Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something keeps trying to load every .2 seconds


  • Please log in to reply
20 replies to this topic

#1 kokopoko

kokopoko

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 12 December 2015 - 11:12 PM

After I log into Windows the mouse cursor has the circle by it probably 5 times a second.  Holding Alt+tab I can see a window opening and closing very fast several times a second.  I have booted in safe mode and ran malware bytes and super anti spy ware.  The issue is still occuring.  I don't know if it's a Windows message window or if it's a virus.  I can't right click, use any form or almost anything because of this.  I would love some help.

 

I can't even right click to choose the correct spelling of occurring up above.



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:28 PM

Posted 13 December 2015 - 09:11 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Wait for further instructions.

#3 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 13 December 2015 - 11:20 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-12-2015 01
Ran by Christine (administrator) on HENRIK (13-12-2015 09:40:51)
Running from C:\Users\Christine\Downloads
Loaded Profiles: Christine (Available Profiles: Christine & racha_000 & Guest)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(HP) C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Amazon.com) C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Dell SonicWALL, Inc.) C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(AuthenTec Inc.) C:\Program Files (x86)\HP SimplePass\TouchControl.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Users\Christine\AppData\Local\Amazon Music\Amazon Music Helper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.11.19004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(SecureMix LLC) C:\Program Files (x86)\GlassWire\GWIdlMon.exe
() C:\Program Files (x86)\HP SimplePass\IEWebSiteLogon.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(AuthenTec, Inc.) C:\Program Files\Common Files\AuthenTec\TrueService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.211.2592.0.exe
(Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [108144 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-10-16] (Apple Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2014-11-01] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-08-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8205944 2014-12-30] (Zemana Ltd.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2621240 2015-11-18] (Malwarebytes Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [AmazonGSDownloaderTray] => C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe [331776 2015-06-19] (Amazon.com)
HKU\S-1-5-21-3602722209-807914381-4217121093-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-11-07] (SUPERAntiSpyware)
HKU\S-1-5-21-3602722209-807914381-4217121093-1001\...\Run: [GlassWire] => C:\Program Files (x86)\GlassWire\glasswire.exe [10518528 2015-10-13] (SecureMix LLC)
HKU\S-1-5-21-3602722209-807914381-4217121093-1001\...\Run: [GoogleChromeAutoLaunch_BFAE9D56EBA93BAC15D6F9F7001A1AA0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-04] (Google Inc.)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64\FileSyncShell64.dll [2015-12-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64\FileSyncShell64.dll [2015-12-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64\FileSyncShell64.dll [2015-12-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileSyncShell.dll [2015-12-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileSyncShell.dll [2015-12-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Christine\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileSyncShell.dll [2015-12-07] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 3 (GFS Folder)] -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-07-17] ()
Startup: C:\Users\racha_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SynRemoveUserSettings.bat [2015-07-17] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{61dc3d0d-30e0-434c-9ebe-76378333fcc7}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3602722209-807914381-4217121093-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3602722209-807914381-4217121093-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
HKU\S-1-5-21-3602722209-807914381-4217121093-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {53B95B45-F837-4A57-ABA6-ACF6C2E1FBE8} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3602722209-807914381-4217121093-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3602722209-807914381-4217121093-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll [2014-03-11] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-08] ()
FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2012-08-10] ( HP)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-10-04] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-10-04] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-06] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3602722209-807914381-4217121093-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Christine\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-01-03] (Citrix Online)
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
 
Chrome: 
=======
CHR NewTab: Profile 1 -> "chrome-extension://kimodcegbhclamjcbifgfaldeengbgij/index.html","chrome-extension://laookkfknpbbblfpciffpaejjkokdgca/dashboard.html"
CHR DefaultSearchKeyword: Profile 1 -> lp
CHR Session Restore: Profile 1 -> is enabled.
CHR Profile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (US Weather Radar) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2014-11-11]
CHR Extension: (Duolingo on the Web) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-01-09]
CHR Extension: (Gojee Food) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2014-10-12]
CHR Extension: (Boomerang Calendar) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\annmcneienljahlbfoaomcfghmomhfho [2015-06-21]
CHR Extension: (Google Docs) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Task Timer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2015-01-01]
CHR Extension: (Google Drive) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-09]
CHR Extension: (Weather (extension)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2015-01-13]
CHR Extension: (Simple Pomodoro®) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blidjjfbdbkcmegfnidmgndgdamhhelp [2015-06-21]
CHR Extension: (YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-09]
CHR Extension: (Adblock Plus) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-06-21]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-10-12]
CHR Extension: (Video Poker) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cikdcpagdgnihikinbpjjaajjpcjcdlo [2014-10-12]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2014-09-30]
CHR Extension: (Google Search) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-28]
CHR Extension: (kimono) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\deoaddaobnieaecelinfdllcgdehimih [2015-05-24]
CHR Extension: (Category Tabs for Google Keep™) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlahcjmefibiedeecoegjilekaebchhl [2014-12-28]
CHR Extension: (Google News) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-03-07]
CHR Extension: (Raindrops(Non-Aero)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2015-03-01]
CHR Extension: (Court Records) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpfmaeoembkacpmifbjjadbghcbaaehk [2014-11-21]
CHR Extension: (Alarm) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjkdjnaajdmnminlhhhcicfnokdhjfg [2014-12-25]
CHR Extension: (Website Logon) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fegekclkdhbnfdcmomlpegkkndgnmfmo [2014-09-30]
CHR Extension: (Google Sheets) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Word Online) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2014-09-30]
CHR Extension: (Stopwatch) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2014-10-12]
CHR Extension: (Web Timer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggnjbdfgigejghknieofeahaknkjafim [2015-01-01]
CHR Extension: (The Camelizer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2015-04-12]
CHR Extension: (Alarm Clock - on & offline Free) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hckmpcehmdipkonjnilbahaacckekbfm [2014-10-14]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-06-21]
CHR Extension: (feedly) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2014-09-30]
CHR Extension: (Weather Now) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmiebhdnnejnaijgmkhomnheecmonjli [2014-10-12]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-06-21]
CHR Extension: (Keyword Tool Dominator) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifllhnpbdlifihflnfooolhjicbknpob [2015-05-21]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2014-10-04]
CHR Extension: (1-click-timer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-05-21]
CHR Extension: (Scrum for Trello) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdbcdblgjdpmfninkoogcfpnkjmndgje [2015-03-07]
CHR Extension: (Klout) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2014-10-12]
CHR Extension: (Kanbanchi) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjnjkolifmlkjdnnbjghoaiaiajmlded [2015-01-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-01-09]
CHR Extension: (Autodesk Homestyler) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2014-10-12]
CHR Extension: (Momentum) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-05-31]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-24]
CHR Extension: (Skype Click to Call) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-05-20]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-03-28]
CHR Extension: (Google Wallet) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-15]
CHR Extension: (Trello) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\oflhioojkbelepjlnafgmgkkjhojphcg [2015-01-08]
CHR Extension: (KDSPY) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\oocoibgfbhcplhnfdjldohepoeboiloo [2015-06-19]
CHR Extension: (Gmail) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR Profile: C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-21]
CHR Extension: (US Weather Radar) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\abdnkhfljcoblghnaabndinjadlmhknj [2015-06-21]
CHR Extension: (Duolingo on the Web) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2015-06-21]
CHR Extension: (Gojee Food) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajebcmdcgoggdncokkbdifohckmfpgnb [2015-06-21]
CHR Extension: (Boomerang Calendar) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\annmcneienljahlbfoaomcfghmomhfho [2015-10-04]
CHR Extension: (Google Docs) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-21]
CHR Extension: (Task Timer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aomfjmibjhhfdenfkpaodhnlhkolngif [2015-06-21]
CHR Extension: (Google Drive) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-07]
CHR Extension: (Weather (extension)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc [2015-06-21]
CHR Extension: (Simple Pomodoro®) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blidjjfbdbkcmegfnidmgndgdamhhelp [2015-06-21]
CHR Extension: (YouTube) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-04]
CHR Extension: (Adblock Plus) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-11-26]
CHR Extension: (start.me - customize your new tab home page) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfmnkhhioonhiehehedmnjibmampjiab [2015-08-05]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2015-06-21]
CHR Extension: (Video Poker) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cikdcpagdgnihikinbpjjaajjpcjcdlo [2015-06-21]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2015-06-21]
CHR Extension: (Google Search) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-07]
CHR Extension: (kimono) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\deoaddaobnieaecelinfdllcgdehimih [2015-06-21]
CHR Extension: (Tampermonkey) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-11-21]
CHR Extension: (Category Tabs for Google Keep™) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dlahcjmefibiedeecoegjilekaebchhl [2015-12-12]
CHR Extension: (Google News) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dllkocilcinkggkchnjgegijklcililc [2015-06-21]
CHR Extension: (Raindrops(Non-Aero)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dpagcfbbmlebfnkeogkigellbgmfkjfg [2015-06-21]
CHR Extension: (Google Play Music) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-12-12]
CHR Extension: (Alarm) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fdjkdjnaajdmnminlhhhcicfnokdhjfg [2015-06-21]
CHR Extension: (Google Sheets) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-21]
CHR Extension: (Word Online) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fiombgjlkfpdpkbhfioofeeinbehmajg [2015-06-21]
CHR Extension: (Stopwatch) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggnidjbcahhbnleinchgobfnabopeioh [2015-06-21]
CHR Extension: (Web Timer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ggnjbdfgigejghknieofeahaknkjafim [2015-06-21]
CHR Extension: (Google Docs Offline) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-17]
CHR Extension: (The Camelizer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghnomdcacenbmilgjigehppbamfndblo [2015-09-01]
CHR Extension: (Pin It Button) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-11-07]
CHR Extension: (feedly) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hipbfijinpcgfogaopmgehiegacbhmob [2015-06-21]
CHR Extension: (Weather Now) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmiebhdnnejnaijgmkhomnheecmonjli [2015-11-07]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2015-12-12]
CHR Extension: (Keyword Tool Dominator) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ifllhnpbdlifihflnfooolhjicbknpob [2015-10-04]
CHR Extension: (The Weather Channel for Chrome) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2015-06-21]
CHR Extension: (1-click-timer) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\igloknlllonknnbkfgggfkigmeegmakf [2015-06-21]
CHR Extension: (Scrum for Trello) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jdbcdblgjdpmfninkoogcfpnkjmndgje [2015-09-13]
CHR Extension: (Klout) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jjaakbhpcbpmojkhpiaacepfcaniglak [2015-07-02]
CHR Extension: (Kanbanchi) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jjnjkolifmlkjdnnbjghoaiaiajmlded [2015-06-21]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2015-10-04]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-06-21]
CHR Extension: (Autodesk Homestyler) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2015-06-21]
CHR Extension: (Dayboard - New Tab Page) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kimodcegbhclamjcbifgfaldeengbgij [2015-12-12]
CHR Extension: (Momentum) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\laookkfknpbbblfpciffpaejjkokdgca [2015-11-07]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-29]
CHR Extension: (Trello) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oflhioojkbelepjlnafgmgkkjhojphcg [2015-06-21]
CHR Extension: (KDSPY) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\oocoibgfbhcplhnfdjldohepoeboiloo [2015-12-07]
CHR Extension: (Gmail) - C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-21]
CHR HKU\S-1-5-21-3602722209-807914381-4217121093-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fegekclkdhbnfdcmomlpegkkndgnmfmo] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2012-07-12]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\Exts\Chrome.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 Amazon Download Agent; C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [407040 2015-06-19] (Amazon.com) [File not signed]
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2278152 2015-11-13] (Broadcom Corporation.)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-14] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [134512 2015-07-14] (Dropbox, Inc.)
R2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-08-10] (HP)
S4 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [777744 2015-10-29] (Garmin Ltd. or its subsidiaries)
R2 GlassWire; C:\Program Files (x86)\GlassWire\GWCtlSrv.exe [8902144 2015-10-13] (SecureMix LLC)
R2 HPConnectedRemote; C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35744 2012-10-12] (Hewlett-Packard)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [739640 2015-11-18] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [327680 2014-11-01] (IDT, Inc.) [File not signed]
R2 SWGVCSvc; C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe [336616 2013-12-03] (Dell SonicWALL, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated)
R3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [199472 2015-11-13] (Broadcom Corporation.)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S1 DNE; C:\Windows\system32\DRIVERS\dnelwf64.sys [133456 2013-10-03] (Citrix Systems, Inc.)
R1 gwdrv; C:\Windows\system32\DRIVERS\gwdrv.sys [33152 2015-05-28] (SecureMix LLC)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [76520 2014-12-30] (Zemana Ltd.)
R3 libusb0; C:\Windows\system32\DRIVERS\libusb0.sys [44480 2011-05-17] (hxxp://libusb-win32.sourceforge.net)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated)
S2 SWIPsec; C:\WINDOWS\system32\Drivers\SWIPsec.sys [110064 2013-12-03] (Dell SonicWALL, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-12] ()
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 09:40 - 2015-12-13 09:41 - 02369536 _____ (Farbar) C:\Users\Christine\Downloads\Unconfirmed 525853.crdownload
2015-12-13 09:40 - 2015-12-13 09:41 - 00042541 _____ C:\Users\Christine\Downloads\FRST.txt
2015-12-13 09:40 - 2015-12-13 09:40 - 00000000 ____D C:\FRST
2015-12-13 09:30 - 2015-12-13 09:40 - 02369536 _____ (Farbar) C:\Users\Christine\Downloads\FRST64.exe
2015-12-13 02:17 - 2015-12-13 02:17 - 00034457 _____ C:\Users\Christine\Downloads\MTB.txt
2015-12-13 02:07 - 2015-12-13 02:19 - 00000794 _____ C:\Users\Christine\Desktop\unhide.txt
2015-12-13 02:02 - 2015-12-13 02:02 - 00000000 ____D C:\Users\Christine\Downloads\backups
2015-12-12 23:31 - 2015-12-13 01:54 - 00000000 ____D C:\Users\Christine\Desktop\mbar
2015-12-12 22:48 - 2015-12-12 22:49 - 00089534 _____ C:\TDSSKiller.3.1.0.8_12.12.2015_22.48.03_log.txt
2015-12-12 22:46 - 2015-12-13 02:25 - 00000708 _____ C:\Users\Christine\Desktop\JRT.txt
2015-12-12 22:40 - 2015-12-13 02:23 - 00003102 _____ C:\Users\Christine\Desktop\Rkill.txt
2015-12-12 22:21 - 2015-12-13 02:22 - 00000000 ____D C:\AdwCleaner
2015-12-12 22:20 - 2015-12-12 22:20 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Christine\Downloads\mbar-1.09.3.1001 (1).exe
2015-12-12 22:19 - 2015-12-13 02:19 - 00448512 _____ (OldTimer Tools) C:\Users\Christine\Downloads\TFC.exe
2015-12-12 22:19 - 2015-12-13 02:17 - 00891392 _____ (Farbar) C:\Users\Christine\Downloads\MiniToolBox.exe
2015-12-12 22:19 - 2015-12-13 02:06 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Christine\Downloads\unhide.exe
2015-12-12 22:19 - 2015-12-13 01:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\Christine\Downloads\HijackThis.exe
2015-12-12 22:19 - 2015-12-12 23:31 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Christine\Downloads\mbar-1.09.3.1001.exe
2015-12-12 22:19 - 2015-12-12 22:19 - 05565384 _____ (Piriform Ltd) C:\Users\Christine\Downloads\ccsetup512_slim.exe
2015-12-12 22:18 - 2015-12-12 22:18 - 21206664 _____ (Tweaking.com) C:\Users\Christine\Downloads\tweaking.com_windows_repair_aio_setup (1).exe
2015-12-12 22:17 - 2015-12-12 22:50 - 20829256 _____ C:\Users\Christine\Downloads\RogueKiller.exe
2015-12-12 22:17 - 2015-12-12 22:50 - 01720320 _____ (Farbar) C:\Users\Christine\Downloads\FRST.exe
2015-12-12 22:16 - 2015-12-12 22:48 - 04676456 _____ (Kaspersky Lab ZAO) C:\Users\Christine\Downloads\tdsskiller.exe
2015-12-12 22:16 - 2015-12-12 22:43 - 01599336 _____ (Malwarebytes) C:\Users\Christine\Downloads\JRT.exe
2015-12-12 22:16 - 2015-12-12 22:40 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Christine\Downloads\rkill.exe
2015-12-12 22:15 - 2015-12-12 22:21 - 01738240 _____ C:\Users\Christine\Downloads\AdwCleaner.exe
2015-12-12 22:14 - 2015-12-12 22:21 - 05640685 _____ (Swearware) C:\Users\Christine\Downloads\ComboFix.exe
2015-12-12 21:58 - 2015-12-12 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-12 21:51 - 2015-12-12 21:51 - 00638082 _____ C:\Users\Christine\Downloads\Sysmon.zip
2015-12-12 21:51 - 2015-12-12 21:51 - 00000000 ____D C:\Users\Christine\Downloads\Sysmon
2015-12-12 15:36 - 2015-12-12 15:36 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-12 14:03 - 2015-12-13 09:33 - 00080316 _____ C:\WINDOWS\ntbtlog.txt
2015-12-12 12:49 - 2015-12-12 12:49 - 00000000 ____D C:\WINDOWS\pss
2015-12-12 10:00 - 2015-12-12 10:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks
2015-12-12 09:50 - 2015-12-01 01:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-12 09:50 - 2015-11-24 06:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-12 09:50 - 2015-11-24 05:07 - 03671896 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-12 09:50 - 2015-11-24 05:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-12 09:50 - 2015-11-24 04:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-12 09:50 - 2015-11-24 04:03 - 02918808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-12 09:50 - 2015-11-24 04:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-12 09:50 - 2015-11-24 03:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-12 09:50 - 2015-11-24 03:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-12 09:50 - 2015-11-24 03:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-12 09:50 - 2015-11-24 03:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-12 09:50 - 2015-11-24 03:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-12 09:50 - 2015-11-24 03:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-12 09:50 - 2015-11-24 03:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-12 09:50 - 2015-11-24 02:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-12 09:50 - 2015-11-24 02:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-12 09:50 - 2015-11-24 02:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-12 09:50 - 2015-11-24 02:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-12 09:50 - 2015-11-24 02:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-12 09:50 - 2015-11-24 02:27 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-12 09:50 - 2015-11-24 02:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-12 09:50 - 2015-11-24 02:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-12 09:50 - 2015-11-24 01:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-12 09:50 - 2015-11-24 01:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-12 09:50 - 2015-11-24 01:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-12 09:50 - 2015-11-24 01:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-12 09:50 - 2015-11-24 01:25 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-12 09:50 - 2015-11-24 01:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-12 09:50 - 2015-11-24 01:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-12 09:50 - 2015-11-24 01:09 - 19338240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-12 09:50 - 2015-11-24 01:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-12 09:50 - 2015-11-24 01:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-12 09:41 - 2015-12-12 09:41 - 00000000 ____D C:\Program Files\Synaptics
2015-12-12 09:41 - 2015-08-21 20:18 - 00044192 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-12-12 09:39 - 2015-12-12 09:39 - 00077709 _____ C:\Users\Christine\Downloads\export (36).qfx
2015-12-07 23:40 - 2015-12-07 23:40 - 00084872 _____ C:\Users\Christine\Downloads\C.Breen 11.27.15.pdf
2015-12-07 23:31 - 2015-12-07 23:31 - 00000000 ____D C:\Users\Christine\AppData\Local\ActiveSync
2015-12-07 23:28 - 2015-12-07 23:28 - 00000020 ___SH C:\Users\Christine\ntuser.ini
2015-12-07 00:40 - 2015-12-07 00:01 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-07 00:28 - 2015-12-07 00:28 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 02587136 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-07 00:28 - 2015-12-07 00:28 - 02064384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-07 00:28 - 2015-12-07 00:28 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-07 00:28 - 2015-12-07 00:28 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-07 00:28 - 2015-12-07 00:28 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-07 00:28 - 2015-12-07 00:28 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-07 00:28 - 2015-12-07 00:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-07 00:28 - 2015-12-07 00:28 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-07 00:28 - 2015-12-07 00:28 - 00000000 ____D C:\Windows.old
2015-12-07 00:27 - 2015-12-07 00:27 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01284960 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00975200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-07 00:27 - 2015-12-07 00:27 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-07 00:27 - 2015-12-07 00:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-07 00:27 - 2015-12-07 00:27 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-07 00:27 - 2015-12-07 00:27 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-07 00:27 - 2015-12-07 00:27 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-07 00:27 - 2015-12-07 00:27 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-07 00:27 - 2015-12-07 00:27 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-07 00:25 - 2015-12-07 00:25 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-07 00:22 - 2015-12-07 00:22 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-07 00:22 - 2015-12-07 00:22 - 00000000 ____D C:\Program Files\MSBuild
2015-12-07 00:22 - 2015-12-07 00:22 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-07 00:22 - 2015-12-07 00:22 - 00000000 ____D C:\inetpub
2015-12-07 00:22 - 2015-12-06 23:08 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-07 00:21 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-07 00:21 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-07 00:21 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-07 00:21 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-07 00:21 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-07 00:21 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-06 23:25 - 2015-12-06 23:25 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-06 23:25 - 2015-12-06 23:25 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-06 23:25 - 2015-12-06 23:25 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-06 23:25 - 2015-12-06 23:25 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-06 23:25 - 2015-12-06 23:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-06 23:25 - 2015-12-06 23:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-06 23:25 - 2015-12-06 23:25 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-06 23:18 - 2015-12-13 09:31 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default\Documents\hp.system.package.metadata
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default\Documents\hp.applications.package.appdata
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default User\Documents\hp.system.package.metadata
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default User\Documents\hp.applications.package.appdata
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-06 23:05 - 2015-12-06 23:05 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-12-06 23:04 - 2015-12-06 23:04 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-06 22:54 - 2015-12-06 23:08 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-06 22:50 - 2015-12-13 02:29 - 00000000 ____D C:\Users\Christine
2015-12-06 22:50 - 2015-12-08 00:24 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-06 22:50 - 2015-12-06 23:14 - 00991300 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-06 22:50 - 2015-12-06 23:13 - 00000000 ____D C:\Users\racha_000
2015-12-06 22:50 - 2015-12-06 23:12 - 00000000 ____D C:\Users\Guest
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\racha_000\My Documents
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\racha_000\Documents\My Videos
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\racha_000\Documents\My Pictures
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\racha_000\Documents\My Music
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Guest\My Documents
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Christine\My Documents
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Christine\Documents\My Videos
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Christine\Documents\My Pictures
2015-12-06 22:50 - 2015-12-06 22:50 - 00000000 _SHDL C:\Users\Christine\Documents\My Music
2015-12-06 22:46 - 2015-12-06 23:08 - 00000000 ____D C:\ProgramData\Ant
2015-12-06 22:46 - 2015-12-06 22:55 - 00000000 ____D C:\Program Files\Intel
2015-12-06 22:46 - 2015-12-06 22:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-12-06 22:46 - 2015-12-06 22:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-12-06 22:46 - 2015-12-06 22:46 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-12-06 22:46 - 2015-12-06 22:46 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-12-06 22:46 - 2015-12-06 22:46 - 00000000 ____D C:\ProgramData\Validity
2015-12-06 22:46 - 2015-10-18 09:59 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-06 22:46 - 2015-10-18 09:59 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-06 22:45 - 2015-10-30 01:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-06 22:41 - 2015-12-12 12:21 - 00443240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-11-28 13:18 - 2015-12-06 23:18 - 00002470 _____ C:\WINDOWS\System32\Tasks\Amazon Music Helper
2015-11-28 13:18 - 2015-12-06 23:08 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Music
2015-11-28 13:18 - 2015-11-28 13:19 - 00001253 _____ C:\Users\Christine\Desktop\Amazon Music.lnk
2015-11-28 13:18 - 2015-11-28 13:19 - 00000000 ____D C:\Users\Christine\AppData\Local\Amazon Music
2015-11-28 13:17 - 2015-12-06 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-11-28 13:17 - 2015-11-28 13:18 - 41261584 _____ (Amazon) C:\Users\Christine\Downloads\Amazon_Music_with_Prime_Music_PC (1).exe
2015-11-28 13:17 - 2015-11-28 13:18 - 00000000 ____D C:\Users\Public\Documents\Amazon Games & Software
2015-11-28 13:17 - 2015-11-28 13:17 - 00000000 ____D C:\Users\Christine\Documents\Amazon Downloads
2015-11-28 13:17 - 2015-11-28 13:17 - 00000000 ____D C:\ProgramData\Amazon
2015-11-28 13:17 - 2015-11-28 13:17 - 00000000 ____D C:\Program Files (x86)\Amazon
2015-11-28 13:16 - 2015-11-28 13:16 - 03369936 _____ (Amazon ) C:\Users\Christine\Downloads\AmazonGSDownloaderSetup.exe
2015-11-28 13:15 - 2015-11-28 13:16 - 41261584 _____ (Amazon) C:\Users\Christine\Downloads\Amazon_Music_with_Prime_Music_PC.exe
2015-11-26 19:55 - 2015-11-26 19:55 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-11-26 18:18 - 2015-11-26 18:18 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-HENRIK-Windows-10-Home-(64-bit).dat
2015-11-26 18:18 - 2015-11-26 18:18 - 00000000 ____D C:\RegBackup
2015-11-26 17:36 - 2015-12-12 12:54 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-11-26 16:35 - 2015-11-26 16:35 - 00002232 _____ C:\Users\Christine\Desktop\Tweaking.com - Windows Repair.lnk
2015-11-26 16:33 - 2015-12-06 23:18 - 00003006 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2015-11-26 16:33 - 2015-12-06 22:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-11-26 16:32 - 2015-11-26 16:32 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-11-26 16:31 - 2015-11-26 16:35 - 00183477 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2015-11-26 16:31 - 2015-11-26 16:31 - 21206712 _____ (Tweaking.com) C:\Users\Christine\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-11-22 11:04 - 2015-11-22 11:04 - 00723172 _____ C:\Users\Christine\Downloads\bookwip.pdf
2015-11-22 02:45 - 2015-11-22 02:45 - 00446292 _____ C:\Users\Christine\Desktop\You're Not Crazy - It's Your Mother_ Understanding anfor Daughters of Narcissistic Mothers - Danu Morrigan.mobi
2015-11-22 02:45 - 2015-11-22 02:45 - 00414100 _____ C:\Users\Christine\Desktop\You're Not Crazy - It's Your Mother_ Understanding anfor Daughters of Narcissistic Mothers - Danu Morrigan.azw3
2015-11-22 02:45 - 2015-11-22 02:45 - 00352152 _____ C:\Users\Christine\Desktop\You're Not Crazy - It's Your Mother_ Understanding anfor Daughters of Narcissistic Mothers - Danu Morrigan.epub
2015-11-22 02:45 - 2015-11-22 02:45 - 00001521 _____ C:\Users\Christine\Desktop\You're Not Crazy - It's Your Mother_ Understanding anfor Daughters of Narcissistic Mothers - Danu Morrigan.opf
2015-11-21 02:19 - 2015-11-21 02:19 - 00000000 ____D C:\Users\Christine\Downloads\stake
2015-11-21 02:19 - 2014-04-29 18:02 - 00503164 _____ C:\Users\Christine\Downloads\How to Seduce a Vampire Without Really Trying by Kerrelyn Sparks.epub
2015-11-21 02:19 - 2013-08-27 14:46 - 00595981 _____ C:\Users\Christine\Downloads\The Vampire With the Dragon Tattoo (Love - Sparks, Kerrelyn.epub
2015-11-21 02:19 - 2013-08-27 14:44 - 00746334 _____ C:\Users\Christine\Downloads\The Vampire With the Dragon Tattoo (Love - Sparks, Kerrelyn.mobi
2015-11-21 02:07 - 2015-11-21 02:08 - 00629277 _____ C:\Users\Christine\Downloads\CTT-K-Spa.epub
2015-11-21 02:07 - 2015-11-21 02:07 - 10227225 _____ C:\Users\Christine\Downloads\KSlas.rar
2015-11-21 02:06 - 2015-11-21 02:06 - 01845809 _____ C:\Users\Christine\Downloads\Stake1415.rar
2015-11-15 20:43 - 2015-11-15 20:43 - 00104355 _____ C:\Users\Christine\Downloads\export (35).qfx
2015-11-13 21:08 - 2015-11-13 21:08 - 00584953 _____ C:\Users\Christine\Downloads\Reaper's Fall - Joanna Wylde.mobi
2015-11-13 19:14 - 2015-11-13 19:14 - 02278152 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
2015-11-13 19:14 - 2015-11-13 19:14 - 00214328 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
2015-11-13 19:14 - 2015-11-13 19:14 - 00199472 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcbtums.sys
2015-11-13 19:14 - 2015-11-13 19:14 - 00092424 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btwdi.dll
2015-11-13 19:14 - 2015-11-13 19:14 - 00069721 _____ C:\WINDOWS\system32\Drivers\BCM20702A1_001.002.014.1443.1460.hex
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-12-13 09:40 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-13 09:40 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-13 09:40 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
2015-12-13 09:36 - 2014-09-30 08:52 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{9FDB318C-0F3F-4DF1-9CF5-1D6F99ADAFF8}
2015-12-13 09:32 - 2015-07-14 11:46 - 00000924 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2015-12-13 09:32 - 2014-10-03 23:51 - 00000000 __SHD C:\Users\Christine\IntelGraphicsProfiles
2015-12-13 09:32 - 2014-09-30 08:56 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-13 09:32 - 2014-09-30 08:49 - 00000000 ____D C:\Users\Christine\AppData\LocalLow\AuthenTec
2015-12-13 09:31 - 2015-10-30 00:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-13 02:56 - 2015-07-14 11:46 - 00000928 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2015-12-13 02:46 - 2014-09-30 08:56 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-13 02:00 - 2014-11-01 15:30 - 00000000 ____D C:\Users\Christine\AppData\Local\Adobe
2015-12-13 01:56 - 2014-10-17 18:19 - 00000000 ____D C:\ProgramData\Skype
2015-12-13 01:54 - 2014-09-30 20:47 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-12-12 23:43 - 2014-09-30 20:45 - 00000000 ____D C:\Users\Christine\AppData\Local\CrashDumps
2015-12-12 23:32 - 2014-09-30 20:47 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-12 23:31 - 2014-09-30 20:47 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-12-12 23:31 - 2014-09-30 20:38 - 00000000 ____D C:\ProgramData\RogueKiller
2015-12-12 23:22 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-12 22:50 - 2014-09-30 20:38 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-12-12 22:06 - 2014-09-30 08:49 - 00000000 ____D C:\Users\Christine\AppData\Local\Packages
2015-12-12 21:58 - 2015-07-14 11:46 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-12 12:19 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-12 11:34 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-12 11:34 - 2014-10-19 22:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-12 11:33 - 2014-10-02 23:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-12 11:21 - 2014-10-02 23:15 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-12 11:08 - 2015-05-12 17:40 - 00000000 ____D C:\ProgramData\Garmin
2015-12-12 11:07 - 2015-08-25 19:57 - 00000362 _____ C:\WINDOWS\Tasks\HPCeeScheduleForChristine.job
2015-12-12 11:05 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-12 11:05 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-12 11:05 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-12 11:05 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-12 11:05 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-12 11:05 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-12 11:05 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-12 10:57 - 2015-08-05 18:48 - 00000000 ____D C:\Users\Christine\AppData\Local\Comms
2015-12-12 10:21 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-12 09:46 - 2015-08-25 19:57 - 00003270 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForChristine
2015-12-12 09:40 - 2015-01-01 13:25 - 00000000 ___RD C:\Users\Christine\Dropbox
2015-12-08 21:39 - 2014-10-02 23:28 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 00:08 - 2015-01-01 13:22 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Dropbox
2015-12-08 00:02 - 2014-09-30 08:50 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Synaptics
2015-12-07 23:49 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-07 23:36 - 2015-08-05 18:55 - 00002382 _____ C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-07 23:36 - 2014-10-03 23:55 - 00000000 __RDO C:\Users\Christine\OneDrive
2015-12-07 23:30 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-07 23:30 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-07 23:29 - 2014-10-03 23:51 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-07 23:29 - 2014-09-18 11:01 - 00000000 ___RD C:\Users\Public\AccountPictures
2015-12-07 05:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-07 00:40 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-07 00:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-07 00:22 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-07 00:22 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-07 00:22 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-07 00:22 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-07 00:22 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-07 00:22 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-07 00:22 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-07 00:22 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-07 00:22 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-07 00:22 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-07 00:22 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-07 00:22 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-07 00:22 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-06 23:26 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-06 23:25 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-06 23:25 - 2014-10-03 23:31 - 00055248 _____ C:\WINDOWS\diagwrn.xml
2015-12-06 23:25 - 2014-10-03 23:31 - 00055248 _____ C:\WINDOWS\diagerr.xml
2015-12-06 23:21 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-06 23:18 - 2015-07-14 11:46 - 00003464 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-12-06 23:18 - 2015-07-14 11:46 - 00003236 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-12-06 23:18 - 2015-05-12 17:40 - 00002702 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-12-06 23:18 - 2015-04-06 19:05 - 00002764 _____ C:\WINDOWS\System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-kokopoko30@LIVE.COM
2015-12-06 23:18 - 2015-03-24 14:30 - 00002682 _____ C:\WINDOWS\System32\Tasks\Apple Diagnostics
2015-12-06 23:18 - 2015-03-22 14:07 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3602722209-807914381-4217121093-1004
2015-12-06 23:18 - 2014-10-03 23:45 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-06 23:18 - 2014-09-30 08:57 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3602722209-807914381-4217121093-1001
2015-12-06 23:18 - 2014-09-30 08:56 - 00003432 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-06 23:18 - 2014-09-30 08:56 - 00003208 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-06 23:18 - 2014-09-18 10:59 - 00002318 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3602722209-807914381-4217121093-500
2015-12-06 23:18 - 2013-01-04 15:42 - 00002672 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-12-06 23:18 - 2013-01-04 15:30 - 00002536 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2015-12-06 23:18 - 2013-01-04 15:28 - 00002524 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2015-12-06 23:17 - 2015-10-30 01:24 - 00000000 ___RD C:\Users\Public\Libraries
2015-12-06 23:10 - 2015-07-10 03:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-06 23:08 - 2015-11-07 12:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-12-06 23:08 - 2015-11-07 12:04 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GlassWire 1.0
2015-12-06 23:08 - 2015-11-07 11:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-12-06 23:08 - 2015-10-30 03:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-06 23:08 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-12-06 23:08 - 2015-06-22 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kindle Samurai
2015-12-06 23:08 - 2015-06-21 18:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Scrivener
2015-12-06 23:08 - 2015-06-21 11:41 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-06 23:08 - 2015-05-01 11:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FanFictionDownloader
2015-12-06 23:08 - 2015-04-06 19:05 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-12-06 23:08 - 2015-03-27 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-06 23:08 - 2015-03-23 22:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Learn to Play Bridge
2015-12-06 23:08 - 2015-03-08 15:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RarZilla Free Unrar
2015-12-06 23:08 - 2015-02-14 20:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Frog SEO Spider
2015-12-06 23:08 - 2015-01-01 16:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
2015-12-06 23:08 - 2015-01-01 13:13 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-06 23:08 - 2015-01-01 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-12-06 23:08 - 2014-11-08 21:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-12-06 23:08 - 2014-11-08 21:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-06 23:08 - 2014-11-08 20:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-12-06 23:08 - 2014-10-31 23:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken 2015
2015-12-06 23:08 - 2014-10-14 20:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-06 23:08 - 2014-10-05 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RedNotebook
2015-12-06 23:08 - 2014-10-05 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iDailyDiary
2015-12-06 23:08 - 2014-10-04 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP560 series
2015-12-06 23:08 - 2014-10-04 15:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GlobFX Space Travel
2015-12-06 23:08 - 2014-10-04 15:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wikipedia ScreenSaver
2015-12-06 23:08 - 2014-10-04 12:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-06 23:08 - 2014-09-30 20:54 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-06 23:08 - 2014-09-30 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-12-06 23:08 - 2014-09-30 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-12-06 23:08 - 2014-09-30 19:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-12-06 23:08 - 2014-09-30 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Clementine
2015-12-06 23:08 - 2014-09-30 19:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiLogger Free
2015-12-06 23:08 - 2014-09-30 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mIRC
2015-12-06 23:08 - 2014-09-30 18:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-12-06 23:08 - 2014-09-30 09:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-06 23:08 - 2013-01-04 15:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-06 23:08 - 2013-01-04 15:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2015-12-06 23:08 - 2013-01-04 15:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2015-12-06 23:08 - 2013-01-04 15:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-06 23:08 - 2012-12-03 20:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-06 23:08 - 2012-12-03 20:06 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-06 23:08 - 2012-12-03 20:02 - 00000000 ____D C:\WINDOWS\en
2015-12-06 23:08 - 2012-12-03 19:55 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2015-12-06 23:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-06 23:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-12-06 23:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-12-06 23:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-06 23:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-12-06 23:00 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-06 23:00 - 2012-12-03 19:59 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-12-06 22:59 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-06 22:59 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-06 22:59 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-06 22:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-06 22:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2015-12-06 22:57 - 2014-10-04 20:34 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-12-06 22:57 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-06 22:55 - 2015-11-07 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-12-06 22:55 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-06 22:55 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\System
2015-12-06 22:55 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-06 22:55 - 2015-01-12 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memoriad
2015-12-06 22:55 - 2014-11-01 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-12-06 22:55 - 2014-09-30 08:51 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2015-12-06 22:55 - 2012-12-03 19:57 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2015-12-06 22:53 - 2015-10-03 10:45 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Great Game Products Inc
2015-12-06 22:53 - 2014-10-19 21:38 - 00000000 ____D C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-12-06 22:52 - 2014-10-12 22:49 - 00000000 ____D C:\Users\racha_000\AppData\Local\Packages
2015-12-06 22:51 - 2014-10-10 21:14 - 00000000 ____D C:\Users\Guest\AppData\Local\Packages
2015-12-06 22:49 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-06 22:41 - 2015-10-30 03:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-06 22:00 - 2015-10-30 03:42 - 00000000 ____D C:\$WINDOWS.~BT
2015-12-06 22:00 - 2014-09-30 18:47 - 00000000 ____D C:\Users\Christine\Documents\Calibre Library
2015-12-06 18:16 - 2014-09-30 18:51 - 00000000 ____D C:\Users\Christine\AppData\Roaming\mIRC
2015-12-06 11:10 - 2014-09-30 18:51 - 00000000 ____D C:\Program Files (x86)\mIRC
2015-11-30 18:33 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 18:33 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-11-26 16:21 - 2014-09-30 09:27 - 00000000 ____D C:\Users\Christine\AppData\Local\ElevatedDiagnostics
2015-11-26 15:55 - 2014-09-30 20:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-11-22 22:27 - 2014-09-30 20:50 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2015-11-19 23:27 - 2014-09-30 08:56 - 00000000 ____D C:\Users\Christine\AppData\Local\Google
2015-11-19 23:06 - 2015-11-07 12:15 - 00000000 ____D C:\Program Files\iTunes
2015-11-19 23:01 - 2015-10-15 18:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2015-11-19 22:56 - 2015-11-07 12:15 - 00000000 ____D C:\Program Files\iPod
2015-11-19 22:56 - 2015-11-07 12:15 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-11-19 22:56 - 2015-10-15 18:35 - 00000000 ____D C:\Program Files\Bonjour
2015-11-19 22:56 - 2015-05-12 17:40 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-11-19 22:56 - 2015-04-06 19:02 - 00000000 ____D C:\ProgramData\Package Cache
2015-11-19 22:56 - 2014-11-16 01:05 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-11-19 22:56 - 2014-10-03 23:21 - 00000000 ____D C:\Program Files (x86)\Intel
2015-11-19 22:56 - 2014-09-30 08:56 - 00000000 ____D C:\Program Files (x86)\Google
2015-11-19 22:55 - 2015-10-15 18:35 - 00000000 ____D C:\Program Files (x86)\Bonjour
2015-11-19 22:55 - 2015-10-15 18:34 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2015-11-19 22:13 - 2014-10-05 00:25 - 00000000 ____D C:\ProgramData\Apple Computer
2015-11-19 22:13 - 2013-01-04 15:14 - 00000000 ____D C:\ProgramData\Apple
2015-11-19 21:14 - 2013-01-04 15:07 - 00000000 ____D C:\Intel
 
==================== Files in the root of some directories =======
 
2015-06-23 19:55 - 2015-06-23 19:55 - 0000041 _____ () C:\Users\Christine\AppData\Roaming\license.aalic
2015-04-08 21:35 - 2015-07-18 14:23 - 0001456 _____ () C:\Users\Christine\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-05 00:27 - 2014-10-05 00:27 - 0000218 _____ () C:\Users\Christine\AppData\Local\recently-used.xbel
2014-09-30 08:50 - 2014-09-30 08:50 - 0000141 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
 
Files to move or delete:
====================
C:\Users\Christine\valWBFPolicyService.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-06 22:40
 
==================== End of FRST.txt ============================

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:28 PM

Posted 13 December 2015 - 02:45 PM

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 1 (GFS Unread Stub)] -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2 (GFS Stub)] -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)] -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers-x32: [Groove Explorer Icon Overlay 4 (GFS Unread Mark)] -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL No File
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3602722209-807914381-4217121093-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3602722209-807914381-4217121093-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn => not found
S2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [X]
S3 SmbDrv; \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys [X]
Task: {25FE9420-9853-4D56-BD70-26CB1BA6AB48} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3DB26B91-51B7-4CE5-9548-FB2A8915C28E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {736A6378-400F-4B5D-B866-67E7213F55F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {85166383-AB64-431F-A00B-57B5EFAD0D27} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {9DB0F33E-EB86-406A-BBEB-221035F8F68C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {B1003ABD-6C91-4969-8FF9-BE0F52B07465} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {B1D2F389-780B-44F2-8790-D7133B2B055C} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C18E4E9D-196E-4E18-BA48-25E72C69FDDF} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {CE386DB5-AC11-4919-9A2A-8B323BA61D08} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {D60E9F0B-A3F6-41C1-A055-5A4C059CEEA0} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E52D4E84-F54E-4C62-BBC8-24925F7D3C9E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F3C4A5F2-3BDE-4D06-8419-36ACDB1CEA1A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\Christine\Documents\1.41_The_body_scan.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\2.4_Word_transcript_27Aug2015.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\ad-5-5-346.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\bridge1.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\bridge2.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\bs- V. Vaughn-7-28-2015.csv:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\bs-Paranormal Werewolves & Shifters Romance-7-28-2015.csv:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\continuous-monthly-calendar.xlsx:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\CQE5AseVEAAz1KN.jpg-large.jpeg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Dark Heart of Magic.zip:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\EroticaFormula.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\FormulaTemplate.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\henrik-lundqvist-team-sweden.jpg:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\howget11tricks.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\howget4extratricks.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_Cultivating_Curiosity_Exercise.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_Distraction_Procrastination_Pt1_transcript_Week_3_08Sep2015.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_Distraction_procrastination_Pt2_transcript_Week_3_08Sep2015.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_meditation_2.9_transcript_02Sep2015.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_Meditation_Body_Breath_Sound_10_minutes.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_Meditation_Body_Scan_5_minutes.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_Meditation_Training_the_puppy (1).mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Mindfulness_Meditation_Training_the_puppy.mp3:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\pone.0124344.pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\Romance-Planning-Beat-Sheet.xls:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\S1-Mindfulness-Based-Therapy-A-Comprehensive-Meta-Analysis-by-Khoury-et-al..pdf:com.dropbox.attributes
AlternateDataStreams: C:\Users\Christine\Documents\wc- Terri Reid-7-11-2015.csv:com.dropbox.attributes

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem continues run this tool.

Lets check further.

You will need to temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Click the Options in bold the following options are available to you.
Select only the check boxes for the options in bold.
 

Running Processes
Installed Programs
Startup Information
FireFox look
Chrome Look
Auto Clean


Do a Quick Scan
HijackThis log
Uninstall list
Shortcut Fix
Do a Deep Scan
Installer List
IE Default
Silent Runner
System Restore Info
Symlink Check
Reset Chrome
System Specs
Recently created
Empty Temp
Auto Clean



Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.
Do
Please attach the zoek-results.log in your reply. It's probably too long to post.

How to:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.

Make sure you Enable your AV Program.

How is the computer now?

#5 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 13 December 2015 - 05:17 PM

The problem is still happening after I ran frst.  Here's the fix log from that.

Attached Files



#6 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 13 December 2015 - 05:19 PM

I am unable to right click zoek.exe and run as administrator as I can't right click. When I right click the window that shows up disappears so fast I can't click anything.  That's because the focus is always going to the mouse and the window that appears when I right click, disappears.



#7 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 13 December 2015 - 11:08 PM

Even after I ran zoek the problem is still happening.  

Attached Files



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:28 PM

Posted 14 December 2015 - 09:36 AM

When I right click the window that shows up disappears so fast I can't click anything.


Navigate to this page.

http://superuser.com/questions/947367/windows-10-start-right-click-context-menu-items-dont-open

Try the suggestion on this answer.
 

2
down vote
I found the solution after hours of searching. Windows 10 has issues with some shell extensions. See here: http://forums.hexus.net/windows/296885-winkey-x-menu-shortcuts-not-working-win-8-1-a.html

Using CCLeaner I was able to go into the Tools > Startup > Context Menu and disable shell extensions. I found out that it was QuickSFV that was causing this issue, so I disabled it and voila the items work again.


Running the ShexView may be your way to identify the culpritl
http://www.nirsoft.net/utils/shexview.html

You have many Chrome extensions and one of the may be causing the issue.
Not sure.

Keep me posted.

Edited by nasdaq, 14 December 2015 - 09:37 AM.


#9 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 16 December 2015 - 12:39 AM

Disabled the quicksfv using ccleaner and the problem still existed.

 

I ran shexview and disabled everything except the Windows dll and the problem still existed.

 

I'll try disabling Chrome extensions next.



#10 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 16 December 2015 - 12:44 AM

I deleted all the Chrome extensions and the problem still exists.



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:28 PM

Posted 16 December 2015 - 10:25 AM

Lets check what is starting at boot time.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zeok tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
startupall;
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply. It's probably too long to post

#12 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 19 December 2015 - 12:33 AM

Attached are the zoek results

Attached Files



#13 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 19 December 2015 - 12:34 AM

I think this is the latest one.  Ignore that last one.

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,179 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:28 PM

Posted 19 December 2015 - 08:58 AM

Now that I know what is started when you start your compute I would like to compare it to fresh logs.

Please run the Farbar again and post the FRST log.

I also need a fresh Addition.txt file. At the running of the Farbar tool check the box "To create a new Addition.txt file.

Post both logs for my review.

#15 kokopoko

kokopoko
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 19 December 2015 - 04:44 PM

Ok attached are the 2 logs.  Thank you for helping me so much.

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users