:36 - 01826608 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2015-12-11 09:28 - 2015-10-30 19:00 - 00083912 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\sip.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 03891504 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 01950000 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00519984 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00133936 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00225080 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00207672 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00024904 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\_cffi_wpad_proxy_win_x752e3d61xdcfdcc84.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00486704 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2015-12-11 09:28 - 2015-12-08 15:36 - 00357680 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2015-11-11 16:30 - 2015-10-30 19:01 - 00019920 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-11-11 16:29 - 2015-10-30 19:00 - 00786904 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-11-11 16:30 - 2015-10-30 19:00 - 00063448 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-11-11 16:30 - 2015-10-30 19:00 - 00019408 _____ () C:\Users\owner\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll
2015-03-12 11:43 - 2015-03-12 11:43 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-11 10:06 - 2015-12-11 10:06 - 00152064 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-11 10:06 - 2015-12-11 10:07 - 18906624 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-11 09:49 - 2015-12-04 15:32 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libglesv2.dll
2015-12-11 09:49 - 2015-12-04 15:32 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4076330621-4275105699-3220268613-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\owner\AppData\Local\Microsoft\Windows\Themes\lenovo1\DesktopBackground\lenovo_22.jpg
DNS Servers: 208.59.247.45 - 208.59.247.46
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [uDP Query User{41280459-1DE2-43D7-84CA-A392B6CA4738}C:\users\owner\appdata\local\temp\g2_1704\g2viewer.exe] => (Allow) C:\users\owner\appdata\local\temp\g2_1704\g2viewer.exe
FirewallRules: [TCP Query User{40A6E2D7-9B02-4B56-8189-E7ABA4BA4355}C:\users\owner\appdata\local\temp\g2_1704\g2viewer.exe] => (Allow) C:\users\owner\appdata\local\temp\g2_1704\g2viewer.exe
FirewallRules: [uDP Query User{95432E4A-DACA-446D-80AC-38889C48DEC3}C:\users\owner\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\owner\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [TCP Query User{FC844555-4DC4-4172-8E16-26BDD7E7CADC}C:\users\owner\appdata\local\temp\g2_1611\g2viewer.exe] => (Allow) C:\users\owner\appdata\local\temp\g2_1611\g2viewer.exe
FirewallRules: [uDP Query User{20097E91-3466-4996-87E3-D9102BC0542C}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{8017DB63-A80E-4A93-BA3A-0154FCADF8F2}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{95E393B5-BAD5-469F-964D-042836FCF863}] => (Allow) C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{29F493D2-FA6F-4019-B00C-BCBA5D71E6D8}] => (Allow) C:\Users\owner\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2292F68E-BDB0-4217-BBC0-24D00AD73287}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{F958BC1E-8A9B-445B-93D4-98B3D1D1E01F}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{EEC87D89-8998-4D40-AE08-D7069A4864EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CE659823-9E49-40B3-98EC-45FC40693669}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{E3187DE3-2E68-4F8C-AE1F-B35DC7456A1D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{F34F7168-35DC-45D7-9745-DAE5253AD21E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{6B0374A7-A765-4407-867B-F768E1B79A42}] => (Allow) C:\Program Files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe
FirewallRules: [{CA3CFEFB-3D54-478A-9379-FF09429CA570}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{F192E3F7-3D8E-44B4-A183-9DD3FE6050CF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{D32B9A1A-A1DE-48C0-B436-981F6703134A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{06A826E7-30F4-466A-A5DC-26FD1234C6FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{BD9D502E-A43F-4584-BB4A-C6D4B19F2509}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{167A3AE7-D701-4E65-97FF-E1E49F20FFA1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{AB3F5D59-E2BC-4195-9E2E-36B837C24B92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9229D550-C845-4580-A011-19FE3294448D}] => (Allow) D:\setup\hpznui40.exe
FirewallRules: [{64C931E4-445F-4059-9947-D9C7E44F402A}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{1BDD6AC1-7A41-4F24-ABC3-281ACEA4147B}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{83213F9B-1105-4F66-A46E-EB6A2BD33C25}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
FirewallRules: [{EA472AAB-863C-4CD9-BCB6-88D18A109581}] => (Allow) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
FirewallRules: [{BBC7E273-4C24-4F02-8DAC-1EF1DC955A8B}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{65044FA8-7A43-4EDF-871E-CEC8199A68EB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: HP Photosmart C4700
Description: HP Photosmart C4700
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/12/2015 11:37:04 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x2788
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:37:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x33ac
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x1c78
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:40 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x33b4
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x30b8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x2ccc
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x18c8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:28 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x327c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x6f8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (12/12/2015 11:31:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x88e08a44
Fault offset: 0xd1ec058bfffa2e82
Faulting process id: 0x3500
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
 
System errors:
=============
Error: (12/12/2015 11:04:20 AM) (Source: DCOM) (EventID: 10010) (User: OWNER-PC)
Description: App
 
Error: (12/12/2015 10:57:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_faee30 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/12/2015 10:57:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_faee30 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/12/2015 10:57:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_faee30 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/12/2015 10:57:08 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_faee30 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/11/2015 09:24:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_b2935b service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/11/2015 11:10:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_24cd8f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/11/2015 11:10:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_24cd8f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/11/2015 11:10:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_24cd8f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/11/2015 11:10:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_24cd8f service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-12 11:37:04.978
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:37:02.864
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:46.073
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:40.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:32.893
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:30.177
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:28.996
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:27.806
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:25.549
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-12 11:31:15.991
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 52%
Total physical RAM: 4007.23 MB
Available physical RAM: 1897.25 MB
Total Virtual: 5415.23 MB
Available Virtual: 3246.61 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:148.46 GB) (Free:92.41 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: F4D42030)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=501 MB) - (Type=27)
 
==================== End of Addition.txt ============================


Thank you all for your help.
Link to post
Share on other sites

Hello,

    

 

They call me TwinHeadedEagle around here, and I'll try to help your with your issue.

 

     

    

Before we start please read and note the following:

  • We're primarily oriented on malware removal here, so you must know that some issues just cannot be solved and you must be prepared for this. Some tools we use here will remove your browser search history, so backup your important links and all the files whose loss is unacceptable.
  • Limit your internet access to posting here, some infections just wait to steal typed-in passwords.
  • Please be patient. I know it is frustrating when your PC isn't working properly, but malware removal takes time. Keep in mind that private life gets in the way too. Note that we may live in totally different time zones, what may cause some delays between answers.
  • Don't run any scripts or tools on your own, unsupervised usage may cause more harm than good.
  • Do not paste the logs in your posts, attachments make my work easier. There is a More reply options button, that gives you Upload Files option below which you can use to attach your reports. Always attach reports from all tools.
  • Always execute my instructions in given order. If for some reason you cannot completely follow one instruction, inform me about that.
  • Do not ask for help for your business PC. Companies are making revenue via computers, so it is good thing to pay someone to repair it.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
:excl: I can't foresee everything, so if anything not covered in my instructions happens, please stop and inform me!

:excl: There are no silly questions. Never be afraid to ask if in doubt!

 

 

 

  warning.gif Rules and policies

 

We won't support any piracy.

That being told, if any evidence of illegal OS, software, cracks/keygens or any other will be revealed, any further assistance will be suspended. If you are aware that there is this kind of stuff on your machine, remove it before proceeding!

The same applies to any use of P2P software: uTorrent, BitTorrent, Vuze, Kazaa, Ares... We don't provide any help for P2P, except for their removal. All P2P software has to be uninstalled or at least fully disabled before proceeding!

 

Failure to follow these guidelines will result with closing your topic and withdrawning any assistance.

 

 


FRST.gif Scan with Farbar Recovery Scan Tool

 

Please re-run Farbar Recovery Scan Tool to give me a fresh look at your system.

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content into your next reply.
Link to post
Share on other sites

First of all, your PC isn't infected.

 


 

It is normal to have chrome.exe *32 processes when you have 64-bit operating system with 32-bit Google Chrome.

 

You can download 64-bit Google Chrome and then you won't see *32 thing.

 

Visit the link below and then follow the instructions on images:

 

https://www.google.com/chrome/browser/desktop/index.html

 

dvt5wz.jpg

 

21kf0k4.jpg

 

Now you will have 64-bit Google Chrome.

 


 

There are some errors likely telling us about your audio issues:

Error: (12/12/2015 11:37:04 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0x88e08a44Fault offset: 0xd1ec058bfffa2e82Faulting process id: 0x2788Faulting application start time: 0xAUDIODG.EXE0Faulting application path: AUDIODG.EXE1Faulting module path: AUDIODG.EXE2Report Id: AUDIODG.EXE3Faulting package full name: AUDIODG.EXE4Faulting package-relative application ID: AUDIODG.EXE5 Error: (12/12/2015 11:37:01 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0x88e08a44Fault offset: 0xd1ec058bfffa2e82Faulting process id: 0x33acFaulting application start time: 0xAUDIODG.EXE0Faulting application path: AUDIODG.EXE1Faulting module path: AUDIODG.EXE2Report Id: AUDIODG.EXE3Faulting package full name: AUDIODG.EXE4Faulting package-relative application ID: AUDIODG.EXE5

Did you upgrade to Windows 10 from Windows 7?

Link to post
Share on other sites

  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.