Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hidden Folders Issue [Solved]

Started by Phil Lee , Jan 08 2016 12:34 AM

  • This topic is locked This topic is locked

#1
Phil Lee
Posted 08 January 2016 - 12:34 AM

Phil Lee

    Member

  • Member
  • PipPip
  • 15 posts

I have some missing folders. I know they are on my HD. In my newsreader program, I can select a posting and "save as" and the 'downloads' or 'attachments' sub-folder within my newsreader program folder are there. When I go to file explorer in the same program folder they are absent. When I do CMD and go that the newsreader program folder they are not there. Not sure what's going on.

FRST Logs following

P. Lee

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-01-2015
Ran by OFC-NEW (administrator) on OFC-NEW (08-01-2016 00:28:27)
Running from C:\Users\OFC-NEW\Desktop
Loaded Profiles: OFC-NEW (Available Profiles: OFC-NEW)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\vpnsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(eVenture Limited) C:\Program Files (x86)\hide.me VPN\Hide.me.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Pow Tools) C:\Program Files\File Shredder\Shredder.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCui.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE
HKLM-x32\...\Run: [Sound Blaster Audigy Fx Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Audigy Fx\Sound Blaster Audigy Fx Control Panel\SBAdgyFx.exe [861184 2013-11-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3608354011-1467580494-1777196409-1001\...\MountPoints2: {958ce66f-93f6-11e5-8d6b-806e6f6e6963} - "D:\Audio\setup.exe"
HKU\S-1-5-21-3608354011-1467580494-1777196409-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-12-15]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\OFC-NEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hide.me VPN.lnk [2016-01-07]
ShortcutTarget: hide.me VPN.lnk -> C:\Program Files (x86)\hide.me VPN\Hide.me.exe (eVenture Limited)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{2cf06907-fc0d-46dc-b7a5-44cdb4a2f285}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{520f6955-e3f8-4a9f-830d-1da19dd3f0f9}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{8679B508-F1F9-4CDE-8B22-5B3623BD6D6E}: [DhcpNameServer] 83.149.126.129 83.149.126.131

Internet Explorer:
==================
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

FireFox:
========
FF ProfilePath: C:\Users\OFC-NEW\AppData\Roaming\Mozilla\Firefox\Profiles\29gchanc.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-13] ()
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-13] ()
FF SearchPlugin: C:\Users\OFC-NEW\AppData\Roaming\Mozilla\Firefox\Profiles\29gchanc.default\searchplugins\firefox-add-ons.xml [2015-11-28]
FF Extension: Video DownloadHelper - C:\Users\OFC-NEW\AppData\Roaming\Mozilla\Firefox\Profiles\29gchanc.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-11-28]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [429056 2013-10-27] (Creative Technology Ltd) [File not signed]
R2 hmevpnsvc; C:\Program Files (x86)\hide.me VPN\vpnsvc.exe [184528 2015-12-22] (eVenture Limited)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AFXfilt; C:\Windows\system32\drivers\AFXfilt.sys [25088 2013-06-03] (Creative Technology Ltd.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-11-25] (Advanced Micro Devices)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7585280 2015-10-30] (Broadcom Corporation)
R3 cthdb; C:\Windows\system32\DRIVERS\cthdb.sys [25088 2013-12-08] (Creative Technology Ltd)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-11-25] (Intel Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 00:28 - 2016-01-08 00:28 - 00007735 _____ C:\Users\OFC-NEW\Desktop\FRST.txt
2016-01-08 00:27 - 2016-01-08 00:28 - 00000000 ____D C:\FRST
2016-01-08 00:26 - 2016-01-08 00:26 - 02370560 _____ (Farbar) C:\Users\OFC-NEW\Desktop\FRST64.exe
2016-01-08 00:16 - 2016-01-08 00:16 - 00509440 _____ (Tech Support Guy System) C:\Users\OFC-NEW\Downloads\SysInfo.exe
2016-01-07 23:58 - 2016-01-08 00:13 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-01-07 23:46 - 2016-01-07 23:48 - 00000256 _____ C:\WINDOWS\SysWOW64\win_hcleaner.ini
2016-01-07 23:04 - 2016-01-07 23:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
2016-01-07 23:04 - 2016-01-07 23:04 - 00000000 ____D C:\Program Files\File Shredder
2015-12-29 00:21 - 2016-01-07 23:42 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\Hide.me
2015-12-29 00:21 - 2015-12-29 00:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\hide.me VPN
2015-12-29 00:21 - 2015-12-29 00:21 - 00000000 ____D C:\Program Files (x86)\hide.me VPN
2015-12-24 00:41 - 2016-01-07 11:19 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\Kodi
2015-12-24 00:41 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-12-24 00:41 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2015-12-24 00:40 - 2015-12-24 00:42 - 00000000 ____D C:\Program Files (x86)\Kodi
2015-12-24 00:40 - 2015-12-24 00:40 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kodi
2015-12-24 00:01 - 2015-12-24 00:01 - 45554154 _____ C:\Users\OFC-NEW\Downloads\Phil Spitalny's Hour of Charm - Christmas Carols.zip
2015-12-23 23:57 - 2015-12-23 23:58 - 67471524 _____ C:\Users\OFC-NEW\Downloads\Jo Stafford - Christmas Singles (remastered).zip
2015-12-23 23:57 - 2015-12-23 23:57 - 31881262 _____ C:\Users\OFC-NEW\Downloads\Leopold Stokowski - Season's Greetings.zip
2015-12-23 23:56 - 2015-12-23 23:56 - 121513668 _____ C:\Users\OFC-NEW\Downloads\Malcolm Sargent and Royal Carol Society - Christmas Carols.zip
2015-12-23 23:56 - 2015-12-23 23:56 - 11997690 _____ C:\Users\OFC-NEW\Downloads\Buddy Clark - Columbia 38600 (78).zip
2015-12-23 23:52 - 2015-12-23 23:52 - 50891943 _____ C:\Users\OFC-NEW\Downloads\Boys Town Choir - Christmas Music by Father Flanagan's Boys Town Choir.zip
2015-12-22 21:07 - 2015-12-23 23:35 - 00000000 ____D C:\Users\OFC-NEW\Downloads\Nashville
2015-12-20 17:56 - 2015-12-20 17:56 - 00000000 ____D C:\ProgramData\ATI
2015-12-18 07:49 - 2015-12-06 22:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 07:49 - 2015-12-06 22:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 07:49 - 2015-12-06 22:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 07:49 - 2015-12-06 22:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 07:49 - 2015-12-06 22:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 07:49 - 2015-12-06 22:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 07:49 - 2015-12-06 22:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 07:49 - 2015-12-06 22:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 07:49 - 2015-12-06 22:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 07:49 - 2015-12-06 22:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 07:49 - 2015-12-06 22:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 07:49 - 2015-12-06 22:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 07:49 - 2015-12-06 22:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 07:49 - 2015-12-06 22:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 07:49 - 2015-12-06 22:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 07:49 - 2015-12-06 22:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 07:49 - 2015-12-06 22:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 07:49 - 2015-12-06 22:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 07:49 - 2015-12-06 22:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 07:49 - 2015-12-06 22:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 07:49 - 2015-12-06 22:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 07:49 - 2015-12-06 22:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 07:49 - 2015-12-06 22:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 07:49 - 2015-12-06 22:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 07:49 - 2015-12-06 22:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 07:49 - 2015-12-06 22:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 07:49 - 2015-12-06 22:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 07:49 - 2015-12-06 22:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 07:49 - 2015-12-06 22:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 07:49 - 2015-12-06 22:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 07:49 - 2015-12-06 22:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 07:49 - 2015-12-06 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 07:49 - 2015-12-06 22:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 07:49 - 2015-12-06 22:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 07:49 - 2015-12-06 22:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 07:49 - 2015-12-06 22:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 07:49 - 2015-12-06 21:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 07:49 - 2015-12-06 21:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 07:49 - 2015-12-06 21:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 07:49 - 2015-12-06 21:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 07:49 - 2015-12-06 21:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 07:49 - 2015-12-06 21:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 07:49 - 2015-12-06 21:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 07:49 - 2015-12-06 21:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 07:49 - 2015-12-06 21:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 07:49 - 2015-12-06 21:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 07:49 - 2015-12-06 21:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 07:49 - 2015-12-06 21:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 07:49 - 2015-12-06 21:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 07:49 - 2015-12-06 21:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 07:49 - 2015-12-06 21:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 07:49 - 2015-12-06 21:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 07:49 - 2015-12-06 21:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 07:49 - 2015-12-06 21:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 07:49 - 2015-12-06 21:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 07:49 - 2015-12-06 21:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 07:49 - 2015-12-06 21:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 07:49 - 2015-12-06 21:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 07:49 - 2015-12-06 21:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 07:49 - 2015-12-06 21:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 07:49 - 2015-12-06 21:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 07:49 - 2015-12-06 21:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 07:49 - 2015-12-06 21:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 07:49 - 2015-12-06 21:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 07:49 - 2015-12-06 21:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 07:49 - 2015-12-06 21:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 07:49 - 2015-12-06 21:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 07:49 - 2015-12-06 21:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 07:49 - 2015-12-06 21:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 07:49 - 2015-12-06 21:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 07:49 - 2015-12-06 21:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 07:49 - 2015-12-06 21:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 07:49 - 2015-12-06 21:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 08:42 - 2015-12-17 08:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-12-17 08:42 - 2015-12-17 08:42 - 00000000 ____D C:\Program Files\ATI Technologies
2015-12-17 08:41 - 2015-12-17 08:41 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2015-12-17 08:41 - 2015-12-17 08:41 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2015-12-17 08:41 - 2015-12-17 08:41 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2015-12-17 08:41 - 2015-12-17 08:41 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2015-12-16 20:07 - 2015-12-16 20:07 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2015-12-16 20:07 - 2015-12-16 20:07 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2015-12-16 20:07 - 2015-12-16 20:07 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2015-12-16 20:06 - 2015-12-16 20:06 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2015-12-15 22:10 - 2015-12-15 22:10 - 00000000 ____D C:\ProgramData\WEBREG
2015-12-15 22:09 - 2015-12-27 21:09 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\HP
2015-12-15 22:09 - 2015-12-15 22:09 - 00000000 ____D C:\Users\OFC-NEW\AppData\Local\HP
2015-12-15 22:06 - 2015-12-22 23:01 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\HpUpdate
2015-12-15 22:06 - 2015-12-15 22:06 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-12-15 22:06 - 2015-12-15 22:06 - 00000000 ____D C:\ProgramData\HP Photo Creations
2015-12-15 22:06 - 2015-12-15 22:06 - 00000000 ____D C:\Program Files (x86)\HP Photo Creations
2015-12-15 22:05 - 2015-12-15 22:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-15 22:05 - 2015-12-15 22:05 - 00001398 _____ C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2015-12-15 22:05 - 2015-12-15 22:05 - 00001078 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-12-15 22:05 - 2015-12-15 22:05 - 00000000 ____D C:\ProgramData\HP Product Assistant
2015-12-15 22:03 - 2015-12-15 22:06 - 00000000 ____D C:\Program Files (x86)\HP
2015-12-15 22:02 - 2015-12-15 22:09 - 00243450 _____ C:\WINDOWS\hpoins19.dat
2015-12-15 22:02 - 2015-12-15 22:09 - 00000000 ____D C:\ProgramData\HP
2015-12-15 22:02 - 2012-10-14 05:47 - 00015561 ____N C:\WINDOWS\hpomdl19.dat
2015-12-15 22:02 - 2012-08-21 00:56 - 01421312 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpotiop1.dll
2015-12-15 22:02 - 2009-07-13 19:41 - 00036352 _____ (Hewlett-Packard Company) C:\WINDOWS\system32\HPZ3LWN7.DLL
2015-12-15 22:02 - 2009-07-08 04:51 - 00861184 _____ (Hewlett-Packard) C:\WINDOWS\system32\hpowiav1.dll
2015-12-15 22:02 - 2009-07-08 04:51 - 00498176 _____ (Hewlett-Packard Co.) C:\WINDOWS\system32\hpovst01.dll
2015-12-11 11:57 - 2015-12-11 11:57 - 00044544 ___SH C:\Users\OFC-NEW\Downloads\Thumbs.db

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-08 00:27 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
2016-01-08 00:13 - 2015-11-26 02:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-08 00:02 - 2015-11-26 10:03 - 00000000 ____D C:\Users\OFC-NEW\AppData\LocalLow\uTorrent
2016-01-07 23:47 - 2015-11-26 02:29 - 00000000 ____D C:\Program Files\Xnews
2016-01-07 23:47 - 2015-11-25 20:39 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-07 23:47 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-07 23:42 - 2015-11-26 01:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-07 23:41 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-07 23:05 - 2015-11-27 18:51 - 00000000 ___RD C:\Users\OFC-NEW\Desktop\Stuff
2016-01-07 11:39 - 2015-12-01 22:17 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\Mp3tag
2016-01-07 11:23 - 2015-11-26 11:18 - 00000000 ____D C:\Users\OFC-NEW\AppData\Local\QuickPar
2016-01-07 04:40 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-07 04:39 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-06 14:28 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-05 11:23 - 2015-11-29 23:30 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\vlc
2016-01-03 01:00 - 2015-11-26 02:44 - 00000000 ____D C:\Users\OFC-NEW\AppData\Roaming\uTorrent
2016-01-02 19:40 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 19:40 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 02:11 - 2015-11-26 00:02 - 00000000 ____D C:\Users\OFC-NEW\AppData\Local\ElevatedDiagnostics
2015-12-29 00:12 - 2015-11-26 00:57 - 00000000 ____D C:\Users\OFC-NEW
2015-12-24 00:41 - 2015-11-26 00:55 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-18 12:58 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-18 12:58 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-18 12:58 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-17 08:41 - 2015-11-26 00:56 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2015-12-17 08:40 - 2015-11-25 20:45 - 00000000 ____D C:\AMD
2015-12-16 22:43 - 2015-12-01 22:18 - 00009216 ___SH C:\Users\OFC-NEW\Desktop\Thumbs.db
2015-12-16 20:07 - 2015-11-25 20:45 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2015-12-16 20:07 - 2015-11-25 20:45 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2015-12-16 20:07 - 2015-11-25 20:45 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2015-12-16 20:07 - 2015-11-25 20:45 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2015-12-16 20:07 - 2015-11-25 20:45 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2015-12-16 20:07 - 2015-11-25 20:45 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2015-12-16 20:07 - 2015-11-25 20:45 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2015-12-16 20:06 - 2015-11-25 20:45 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2015-12-16 20:06 - 2015-11-25 20:45 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2015-12-16 14:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-16 07:32 - 2015-11-26 00:53 - 00189264 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-15 22:09 - 2015-07-30 16:42 - 00000127 _____ C:\WINDOWS\win.ini
2015-12-11 13:56 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe

==================== Files in the root of some directories =======

2015-12-15 22:02 - 2015-12-15 22:10 - 0000832 _____ () C:\ProgramData\hpzinstall.log

Some files in TEMP:
====================
C:\Users\OFC-NEW\AppData\Local\Temp\somoto_DVD Shrink_1.0.exe
C:\Users\OFC-NEW\AppData\Local\Temp\tmp3C0D.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-01-06 01:07

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-01-2015
Ran by OFC-NEW (2016-01-08 00:29:00)
Running from C:\Users\OFC-NEW\Desktop
Windows 10 Home (X64) (2015-11-26 07:04:49)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3608354011-1467580494-1777196409-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3608354011-1467580494-1777196409-503 - Limited - Disabled)
Guest (S-1-5-21-3608354011-1467580494-1777196409-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-3608354011-1467580494-1777196409-1004 - Limited - Enabled)
OFC-NEW (S-1-5-21-3608354011-1467580494-1777196409-1001 - Administrator - Enabled) => C:\Users\OFC-NEW

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3608354011-1467580494-1777196409-1001\...\uTorrent) (Version: 3.4.5.41372 - BitTorrent Inc.)
6300 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
6300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
6300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Creative System Information (HKLM-x32\...\SysInfo) (Version: 1.10 - Creative Technology Limited)
DDClip Pro 3.51 (HKLM-x32\...\DDClip Pro_is1) (Version: 3.51 - SoftLab-NSK)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell System Detect (HKU\S-1-5-21-3608354011-1467580494-1777196409-1001\...\58d94f3ce2c27db0) (Version: 6.11.0.2 - Dell)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
DVD Shrink 3.2 (HKLM-x32\...\DVD Shrink_is1) (Version:  - DVD Shrink)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
FlacSquisher 1.3.5 (HKLM-x32\...\FlacSquisher) (Version: 1.3.5 - FlacSquisher)
Free M4a to MP3 Converter 9.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
hide.me VPN 1.1.7 (HKLM-x32\...\{0E00BDA5-7998-4889-BE4B-39A4BBD2EDFB}_is1) (Version: 1.1.7 - eVenture Limited)
Hold 'Em, InkBall and Tinker (Microsoft Games) (HKLM-x32\...\VistaGames-HoldEm-Inkball-Tinker) (Version: 1.0.0 - )
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Kodi (HKU\S-1-5-21-3608354011-1467580494-1777196409-1001\...\Kodi) (Version:  - XBMC-Foundation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
Mp3tag v2.72 (HKLM-x32\...\Mp3tag) (Version: v2.72 - Florian Heidenreich)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6141 - Realtek Semiconductor Corp.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Sound Blaster Audigy Fx (HKLM-x32\...\{77CE1865-F3B9-4B6D-A558-28674AE7787E}) (Version: 1.00.06 - Creative Technology Limited)
Sound Blaster Audigy Fx Extras (HKLM-x32\...\{52272D09-08E0-4A57-BC14-BC09F5D7AE26}) (Version: 1.0 - Creative Technology Limited)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows 7 Games for Windows 8 and 10 (HKLM-x32\...\MicrosoftGamesForWin8) (Version: 1.1.0.10 - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
xrecode II 1.0.0.227 (HKLM-x32\...\{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1) (Version:  - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3608354011-1467580494-1777196409-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\OFC-NEW\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08898677-3BBD-4DDB-8F28-20C6A4DD9FD7} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {23FDDB17-B2C5-4649-966B-DA4F70C32886} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 13:39 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 13:39 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-01-07 23:04 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
2015-12-18 07:49 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 07:49 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-17 07:55 - 2015-12-17 07:55 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 07:49 - 2015-12-06 21:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 07:49 - 2015-12-06 21:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 07:49 - 2015-12-06 21:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 07:49 - 2015-12-06 21:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 07:55 - 2015-12-17 07:55 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 07:55 - 2015-12-17 07:55 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-30 16:42 - 2016-01-07 23:41 - 00000822 ____A C:\WINDOWS\system32\Drivers\etc\hosts

#    ::1             localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3608354011-1467580494-1777196409-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "UpdReg"
HKU\S-1-5-21-3608354011-1467580494-1777196409-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{0989FF4F-584C-4F91-93E3-3286BCC94AF3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EE05123B-A00E-4C84-8100-1F2406FE3024}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{20CF711C-F491-47A9-AA50-95BAD7C6D71A}] => (Allow) C:\Users\OFC-NEW\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EFD5D0A8-9B37-4BB6-A0C8-D7873A445A90}] => (Allow) C:\Users\OFC-NEW\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{E471A252-B956-4D10-827A-49B1C59AE9E4}] => (Allow) C:\Users\OFC-NEW\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{92FD0993-30EC-4C5F-8215-97A19C2154B9}] => (Allow) C:\Users\OFC-NEW\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A7287809-CEAE-4E83-A6B2-CF8287FE5DEE}] => (Allow) C:\Users\OFC-NEW\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{CCABEEE3-9A12-43E5-8664-C6CEED9CC021}] => (Allow) C:\Users\OFC-NEW\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{538F1373-106F-46E1-8709-C6FE64381D84}] => (Allow) C:\Users\OFC-NEW\AppData\Local\Temp\7zS1EEF\setup\hpznui40.exe
FirewallRules: [{94ED43CB-6902-4A1F-92A0-84E19FEA2192}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{2B55EEF1-830E-466C-84D0-82AE6464C0FB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{1C81C8A7-2656-4D2B-8491-7D37F84EECC5}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{614675AD-BF12-420F-9BFC-81315F453039}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{C0D01596-07A7-44B2-8AA9-57872E567A92}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{3824CC40-85CA-4681-804B-3C7990A4CA47}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{34A9AF55-BC9E-4BE7-8967-22849C53420C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{AC267D6D-4869-4A27-A243-1521F2A571EF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{9D5EA155-C261-4255-B10A-A0A9ED750DB6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{B5ECB40B-814B-4585-A99B-829A65A56BC7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{FCB23533-8463-4092-97B0-7072766313DF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{CA00772E-2C41-4247-9291-38877DFF5F68}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{4226A372-2A1B-49D5-9F4F-57D2D38B689A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C75F1979-44DE-4BBB-9956-2229BC8F314C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{D49B7224-29E3-42BC-AE5C-6865959EDFE8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{03192067-1923-4531-B614-51276F96ECAA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{1E8AC9C3-578D-4E16-854A-80B1CAECF06B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{BBF72E11-D0FB-4A95-9C20-A2147953F91B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{CEE71439-D00B-4CCD-8DC5-B0D07C5C9949}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{A68901A5-A2AA-4708-AACD-32FC7D1E3884}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{41FB1DF5-E18D-4561-B748-A3D450A8367E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{710B47A4-DF2B-4315-9654-4B1FC85CCDF0}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{E6AB195E-A107-43C8-9403-9F435835192D}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe

==================== Restore Points =========================

30-12-2015 20:49:54 Windows Update
06-01-2016 14:27:40 Windows Update

==================== Faulty Device Manager Devices =============

Name: Officejet 6300 series
Description: Officejet 6300 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/07/2016 11:41:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: OFC-NEW)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/06/2016 02:27:46 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/01/2016 02:22:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (01/01/2016 02:22:38 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (01/01/2016 02:22:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (01/01/2016 02:22:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (01/01/2016 02:22:37 PM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (01/01/2016 09:35:06 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (01/01/2016 09:35:06 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1

Error: (01/01/2016 09:35:05 AM) (Source: Microsoft-Windows-EapHost) (EventID: 2002) (User: NT AUTHORITY)
Description: Skipping: Eap method DLL path validation failed. Error: typeId=254, authorId=311, vendorId=14122, vendorType=1


System errors:
=============
Error: (01/07/2016 11:50:55 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2016 11:41:16 PM) (Source: DCOM) (EventID: 10010) (User: OFC-NEW)
Description: CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca

Error: (01/07/2016 11:41:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_43bc3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/07/2016 11:41:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_43bc3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/07/2016 11:41:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_43bc3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/07/2016 11:41:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_43bc3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/07/2016 11:41:14 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2016 04:12:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/07/2016 11:54:16 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/06/2016 01:18:31 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
  Date: 2016-01-07 23:45:49.258
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-01-07 04:42:14.526
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-31 00:50:47.493
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-25 04:21:46.848
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-24 03:31:20.271
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-20 17:55:35.618
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-18 00:12:38.613
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-15 22:09:22.490
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-14 11:38:34.086
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-12-13 13:47:43.117
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 34%
Total physical RAM: 8174.45 MB
Available physical RAM: 5370.97 MB
Total Virtual: 9454.45 MB
Available Virtual: 7428.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.02 GB) (Free:903.49 GB) NTFS
Drive l: (Data) (Fixed) (Total:232.88 GB) (Free:232.72 GB) NTFS
Drive m: (Media) (Fixed) (Total:232.88 GB) (Free:191.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 692061F2)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 465.8 GB) (Disk ID: 3CA03BD0)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1024 KB) - (Type=OF Extended)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
dbreeze
Posted 08 January 2016 - 02:10 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

At first scan I am not seeing anything malicious in the logs.

 

As to the 'missing' folders, can you post a screenshot of the "Save as ..." dialog window?  Also, what is the newsreader program you are using?

 

Also, are you pudealee on Tech Support Guy?  ( https://forums.techg...-issue.1163806/)  If so, which forum do you want help at?  Getting assistance at two places for the same problem can be counter productive and not fair to the people that volunteer their time on the forums.


  • 0

#3
Phil Lee
Posted 08 January 2016 - 09:27 AM

Phil Lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

I cancelled the post in the other group. My apologies.

 

I use Xnews - I have attached screen shots of the dialog box. All the sub folders shown are not showing up in file explorer. I have also attached a screen shot of file explorer - and yes "view hidden files" is checked."

 

P. Lee

 

 

Attached Thumbnails

  • dialog.jpg
  • File Explorer.jpg

  • 0

#4
dbreeze
Posted 08 January 2016 - 10:28 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

If you click on the down arrow in the Look in: Xnews dropdown box what shows there?  This should show you the Folder / Path "tree" that is being used to store the files.  I would suspect that it is somewhere in the Users / your profile / AppData / Local or Roaming folders.


  • 0

#5
Phil Lee
Posted 08 January 2016 - 11:07 AM

Phil Lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

It goes back to - Local Disk C:\Program Files\Xnews

 

I've checked all sub directories in "User" and there isn't even an Xnews directory.

 

Even in the Xnews directory, the file that tracks the newsgroups I subscribe to is missing - yet the news reader still works. I'm stumped.


  • 0

#6
Phil Lee
Posted 08 January 2016 - 11:17 AM

Phil Lee

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Found them!!!

 

C:\Users\PC Name\AppData\Local\VirtualStore\Program Files\Xnews

 

This must be a windows 10 oddity. This never happened on 7.


  • 0

#7
dbreeze
Posted 08 January 2016 - 11:34 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

I was actually going to suggest a full Explorer Search to find them.

 

Yes, Win10 will do this because you are not allowed to add files and folders (without jumping through hoops) to the Program Files or Program Files(x86) directories. 

 

I would suggest that you move the Xnews program to a root location (C:\Xnews) and run the program from there.


  • 0

#8
dbreeze
Posted 15 January 2016 - 10:59 AM

dbreeze

    Trusted Helper

  • Malware Removal
  • 2,216 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP