Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Generally Slow freezing Chrome/Laptop- scans with malwarebytes and win


  • Please log in to reply

#1
demani

demani

    Member

  • Member
  • PipPip
  • 15 posts

I keep getting crashing of google chrome and other windows. In general the computer is running very slowly even though I have plenty of available space. I sometimes get notifications from symantec antivirus asking to change permission settings for processes I don't recognize. Seems to have started ever since Windows 10 update happened. Scans using windows defender, and malwarebytes anti-malware turn up clean.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2017
Ran by mac386 (administrator) on MANGO (08-09-2017 09:40:57)
Running from C:\Users\mac386\Downloads
Loaded Profiles: mac386 (Available Profiles: Lexi & mac386)
Platform: Windows 10 Home Version 1703 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe
(HP) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\nlssrv32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxEM.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\Evernote.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\ONENOTE.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Flux Software LLC) C:\Users\mac386\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Program Files\AutoHotkey\AutoHotkey.exe
(by Joel Riley) C:\Program Files (x86)\hott notes 4\hottnotes.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(HP) C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DeviceAgent.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\acrotray.exe
(Microsoft Corporation) C:\Windows\System32\perfmon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8899592 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-07-01] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2013-10-10] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Acrotray.exe [1868272 2017-07-31] (Adobe Systems Inc.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe [655112 2015-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [3487032 2017-08-22] (Dropbox, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-12] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPRadioMgr] => C:\Program Files (x86)\HP\HP Wireless Button Driver\HPRadioMgr64.exe [324600 2017-04-25] (HP)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1562304 2017-07-21] (Seagate Technology LLC)
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\Run: [f.lux] => C:\Users\mac386\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3019552 2017-04-25] (Valve Corporation)
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\Run: [Spotify] => C:\Users\mac386\AppData\Roaming\Spotify\Spotify.exe [15866480 2017-08-15] (Spotify Ltd)
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\Run: [Spotify Web Helper] => C:\Users\mac386\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1580144 2017-08-15] (Spotify Ltd)
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [142568 2017-07-21] (Seagate Technology LLC)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ahkNLW.ahk [2016-11-28] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hott notes 4.lnk [2016-08-30]
ShortcutTarget: hott notes 4.lnk -> C:\Program Files (x86)\hott notes 4\hottnotes.exe (by Joel Riley)
Startup: C:\Users\Lexi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-02-28]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\mac386\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2016-07-02]
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\mac386\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-09-08]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 129.22.4.32 129.22.104.132 129.22.4.31 129.22.104.25
Tcpip\..\Interfaces\{69a6992a-6d19-499f-b088-d94082077323}: [DhcpNameServer] 129.22.4.32 129.22.104.132 129.22.4.31 129.22.104.25
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://hp15-comm.msn.com/?pc=HRTE
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKLM-x32 -> {E18FFA83-5913-47FB-8FE1-823AF64A142A} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-4261554209-109482278-4118987465-1002 -> {4C38ADC5-8794-4FE2-975A-7CC1DDE7BDFB} URL = hxxps://search.yahoo.com/search?p={searchTerms}&intl=us&fr=yset_ie_syc_oracle&type=orcl_default&partnerexternal-oracle=external-oracle
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office16\OCHelper.dll [2015-07-31] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-05-26] (Adobe Systems Incorporated)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-08-23] (HP Inc.)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-05-26] (Adobe Systems Incorporated)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll [2017-06-13] (Microsoft Corporation)
BHO-x32: Symantec Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\bin\IPS\IPSBHO.DLL [2016-06-22] (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll [2017-07-22] (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2017-03-20] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-05-26] (Adobe Systems Incorporated)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll [2017-07-22] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-08-23] (HP Inc.)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-05-26] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\x64\AcroIEFavStub.dll [2016-05-26] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\2015\AcroIEFavStub.dll [2016-05-26] (Adobe Systems Incorporated)
Handler-x32: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL [2017-04-11] (Microsoft Corporation)
 
FireFox:
========
FF DefaultProfile: bm9kwemd.default
FF ProfilePath: C:\Users\mac386\AppData\Roaming\Mozilla\Firefox\Profiles\bm9kwemd.default [2017-09-08]
FF Extension: (Video DownloadHelper) - C:\Users\mac386\AppData\Roaming\Mozilla\Firefox\Profiles\bm9kwemd.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2017-08-08]
FF Extension: (Firefox Screenshots) - C:\Users\mac386\AppData\Roaming\Mozilla\Firefox\Profiles\bm9kwemd.default\features\{15db0eff-faf4-42e2-b654-3e2114b07710}\[email protected] [2017-09-07]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat DC - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Browser\WCFirefoxExtn [2017-04-13]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-05] (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\dtplugin\npDeployJava1.dll [2017-07-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.141.2 -> C:\Program Files (x86)\Java\jre1.8.0_141\bin\plugin2\npjp2.dll [2017-07-22] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-07-12] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office16\NPSPWRAP.DLL [2015-07-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-08-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat\Air\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4261554209-109482278-4118987465-1002: @zoom.us/ZoomVideoPlugin -> C:\Users\mac386\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2017-07-04] (Zoom Video Communications, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2016-07-12] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2017-07-31] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default [2017-09-08]
CHR Extension: (Google Slides) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-08-24]
CHR Extension: (Google Docs) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-08-24]
CHR Extension: (Google Drive) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-08-24]
CHR Extension: (YouTube) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-08-24]
CHR Extension: (Pushbullet) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2017-08-24]
CHR Extension: (Mendeley Importer) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\dagcmkpagjlhakfdhnbomgmjdpkdklff [2017-08-24]
CHR Extension: (Dropbox for Gmail) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2017-08-24]
CHR Extension: (Adobe Acrobat) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-08-24]
CHR Extension: (Google Sheets) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-08-24]
CHR Extension: (Google Docs Offline) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-08-24]
CHR Extension: (Cisco WebEx Extension) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2017-08-24]
CHR Extension: (Zoom Scheduler) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgjfgplpablkjnlkjmjdecgdpfankdle [2017-08-24]
CHR Extension: (F1000 Annotator) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\ljfhgpiambpnabgpnaihcebebmoijfci [2017-08-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-24]
CHR Extension: (Evernote Web Clipper) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2017-09-06]
CHR Extension: (Gmail) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-08-24]
CHR Extension: (Chrome Media Router) - C:\Users\mac386\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-24]
CHR Profile: C:\Users\mac386\AppData\Local\Google\Chrome\User Data\System Profile [2017-08-24]
CHR HKLM-x32\...\Chrome\Extension: [dofoafnmdocgkdphpkdooahjkhpmakjd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jkfpchpiljkaemlpmpebnglgkomamfeo] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3744904 2015-06-19] (Intel Corporation)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 cphs; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHeciSvc.exe [310240 2017-02-22] (Intel Corporation)
S3 cplspcon; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\IntelCpHDCPSvc.exe [488928 2017-02-22] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-22] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-04-22] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [49992 2017-08-22] (Dropbox, Inc.)
R2 esifsvc; C:\WINDOWS\SysWOW64\esif_uf.exe [1385640 2015-08-27] (Intel Corporation)
S3 hpqcaslwmiex; C:\Program Files (x86)\HP\Shared\hpqwmiex.exe [1031704 2016-06-03] (HP)
R2 hpsrv; C:\WINDOWS\system32\Hpservice.exe [38728 2016-10-12] (HP)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [321896 2017-07-06] (HP Inc.)
R2 HPWMISVC; C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe [604936 2015-08-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-22] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxCUIService.exe [350688 2017-02-22] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-06-24] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-08-14] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6058960 2017-08-21] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-04-04] ()
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2014-11-17] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2014-11-17] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [314624 2016-08-26] (Realtek Semiconductor)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16120 2017-07-21] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [143560 2017-07-21] (Seagate Technology LLC)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe [152072 2016-06-22] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\snac64.exe [402216 2016-06-22] (Symantec Corporation)
S2 SoftshieldService; C:\Program Files (x86)\Examsoft\Softest 11.0\Examsoft.ShieldRunner.exe [67848 2017-05-16] (Hewlett-Packard)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [278616 2017-08-18] (Synaptics Incorporated)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7757040 2017-04-06] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [102816 2017-06-20] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3833248 2016-04-04] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Accelerometer; C:\WINDOWS\system32\DRIVERS\Accelerometer.sys [56128 2016-10-12] (HP)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Data\Definitions\BASHDefs\20170904.005\BHDrvx64.sys [1862784 2017-07-05] (Symantec Corporation)
R1 ccSettings_{0C4CC990-79E8-4AF1-BB5C-2490747676D5}; C:\WINDOWS\System32\Drivers\SEP\0C011B5C\1964.105\x64\ccSetx64.sys [171128 2016-06-22] (Symantec Corporation)
R3 clwvd6; C:\WINDOWS\system32\DRIVERS\clwvd6.sys [41400 2015-08-31] (CyberLink Corporation)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55816 2015-08-27] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [53752 2015-08-27] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [508032 2017-07-03] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [158336 2017-07-03] (Symantec Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [261624 2015-08-27] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77440 2017-08-24] ()
S3 Hamachi; C:\WINDOWS\System32\drivers\Hamdrv.sys [45680 2017-02-02] (LogMeIn Inc.)
R0 hpdskflt; C:\WINDOWS\System32\DRIVERS\hpdskflt.sys [42312 2016-10-12] (HP)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [244744 2017-04-13] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Data\Definitions\IPSDefs\20170907.011\IDSvia64.sys [1012864 2017-05-25] (Symantec Corporation)
R3 igfx; C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igdkmd64.sys [11036640 2017-02-22] (Intel Corporation)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [192960 2017-09-08] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt.sys [101824 2017-09-08] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [45472 2017-09-08] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [253888 2017-09-08] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [94144 2017-09-08] (Malwarebytes)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Data\Definitions\VirusDefs\20170907.018\ENG64.SYS [138880 2017-05-25] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Data\Definitions\VirusDefs\20170907.018\EX64.SYS [2152064 2017-05-25] (Symantec Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7218176 2017-03-18] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [936192 2016-09-13] (Realtek )
S3 RTSPER; C:\WINDOWS\system32\DRIVERS\RtsPer.sys [753368 2015-07-31] (Realsil Semiconductor Corporation)
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
S3 SGXEPC; C:\WINDOWS\System32\drivers\sgx_driver.sys [54768 2015-06-19] (Windows ® Win 7 DDK provider)
S3 SmbDrv; C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [33448 2015-07-28] (Synaptics Incorporated)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [55384 2017-08-18] (Synaptics Incorporated)
R1 SRTSP; C:\WINDOWS\System32\Drivers\SEP\0C011B5C\1964.105\x64\SRTSP64.SYS [899824 2016-06-22] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\System32\Drivers\SEP\0C011B5C\1964.105\x64\SRTSPX64.SYS [46320 2016-06-22] (Symantec Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\SyDvCtrl64.sys [46200 2016-06-22] (Symantec Corporation)
R0 SymEFASI; C:\WINDOWS\System32\drivers\symefasi\0502010.007\symefasi.sys [1626360 2016-07-03] (Symantec Corporation)
S0 SymELAM; C:\WINDOWS\System32\Drivers\SEP\0C011B5C\1964.105\x64\SymELAM.sys [23568 2016-06-22] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [178392 2016-07-03] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\System32\Drivers\SEP\0C011B5C\1964.105\x64\Ironx64.SYS [270040 2016-06-22] (Symantec Corporation)
R1 SYMNETS; C:\WINDOWS\System32\Drivers\SEP\0C011B5C\1964.105\x64\SYMNETS.SYS [602864 2016-06-22] (Symantec Corporation)
R1 SysPlant; C:\WINDOWS\System32\Drivers\SysPlant.sys [178600 2016-07-03] (Symantec Corporation)
R1 Teefer2; C:\WINDOWS\system32\DRIVERS\Teefer.sys [112648 2016-06-22] (Symantec Corporation)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva64-6.sys [52080 2013-10-10] (Cisco Systems, Inc.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\system32\DRIVERS\WirelessButtonDriver64.sys [30392 2017-04-25] (HP)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-08 09:40 - 2017-09-08 09:42 - 000033775 _____ C:\Users\mac386\Downloads\FRST.txt
2017-09-08 09:40 - 2017-09-08 09:40 - 002395648 _____ (Farbar) C:\Users\mac386\Downloads\FRST64.exe
2017-09-08 09:40 - 2017-09-08 09:40 - 000000000 ____D C:\FRST
2017-09-08 08:16 - 2017-09-08 08:16 - 002569767 _____ C:\Users\mac386\Downloads\Kalayjian_Community Acquired Pneumonia_2016_.pptx
2017-09-08 08:16 - 2017-09-08 08:16 - 001892096 _____ C:\Users\mac386\Downloads\Kalayjian_Community Aquired Pneumonia_17-18.pptx
2017-09-08 06:42 - 2017-09-08 07:20 - 000094144 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-09-08 06:42 - 2017-09-08 06:42 - 000253888 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-08 06:42 - 2017-09-08 06:42 - 000192960 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-09-08 06:42 - 2017-09-08 06:42 - 000101824 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-09-08 06:42 - 2017-09-08 06:42 - 000045472 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-09-08 06:41 - 2017-09-08 06:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-09-08 06:41 - 2017-09-08 06:41 - 000000000 ____D C:\ProgramData\MB2Migration
2017-09-08 06:41 - 2017-09-08 06:41 - 000000000 ____D C:\Program Files\Malwarebytes
2017-09-08 06:41 - 2017-08-24 11:27 - 000077440 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-09-08 06:40 - 2017-09-08 06:40 - 000003776 _____ C:\WINDOWS\System32\Tasks\mac386 Merge
2017-09-08 06:40 - 2017-09-08 06:40 - 000003748 _____ C:\WINDOWS\System32\Tasks\mac386
2017-09-08 06:39 - 2017-09-08 06:39 - 000003576 _____ C:\WINDOWS\System32\Tasks\Seagate_Install_Launch
2017-09-08 06:39 - 2017-09-08 06:39 - 000003556 _____ C:\WINDOWS\System32\Tasks\mac386 DBAgent 2 0
2017-09-08 06:39 - 2017-09-08 06:39 - 000000000 ____D C:\Users\mac386\AppData\Roaming\Nero
2017-09-08 06:37 - 2017-09-08 06:37 - 000002145 _____ C:\Users\Public\Desktop\Seagate Dashboard.lnk
2017-09-08 06:37 - 2017-09-08 06:37 - 000000000 ____D C:\ProgramData\Nero
2017-09-08 06:37 - 2017-09-08 06:37 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate Dashboard
2017-09-08 06:37 - 2017-09-08 06:37 - 000000000 ____D C:\Program Files (x86)\Seagate
2017-09-08 06:36 - 2017-09-08 06:36 - 000000000 ____D C:\Users\mac386\AppData\Roaming\Seagate
2017-09-08 06:23 - 2017-09-08 06:26 - 156799280 _____ (Seagate) C:\Users\mac386\Downloads\Seagate_Dashboard_Installer.exe
2017-09-07 16:05 - 2017-09-07 16:05 - 000317903 _____ C:\Users\mac386\Downloads\nejmoa1112843.pdf
2017-09-07 11:23 - 2017-09-07 11:23 - 000337616 _____ C:\Users\mac386\Downloads\2017-08-08-statements-0372.pdf
2017-09-06 16:19 - 2017-09-06 16:19 - 000004818 _____ C:\Users\mac386\Downloads\rg_170906_134114_DUNN.pdf
2017-09-06 15:20 - 2017-09-06 15:20 - 009997017 _____ C:\Users\mac386\Downloads\9-6-17_BIOC420_lecture1.pptx
2017-09-06 15:20 - 2017-09-06 15:20 - 009114633 _____ C:\Users\mac386\Downloads\Paper1-Nature-mutationalLandscape-AcrossTumors copy.pdf
2017-09-06 14:10 - 2017-09-06 14:11 - 000000000 ____D C:\WINDOWS\LastGood.Tmp
2017-08-28 16:09 - 2017-08-28 16:09 - 000716643 _____ C:\Users\mac386\Downloads\Statement_Aug 2017.pdf
2017-08-28 08:40 - 2017-08-28 08:40 - 022730752 _____ C:\Users\mac386\Downloads\OBrien_Plasma Cell Disorders TP_17-18.ppt
2017-08-28 08:38 - 2017-08-28 08:39 - 009742848 _____ C:\Users\mac386\Downloads\CWRUNHLClinicalPowerPt.ppt
2017-08-25 08:03 - 2017-08-25 08:03 - 005253572 _____ C:\Users\mac386\Downloads\AMSA REACH.pptx
2017-08-25 08:03 - 2017-08-25 08:03 - 002625264 _____ C:\Users\mac386\Downloads\Refugee Services Collaborative 4.25.16 .pptx
2017-08-24 16:10 - 2017-09-07 22:37 - 099352576 _____ C:\WINDOWS\system32\config\SOFTWARE
2017-08-24 16:08 - 2017-08-24 16:08 - 000000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-08-24 12:17 - 2017-08-28 15:49 - 000002239 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-24 12:17 - 2017-08-24 12:17 - 000003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2017-08-24 12:17 - 2017-08-24 12:17 - 000003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2017-08-24 12:16 - 2017-08-24 12:16 - 001130328 _____ (Google Inc.) C:\Users\mac386\Downloads\ChromeSetup(4).exe
2017-08-24 10:55 - 2017-08-24 10:55 - 000245816 _____ (Mozilla) C:\Users\mac386\Downloads\Firefox Installer.exe
2017-08-24 10:31 - 2017-08-24 10:31 - 000000000 ____D C:\Program Files\EaseUS
2017-08-24 10:13 - 2017-08-24 10:14 - 022787368 _____ (EaseUS ) C:\Users\mac386\Downloads\drw_free.exe
2017-08-24 09:54 - 2017-08-24 09:54 - 000000000 ____D C:\Users\Lexi\AppData\Local\DBG
2017-08-23 19:34 - 2017-08-23 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-08-22 19:19 - 2017-08-22 19:19 - 003413501 _____ C:\Users\mac386\Downloads\The microwell-mesh_A novel device and protocol for the high throughput manufacturing of cartilage microtissues (1).pdf
2017-08-22 18:18 - 2017-08-22 18:18 - 007699675 _____ C:\Users\mac386\Downloads\OBrien_Non-Hodgkins Lymphoma Clinical TP_2016.pptx
2017-08-22 15:42 - 2017-08-22 15:42 - 000032173 _____ C:\Users\mac386\Downloads\TABLE 22-3_Ann Arbor Staging of Lymphoma-.pdf
2017-08-22 15:25 - 2017-08-22 15:25 - 000031749 _____ C:\Users\mac386\Downloads\TABLE 22-2_Staging of Chronic Lymphocytic Leukemia- (1).pdf
2017-08-22 15:24 - 2017-08-22 15:24 - 000031749 _____ C:\Users\mac386\Downloads\TABLE 22-2_Staging of Chronic Lymphocytic Leukemia-.pdf
2017-08-22 12:55 - 2017-08-22 12:55 - 000049992 _____ (Dropbox, Inc.) C:\WINDOWS\system32\DbxSvc.exe
2017-08-22 12:55 - 2017-08-22 12:55 - 000045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-08-22 12:55 - 2017-08-22 12:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-08-22 12:55 - 2017-08-22 12:55 - 000045640 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
2017-08-21 23:32 - 2017-08-21 23:33 - 013603328 _____ C:\Users\mac386\Downloads\BLOCK 5- Meyerson-Granulocytic Disorders and CLL part 1.ppt
2017-08-21 23:32 - 2017-08-21 23:33 - 013107712 _____ C:\Users\mac386\Downloads\Block 5- Meyerson- Lymphomas part 2.ppt
2017-08-21 23:31 - 2017-08-21 23:32 - 013415424 _____ C:\Users\mac386\Downloads\Granulocytes_Lymphocytes and Monocytes.ppt
2017-08-21 23:25 - 2017-08-21 23:25 - 016055808 _____ C:\Users\mac386\Downloads\OBrien_Intro to Hematological Malignancies Hodgkin Lymphoma_17-18.ppt
2017-08-21 22:14 - 2017-08-21 22:14 - 000914777 _____ C:\Users\mac386\Downloads\Images Figs 1-7 for Learning Objectives.pdf
2017-08-21 21:58 - 2017-08-21 21:58 - 000726217 _____ C:\Users\mac386\Downloads\Case 5 (1).pdf
2017-08-21 21:58 - 2017-08-21 21:58 - 000210512 _____ C:\Users\mac386\Downloads\cncr28549.pdf
2017-08-21 21:54 - 2017-08-21 21:54 - 000584596 _____ C:\Users\mac386\Downloads\blood-2017-02-765206-1.pdf
2017-08-21 21:43 - 2017-08-21 21:43 - 001720631 _____ C:\Users\mac386\Downloads\Blood 2017 Hu.pdf
2017-08-21 21:43 - 2017-08-21 21:43 - 000768192 _____ C:\Users\mac386\Downloads\Blood 2017 Sheehan.pdf
2017-08-21 20:56 - 2017-08-21 20:56 - 002161806 _____ C:\Users\mac386\Downloads\Cancer Cell induced Platelet Activation and Secretion - Italiano-Blood Paper.pdf
2017-08-21 20:55 - 2017-08-21 20:55 - 001237602 _____ C:\Users\mac386\Downloads\Cancer Cell induced Platelet Activation and Secretion - Battinelli-ATVB Paper.pdf
2017-08-21 20:37 - 2017-08-21 20:37 - 000588388 _____ C:\Users\mac386\Downloads\Schmaier_Thrombosis and Anticoagulation Reading Material_2014.pdf
2017-08-21 20:34 - 2017-08-21 20:34 - 001052031 _____ C:\Users\mac386\Downloads\Wish-Baratz_B7.5_Lab1_LabGuide_Upper_Limb1_17-18.pdf
2017-08-21 20:34 - 2017-08-21 20:34 - 000032364 _____ C:\Users\mac386\Downloads\B7.5_ClassLetter_Presentations_MSK_Wk_17-18.pdf
2017-08-21 20:14 - 2017-08-21 20:14 - 000726217 _____ C:\Users\mac386\Downloads\Case 5.pdf
2017-08-21 19:30 - 2017-08-21 19:30 - 016995532 _____ C:\Users\mac386\Downloads\Nieman Hemostasis 2013.pptx
2017-08-18 02:23 - 2017-08-18 02:23 - 000437344 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2017-08-18 02:23 - 2017-08-18 02:23 - 000350816 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo59.dll
2017-08-18 02:23 - 2017-08-18 02:23 - 000066136 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynRMIHID_Aux.sys
2017-08-18 02:23 - 2017-08-18 02:23 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2017-08-18 02:23 - 2017-08-18 02:23 - 000053848 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2017-08-17 20:27 - 2017-08-17 20:27 - 000312832 _____ C:\Users\mac386\Downloads\CMAJ 2003 Jun 168(13) 1675-82,  (2).ppt
2017-08-17 20:27 - 2017-08-17 20:27 - 000311296 _____ C:\Users\mac386\Downloads\CMAJ 2003 Jun 168(13) 1675-82, .ppt
2017-08-17 20:27 - 2017-08-17 20:27 - 000283136 _____ C:\Users\mac386\Downloads\CMAJ 2003 Jun 168(13) 1675-82,  (1).ppt
2017-08-17 20:27 - 2017-08-17 20:27 - 000257536 _____ C:\Users\mac386\Downloads\CMAJ 2003 Jun 168(13) 1675-82,  (3).ppt
2017-08-17 12:05 - 2017-08-17 12:05 - 015748458 _____ C:\Users\mac386\Downloads\Video (1).MOV
2017-08-15 14:55 - 2017-09-08 06:43 - 000000000 ____D C:\Users\mac386\AppData\LocalLow\Mozilla
2017-08-15 14:21 - 2017-08-15 14:33 - 074338871 _____ C:\Users\mac386\Downloads\Meyerson - Hematopathology Review_ August 03_ 2017 at 10_00 AM_default_8ff0c70f.mp4.crdownload
2017-08-15 13:55 - 2017-08-15 13:55 - 018187863 _____ C:\Users\mac386\Downloads\Maitta_Basics of Transfusion Medicine_2017.pptx
2017-08-15 13:52 - 2017-08-15 13:52 - 003179746 _____ C:\Users\mac386\Downloads\Stavrou_Acquired Bleeding Disorders_17-18.pptx
2017-08-15 13:51 - 2017-08-15 13:52 - 000443390 _____ C:\Users\mac386\Downloads\Schmaier_Acquired Bleeding Disorders Reading Material_2014.pdf
2017-08-15 13:50 - 2017-08-15 13:50 - 001137752 _____ C:\Users\mac386\Downloads\Stavrou_Congenital Bleeding Disorders_17-18.pptx
2017-08-15 13:49 - 2017-08-15 13:49 - 003040827 _____ C:\Users\mac386\Downloads\Nayak_Platelet Disorders_2015.pptx
2017-08-15 13:48 - 2017-08-15 13:48 - 003412603 _____ C:\Users\mac386\Downloads\Stavrou_Introduction to Hemostasis and Thrombosis_17-18.pptx
2017-08-15 13:44 - 2017-08-15 13:45 - 015714231 _____ C:\Users\mac386\Downloads\OBrien_Hemolysis TP_17-18.pptx
2017-08-15 13:39 - 2017-08-15 13:39 - 002449408 _____ C:\Users\mac386\Downloads\HP REVIEW- NORMAL HEME SLIDES.ppt
2017-08-15 13:39 - 2017-08-15 13:39 - 001340416 _____ C:\Users\mac386\Downloads\BLOCK 5-HP VM REVIEW on BLOOD-TISSUES 2017.ppt
2017-08-15 13:38 - 2017-08-15 13:38 - 010827143 _____ C:\Users\mac386\Downloads\Moore_B7.5_Red_Cell_Morphology_17-18.pptx
2017-08-15 09:38 - 2017-08-15 16:59 - 000717250 _____ C:\Users\mac386\Downloads\Primary Contact Transfer.pdf
2017-08-14 20:32 - 2017-09-07 22:54 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2017-08-14 13:59 - 2017-08-14 13:59 - 005845566 _____ C:\Users\mac386\Downloads\B5 Histo.apkg
2017-08-14 12:17 - 2017-08-14 12:17 - 000443966 _____ C:\Users\mac386\Downloads\doc20170809160647.pdf
2017-08-09 20:09 - 2017-08-09 20:09 - 006698496 _____ C:\Users\mac386\Downloads\Greenspan_Complement in Health and Disease_17-18.ppt
2017-08-09 20:09 - 2017-08-09 20:09 - 001941504 _____ C:\Users\mac386\Downloads\Greenspan_Transplantation Immunology_17-18.ppt
2017-08-09 20:07 - 2017-08-09 20:07 - 009903616 _____ C:\Users\mac386\Downloads\UE lec 2 Axilla _and_arm_17-18.ppt
2017-08-09 20:07 - 2017-08-09 20:07 - 001512221 _____ C:\Users\mac386\Downloads\Anishas plexux tutorial.pdf
2017-08-09 20:06 - 2017-08-09 20:06 - 010777926 _____ C:\Users\mac386\Downloads\Sy_Week 2 Immunology Review_2015.pptx
2017-08-09 20:05 - 2017-08-09 20:05 - 006917219 _____ C:\Users\mac386\Downloads\Sy_Vaccines Yesterday Today and Tomorrow_17-18.pptx
2017-08-09 20:04 - 2017-08-09 20:05 - 008456960 _____ C:\Users\mac386\Downloads\Sy_Tumor Immunology_17-18.pptx
2017-08-09 20:04 - 2017-08-09 20:04 - 009659904 _____ C:\Users\mac386\Downloads\Little_Hemoglobinopathies_2016.ppt
2017-08-09 20:03 - 2017-08-09 20:03 - 005307904 _____ C:\Users\mac386\Downloads\Little_Thalassemias_17-18.ppt
2017-08-09 20:02 - 2017-08-09 20:03 - 031855218 _____ C:\Users\mac386\Downloads\OBrien_Micro Macrocytic Anemias_17-18.pptx
2017-08-09 20:00 - 2017-08-09 20:01 - 032141165 _____ C:\Users\mac386\Downloads\OBrien_Normal Hematopoiesis Anemia Overview_17-18.pptx
2017-08-09 19:59 - 2017-08-09 20:00 - 006999742 _____ C:\Users\mac386\Downloads\Anthony_Autoimmune Diseases and Allergies_17-18.pptx
2017-08-09 19:57 - 2017-08-09 19:59 - 008834708 _____ C:\Users\mac386\Downloads\Sy_Immunodeficiency_17-18.pptx
2017-08-09 10:48 - 2017-07-31 22:38 - 000406544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2017-08-09 10:48 - 2017-07-31 22:36 - 002165752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2017-08-09 10:48 - 2017-07-31 22:36 - 000750496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2017-08-09 10:48 - 2017-07-31 22:36 - 000119712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2017-08-09 10:48 - 2017-07-31 22:35 - 000280472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2017-08-09 10:48 - 2017-07-31 22:35 - 000133904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2017-08-09 10:48 - 2017-07-31 22:34 - 000610584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2017-08-09 10:48 - 2017-07-31 22:34 - 000359552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2017-08-09 10:48 - 2017-07-31 22:34 - 000349600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2017-08-09 10:48 - 2017-07-31 22:34 - 000168864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2017-08-09 10:48 - 2017-07-31 22:32 - 000820128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-08-09 10:48 - 2017-07-31 22:31 - 000176024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\basecsp.dll
2017-08-09 10:48 - 2017-07-31 22:20 - 002956288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2017-08-09 10:48 - 2017-07-31 22:20 - 000404480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2017-08-09 10:48 - 2017-07-31 22:20 - 000154624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWWIN.EXE
2017-08-09 10:48 - 2017-07-31 22:18 - 013841408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2017-08-09 10:48 - 2017-07-31 22:18 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2017-08-09 10:48 - 2017-07-31 22:17 - 000034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tokenbinding.dll
2017-08-09 10:48 - 2017-07-31 22:14 - 000035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2017-08-09 10:48 - 2017-07-31 22:13 - 000364032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msIso.dll
2017-08-09 10:48 - 2017-07-31 22:13 - 000127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdeploy.dll
2017-08-09 10:48 - 2017-07-31 22:12 - 000229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scksp.dll
2017-08-09 10:48 - 2017-07-31 22:09 - 000394240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2017-08-09 10:48 - 2017-07-31 22:08 - 000267264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2017-08-09 10:48 - 2017-07-31 22:07 - 005961728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2017-08-09 10:48 - 2017-07-31 22:07 - 002671616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2017-08-09 10:48 - 2017-07-31 22:06 - 000798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2017-08-09 10:48 - 2017-07-31 22:03 - 001627136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2017-08-09 10:48 - 2017-07-31 21:30 - 003377664 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2017-08-09 10:48 - 2017-07-31 21:28 - 002516480 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 001311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjet40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswdat10.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000641536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswstr10.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000616448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrepl40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000518144 _____ C:\WINDOWS\SysWOW64\msjetoledb40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000475648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxbde40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspbde40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000343552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd3x40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000339968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msexcl40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrd2x40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjtes40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstext40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000240640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msltus40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000144896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjint40.dll
2017-08-09 10:48 - 2017-07-31 18:45 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msjter40.dll
2017-08-09 10:48 - 2017-07-28 01:23 - 000723360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2017-08-09 10:48 - 2017-07-28 01:20 - 000279968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2017-08-09 10:48 - 2017-07-28 01:15 - 000554400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2017-08-09 10:48 - 2017-07-28 01:10 - 002679200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2017-08-09 10:48 - 2017-07-28 01:07 - 000805816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2017-08-09 10:48 - 2017-07-28 00:48 - 001839872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2017-08-09 10:48 - 2017-07-28 00:48 - 000096648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmcmnutils.dll
2017-08-09 10:48 - 2017-07-28 00:47 - 002259768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2017-08-09 10:48 - 2017-07-28 00:40 - 005820984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2017-08-09 10:48 - 2017-07-28 00:40 - 000551200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2017-08-09 10:48 - 2017-07-28 00:38 - 004213656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2017-08-09 10:48 - 2017-07-28 00:37 - 000519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 020373408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 006761568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 005808640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 002424024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 001195760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 000866808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 000864248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 000173104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2017-08-09 10:48 - 2017-07-28 00:36 - 000090464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msacm32.dll
2017-08-09 10:48 - 2017-07-28 00:35 - 000988168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2017-08-09 10:48 - 2017-07-28 00:35 - 000277432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shlwapi.dll
2017-08-09 10:48 - 2017-07-28 00:33 - 000967584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2017-08-09 10:48 - 2017-07-28 00:33 - 000583160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2017-08-09 10:48 - 2017-07-28 00:33 - 000414296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2017-08-09 10:48 - 2017-07-28 00:27 - 000051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2017-08-09 10:48 - 2017-07-28 00:26 - 000044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2017-08-09 10:48 - 2017-07-28 00:21 - 000029184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmintegrator.dll
2017-08-09 10:48 - 2017-07-28 00:20 - 000079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2017-08-09 10:48 - 2017-07-28 00:20 - 000018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IpNatHlpClient.dll
2017-08-09 10:48 - 2017-07-28 00:19 - 000942592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2017-08-09 10:48 - 2017-07-28 00:19 - 000147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2017-08-09 10:48 - 2017-07-28 00:19 - 000117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryUpgrade.dll
2017-08-09 10:48 - 2017-07-28 00:18 - 000139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2017-08-09 10:48 - 2017-07-28 00:17 - 006728192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2017-08-09 10:48 - 2017-07-28 00:16 - 001291776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2017-08-09 10:48 - 2017-07-28 00:16 - 000470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2017-08-09 10:48 - 2017-07-28 00:16 - 000135680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2017-08-09 10:48 - 2017-07-28 00:15 - 005721600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2017-08-09 10:48 - 2017-07-28 00:15 - 000586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2017-08-09 10:48 - 2017-07-28 00:14 - 000368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2017-08-09 10:48 - 2017-07-28 00:14 - 000357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2017-08-09 10:48 - 2017-07-28 00:14 - 000331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2017-08-09 10:48 - 2017-07-28 00:13 - 000932352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2017-08-09 10:48 - 2017-07-28 00:13 - 000665600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2017-08-09 10:48 - 2017-07-28 00:13 - 000636416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2017-08-09 10:48 - 2017-07-28 00:12 - 000952832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2017-08-09 10:48 - 2017-07-28 00:12 - 000587776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2017-08-09 10:48 - 2017-07-28 00:12 - 000446464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2017-08-09 10:48 - 2017-07-28 00:12 - 000337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2017-08-09 10:48 - 2017-07-28 00:11 - 003667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2017-08-09 10:48 - 2017-07-28 00:11 - 001248768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2017-08-09 10:48 - 2017-07-28 00:10 - 001019904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2017-08-09 10:48 - 2017-07-28 00:10 - 000787456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2017-08-09 10:48 - 2017-07-28 00:10 - 000564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsvcs.dll
2017-08-09 10:48 - 2017-07-28 00:09 - 005225984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2017-08-09 10:48 - 2017-07-28 00:08 - 004559360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2017-08-09 10:48 - 2017-07-28 00:08 - 004417024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2017-08-09 10:48 - 2017-07-28 00:08 - 004056064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2017-08-09 10:48 - 2017-07-28 00:08 - 000760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2017-08-09 10:48 - 2017-07-28 00:08 - 000097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2017-08-09 10:48 - 2017-07-28 00:07 - 002211840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2017-08-09 10:48 - 2017-07-28 00:05 - 001536512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2017-08-09 10:48 - 2017-07-28 00:05 - 000892928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2017-08-09 10:48 - 2017-07-28 00:05 - 000538112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2017-08-09 10:48 - 2017-07-28 00:02 - 000877056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autoconv.exe
2017-08-09 10:48 - 2017-07-28 00:02 - 000853504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autofmt.exe
2017-08-09 10:48 - 2017-07-28 00:02 - 000077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2017-08-09 10:47 - 2017-07-31 22:39 - 008319392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-08-09 10:47 - 2017-07-31 22:38 - 000382368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2017-08-09 10:47 - 2017-07-31 22:32 - 002444704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-08-09 10:47 - 2017-07-31 22:32 - 000712600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2017-08-09 10:47 - 2017-07-31 22:31 - 005477088 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneCoreUAPCommonProxyStub.dll
2017-08-09 10:47 - 2017-07-31 22:31 - 002645680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-08-09 10:47 - 2017-07-31 22:31 - 000212384 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-08-09 10:47 - 2017-07-31 22:30 - 000723680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2017-08-09 10:47 - 2017-07-31 22:30 - 000411040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2017-08-09 10:47 - 2017-07-31 22:30 - 000410160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2017-08-09 10:47 - 2017-07-31 22:30 - 000315288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2017-08-09 10:47 - 2017-07-31 22:30 - 000182688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2017-08-09 10:47 - 2017-07-31 22:30 - 000143736 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2017-08-09 10:47 - 2017-07-31 22:16 - 000080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2017-08-09 10:47 - 2017-07-31 22:13 - 020504064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2017-08-09 10:47 - 2017-07-31 22:12 - 019336192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2017-08-09 10:47 - 2017-07-31 22:10 - 000358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2017-08-09 10:47 - 2017-07-31 22:07 - 011870208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2017-08-09 10:47 - 2017-07-31 22:04 - 006269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2017-08-09 10:47 - 2017-07-31 22:04 - 003656192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2017-08-09 10:47 - 2017-07-31 21:57 - 023677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-08-09 10:47 - 2017-07-31 21:45 - 003670016 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-08-09 10:47 - 2017-07-31 21:42 - 002199552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-08-09 10:47 - 2017-07-31 21:41 - 000110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-08-09 10:47 - 2017-07-31 21:40 - 017366528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-08-09 10:47 - 2017-07-31 21:37 - 000433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\msIso.dll
2017-08-09 10:47 - 2017-07-31 21:36 - 023681536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-08-09 10:47 - 2017-07-31 21:35 - 000692736 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-08-09 10:47 - 2017-07-31 21:34 - 000805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-08-09 10:47 - 2017-07-31 21:32 - 007336960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-08-09 10:47 - 2017-07-31 21:32 - 000176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2017-08-09 10:47 - 2017-07-31 21:31 - 012786176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-08-09 10:47 - 2017-07-31 21:31 - 004445696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-08-09 10:47 - 2017-07-31 21:31 - 001396736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2017-08-09 10:47 - 2017-07-31 21:30 - 008209920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-08-09 10:47 - 2017-07-31 21:30 - 002055168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-08-09 10:47 - 2017-07-31 21:30 - 001052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-08-09 10:47 - 2017-07-31 21:28 - 004730368 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-08-09 10:47 - 2017-07-31 21:27 - 001802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-08-09 10:47 - 2017-07-28 01:30 - 001068720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-08-09 10:47 - 2017-07-28 01:25 - 002399728 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-08-09 10:47 - 2017-07-28 01:24 - 002327456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-08-09 10:47 - 2017-07-28 01:24 - 000455584 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2017-08-09 10:47 - 2017-07-28 01:24 - 000116280 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2017-08-09 10:47 - 2017-07-28 01:23 - 002969888 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreUIComponents.dll
2017-08-09 10:47 - 2017-07-28 01:22 - 000923048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-08-09 10:47 - 2017-07-28 01:17 - 000660680 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2017-08-09 10:47 - 2017-07-28 01:16 - 007326128 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-08-09 10:47 - 2017-07-28 01:15 - 005302968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2017-08-09 10:47 - 2017-07-28 01:15 - 000872472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2017-08-09 10:47 - 2017-07-28 01:14 - 000654976 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2017-08-09 10:47 - 2017-07-28 01:13 - 007907344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-08-09 10:47 - 2017-07-28 01:13 - 006557520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-08-09 10:47 - 2017-07-28 01:13 - 002604248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-08-09 10:47 - 2017-07-28 01:13 - 001054280 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-08-09 10:47 - 2017-07-28 01:13 - 001033544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2017-08-09 10:47 - 2017-07-28 01:12 - 021353208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-08-09 10:47 - 2017-07-28 01:12 - 001337856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2017-08-09 10:47 - 2017-07-28 01:12 - 001325968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-08-09 10:47 - 2017-07-28 01:09 - 000529992 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2017-08-09 10:47 - 2017-07-28 01:09 - 000527976 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-08-09 10:47 - 2017-07-28 01:09 - 000387928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2017-08-09 10:47 - 2017-07-28 00:48 - 000100232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2017-08-09 10:47 - 2017-07-28 00:29 - 000142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2017-08-09 10:47 - 2017-07-28 00:26 - 000102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\officecsp.dll
2017-08-09 10:47 - 2017-07-28 00:26 - 000094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2017-08-09 10:47 - 2017-07-28 00:25 - 000231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyMATEnc.dll
2017-08-09 10:47 - 2017-07-28 00:25 - 000115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-08-09 10:47 - 2017-07-28 00:25 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhosdeployment.dll
2017-08-09 10:47 - 2017-07-28 00:24 - 000184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2017-08-09 10:47 - 2017-07-28 00:24 - 000136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryUpgrade.dll
2017-08-09 10:47 - 2017-07-28 00:24 - 000064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2017-08-09 10:47 - 2017-07-28 00:23 - 007931392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-08-09 10:47 - 2017-07-28 00:23 - 000778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyHrtfEnc.dll
2017-08-09 10:47 - 2017-07-28 00:23 - 000189440 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-08-09 10:47 - 2017-07-28 00:22 - 000500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.BlueLightReduction.dll
2017-08-09 10:47 - 2017-07-28 00:22 - 000491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Display.dll
2017-08-09 10:47 - 2017-07-28 00:22 - 000450048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2017-08-09 10:47 - 2017-07-28 00:22 - 000209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2017-08-09 10:47 - 2017-07-28 00:22 - 000197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2017-08-09 10:47 - 2017-07-28 00:21 - 008333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2017-08-09 10:47 - 2017-07-28 00:21 - 000699904 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-08-09 10:47 - 2017-07-28 00:21 - 000527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-08-09 10:47 - 2017-07-28 00:21 - 000165888 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-08-09 10:47 - 2017-07-28 00:20 - 000982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-08-09 10:47 - 2017-07-28 00:20 - 000524800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TileDataRepository.dll
2017-08-09 10:47 - 2017-07-28 00:19 - 001878016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-08-09 10:47 - 2017-07-28 00:19 - 000847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-08-09 10:47 - 2017-07-28 00:19 - 000687616 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-08-09 10:47 - 2017-07-28 00:19 - 000417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-08-09 10:47 - 2017-07-28 00:19 - 000412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2017-08-09 10:47 - 2017-07-28 00:19 - 000370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-08-09 10:47 - 2017-07-28 00:19 - 000229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SIHClient.exe
2017-08-09 10:47 - 2017-07-28 00:18 - 001468416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2017-08-09 10:47 - 2017-07-28 00:18 - 001260544 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2017-08-09 10:47 - 2017-07-28 00:18 - 000586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2017-08-09 10:47 - 2017-07-28 00:18 - 000536064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-08-09 10:47 - 2017-07-28 00:17 - 002805248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2017-08-09 10:47 - 2017-07-28 00:17 - 001886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-08-09 10:47 - 2017-07-28 00:17 - 000497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-08-09 10:47 - 2017-07-28 00:16 - 001046016 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2017-08-09 10:47 - 2017-07-28 00:16 - 000383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-08-09 10:47 - 2017-07-28 00:15 - 003204608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft.Bluetooth.Profiles.Gatt.dll
2017-08-09 10:47 - 2017-07-28 00:15 - 000986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2017-08-09 10:47 - 2017-07-28 00:14 - 004396032 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-08-09 10:47 - 2017-07-28 00:14 - 001305088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2017-08-09 10:47 - 2017-07-28 00:13 - 004535296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2017-08-09 10:47 - 2017-07-28 00:13 - 000809984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2017-08-09 10:47 - 2017-07-28 00:12 - 005557760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2017-08-09 10:47 - 2017-07-28 00:12 - 004707840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2017-08-09 10:47 - 2017-07-28 00:12 - 002939392 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2017-08-09 10:47 - 2017-07-28 00:12 - 002444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-08-09 10:47 - 2017-07-28 00:12 - 000406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-08-09 10:47 - 2017-07-28 00:11 - 001357312 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-08-09 10:47 - 2017-07-28 00:10 - 001706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2017-08-09 10:47 - 2017-07-28 00:10 - 000625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-08-09 10:47 - 2017-07-28 00:08 - 000600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2017-08-09 10:47 - 2017-07-28 00:07 - 000112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2017-08-09 10:47 - 2017-07-28 00:07 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2017-08-09 10:47 - 2017-07-28 00:07 - 000074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2017-08-09 10:47 - 2017-07-28 00:07 - 000059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmApiSetExtImplDesktop.dll
2017-08-09 10:47 - 2017-07-28 00:06 - 001833984 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2017-08-09 10:46 - 2017-07-31 22:33 - 000473240 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2017-08-09 10:46 - 2017-07-31 22:30 - 000082336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmcl.sys
2017-08-09 10:46 - 2017-07-31 22:26 - 000204192 _____ (Microsoft Corporation) C:\WINDOWS\system32\basecsp.dll
2017-08-09 10:46 - 2017-07-31 21:45 - 001275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\werconcpl.dll
2017-08-09 10:46 - 2017-07-31 21:45 - 000462848 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2017-08-09 10:46 - 2017-07-31 21:45 - 000092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wercplsupport.dll
2017-08-09 10:46 - 2017-07-31 21:44 - 000184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWWIN.EXE
2017-08-09 10:46 - 2017-07-31 21:44 - 000083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmbkmclr.sys
2017-08-09 10:46 - 2017-07-31 21:44 - 000077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2017-08-09 10:46 - 2017-07-31 21:41 - 000180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2017-08-09 10:46 - 2017-07-31 21:41 - 000130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2017-08-09 10:46 - 2017-07-31 21:41 - 000042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tokenbinding.dll
2017-08-09 10:46 - 2017-07-31 21:40 - 000290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2017-08-09 10:46 - 2017-07-31 21:39 - 000046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2017-08-09 10:46 - 2017-07-31 21:38 - 000153088 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdeploy.dll
2017-08-09 10:46 - 2017-07-31 21:38 - 000143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvcext.dll
2017-08-09 10:46 - 2017-07-31 21:37 - 000582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2017-08-09 10:46 - 2017-07-31 21:37 - 000255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\scksp.dll
2017-08-09 10:46 - 2017-07-31 21:33 - 001269760 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2017-08-09 10:46 - 2017-07-31 21:33 - 000315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2017-08-09 10:46 - 2017-07-31 21:30 - 000303104 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2017-08-09 10:46 - 2017-07-31 21:27 - 000574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2017-08-09 10:46 - 2017-07-31 21:27 - 000482816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2017-08-09 10:46 - 2017-07-31 21:26 - 000323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2017-08-09 10:46 - 2017-07-31 21:25 - 000249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2017-08-09 10:46 - 2017-07-31 21:25 - 000194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2017-08-09 10:46 - 2017-07-31 21:25 - 000140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2017-08-09 10:46 - 2017-07-28 01:24 - 000119904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcmnutils.dll
2017-08-09 10:46 - 2017-07-28 01:16 - 000961952 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2017-08-09 10:46 - 2017-07-28 01:15 - 000715168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2017-08-09 10:46 - 2017-07-28 01:14 - 000318232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2017-08-09 10:46 - 2017-07-28 01:13 - 000192264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2017-08-09 10:46 - 2017-07-28 01:13 - 000104432 _____ (Microsoft Corporation) C:\WINDOWS\system32\msacm32.dll
2017-08-09 10:46 - 2017-07-28 01:12 - 000323936 _____ (Microsoft Corporation) C:\WINDOWS\system32\shlwapi.dll
2017-08-09 10:46 - 2017-07-28 01:10 - 001114528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-08-09 10:46 - 2017-07-28 00:31 - 003995136 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2017-08-09 10:46 - 2017-07-28 00:30 - 001722880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dui70.dll
2017-08-09 10:46 - 2017-07-28 00:29 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-08-09 10:46 - 2017-07-28 00:26 - 000090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ofdeploy.exe
2017-08-09 10:46 - 2017-07-28 00:26 - 000022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\IpNatHlpClient.dll
2017-08-09 10:46 - 2017-07-28 00:25 - 003464704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2017-08-09 10:46 - 2017-07-28 00:25 - 000105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2017-08-09 10:46 - 2017-07-28 00:25 - 000097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Microsoft.Bluetooth.Legacy.LEEnumerator.sys
2017-08-09 10:46 - 2017-07-28 00:24 - 000584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2017-08-09 10:46 - 2017-07-28 00:24 - 000043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2017-08-09 10:46 - 2017-07-28 00:22 - 000778240 _____ C:\WINDOWS\system32\MBR2GPT.EXE
2017-08-09 10:46 - 2017-07-28 00:22 - 000555008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2017-08-09 10:46 - 2017-07-28 00:22 - 000259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-08-09 10:46 - 2017-07-28 00:21 - 000365056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2017-08-09 10:46 - 2017-07-28 00:21 - 000150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2017-08-09 10:46 - 2017-07-28 00:20 - 001015296 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2017-08-09 10:46 - 2017-07-28 00:19 - 000817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-08-09 10:46 - 2017-07-28 00:19 - 000566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-08-09 10:46 - 2017-07-28 00:18 - 001298432 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpasvc.dll
2017-08-09 10:46 - 2017-07-28 00:18 - 000925696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-08-09 10:46 - 2017-07-28 00:18 - 000777216 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2017-08-09 10:46 - 2017-07-28 00:17 - 000770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2017-08-09 10:46 - 2017-07-28 00:17 - 000420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2017-08-09 10:46 - 2017-07-28 00:15 - 000612864 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsvcs.dll
2017-08-09 10:46 - 2017-07-28 00:13 - 001293824 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-08-09 10:46 - 2017-07-28 00:13 - 000972288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2017-08-09 10:46 - 2017-07-28 00:09 - 000971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2017-08-09 10:46 - 2017-07-28 00:09 - 000579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2017-08-09 10:46 - 2017-07-28 00:06 - 000593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2017-08-09 10:46 - 2017-07-28 00:06 - 000093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2017-08-09 10:46 - 2017-07-28 00:05 - 001525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-08-09 10:46 - 2017-07-28 00:05 - 001087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2017-08-09 10:46 - 2017-07-28 00:05 - 000954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\autoconv.exe
2017-08-09 10:46 - 2017-07-28 00:05 - 000926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\autofmt.exe
2017-08-09 10:46 - 2017-07-28 00:05 - 000078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2017-08-09 07:30 - 2017-08-09 07:30 - 000000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-09-08 08:08 - 2017-07-10 11:42 - 001497982 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-08 07:59 - 2017-07-10 11:36 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-08 06:52 - 2016-07-02 13:21 - 000000000 ____D C:\Users\mac386\AppData\Local\Packages
2017-09-08 06:41 - 2016-02-28 06:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2017-09-08 06:41 - 2016-02-28 06:33 - 000000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-09-08 05:56 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2017-09-08 05:56 - 2017-03-18 17:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-08 05:56 - 2016-09-06 14:37 - 000000000 ____D C:\Users\mac386\Documents\YouCam
2017-09-08 05:54 - 2016-07-02 13:21 - 000000000 __SHD C:\Users\mac386\IntelGraphicsProfiles
2017-09-07 22:59 - 2017-03-18 07:40 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2017-09-07 22:56 - 2017-08-08 17:10 - 000000000 ____D C:\ProgramData\MuLog
2017-09-07 22:55 - 2017-07-10 12:12 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-07 22:54 - 2016-07-12 08:19 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2017-09-07 22:37 - 2017-07-10 11:43 - 000000000 ____D C:\Users\mac386
2017-09-07 22:37 - 2017-03-18 07:40 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2017-09-07 22:30 - 2016-07-03 13:01 - 000000000 ____D C:\ProgramData\Symantec
2017-09-07 22:20 - 2016-09-13 16:38 - 000007582 _____ C:\Users\mac386\AppData\Local\Resmon.ResmonCfg
2017-09-07 10:09 - 2017-03-18 17:03 - 000000000 ___HD C:\Program Files\WindowsApps
2017-09-07 10:09 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\AppReadiness
2017-09-06 13:38 - 2016-08-20 17:00 - 000000348 _____ C:\WINDOWS\Tasks\HPCeeScheduleFormac386.job
2017-09-05 16:06 - 2017-07-10 12:12 - 000003244 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleFormac386
2017-09-05 13:10 - 2016-03-01 08:54 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2017-09-05 09:28 - 2017-07-11 15:11 - 000000000 ____D C:\Users\mac386\Desktop\Cleanup
2017-09-05 09:04 - 2016-07-03 13:59 - 000002469 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat DC.lnk
2017-09-05 09:04 - 2016-07-03 13:59 - 000002091 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller DC.lnk
2017-08-31 07:37 - 2017-07-10 12:12 - 000004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{92F33908-DCF6-4C6E-BDA0-5A81B01D40ED}
2017-08-26 13:40 - 2017-03-18 16:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-08-24 12:17 - 2016-03-03 12:00 - 000000000 ____D C:\Program Files (x86)\Google
2017-08-24 11:26 - 2017-07-10 11:40 - 000000000 ____D C:\Program Files (x86)\HP
2017-08-24 11:26 - 2015-08-06 11:21 - 000000000 ____D C:\SWSetup
2017-08-24 10:55 - 2016-02-28 06:25 - 000000000 ____D C:\Users\Lexi\AppData\Roaming\Skype
2017-08-24 10:54 - 2016-02-28 06:00 - 000000000 ____D C:\Users\Lexi\AppData\Local\Packages
2017-08-24 10:42 - 2016-02-28 06:15 - 000000000 ___RD C:\Users\Lexi\Dropbox
2017-08-24 10:39 - 2016-07-11 23:23 - 000000000 ___RD C:\Users\mac386\Dropbox
2017-08-24 09:52 - 2015-07-16 02:05 - 000000000 __RHD C:\Users\Public\AccountPictures
2017-08-24 09:51 - 2016-02-28 06:00 - 000000000 __SHD C:\Users\Lexi\IntelGraphicsProfiles
2017-08-23 21:34 - 2016-05-07 15:48 - 000544424 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-08-23 21:11 - 2016-07-10 19:27 - 000000000 ____D C:\Users\mac386\AppData\Roaming\Skype
2017-08-23 19:35 - 2017-04-22 13:39 - 000000000 ____D C:\Program Files (x86)\Dropbox
2017-08-18 02:23 - 2016-09-06 13:43 - 001804688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2017-08-18 02:23 - 2016-09-06 13:43 - 000055384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2017-08-18 02:23 - 2016-09-02 03:02 - 000815712 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2017-08-18 02:23 - 2016-09-02 03:02 - 000716384 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2017-08-18 02:23 - 2016-09-02 03:02 - 000289376 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2017-08-17 13:22 - 2016-09-02 06:42 - 000000000 ____D C:\Users\mac386\Documents\Personal
2017-08-16 18:33 - 2017-06-15 21:22 - 000000000 ___RD C:\Program Files (x86)\Skype
2017-08-16 18:33 - 2016-02-28 06:24 - 000000000 ____D C:\ProgramData\Skype
2017-08-15 14:36 - 2016-12-23 13:03 - 000000000 ____D C:\Users\mac386\AppData\Local\Spotify
2017-08-15 14:29 - 2016-12-23 13:02 - 000000000 ____D C:\Users\mac386\AppData\Roaming\Spotify
2017-08-14 10:08 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\rescache
2017-08-10 16:18 - 2017-07-10 12:12 - 000004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2017-08-10 12:14 - 2017-07-10 11:36 - 000412768 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinMetadata
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\system32\oobe
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ____D C:\WINDOWS\ShellExperiences
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files\Windows Photo Viewer
2017-08-10 12:07 - 2017-03-18 17:03 - 000000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-08-09 14:41 - 2016-10-12 14:11 - 000000000 ____D C:\Users\mac386\Documents\Textbooks
2017-08-09 10:53 - 2016-02-28 10:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2017-08-09 10:50 - 2016-02-28 10:39 - 140394280 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-08-09 07:40 - 2016-02-17 17:04 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
 
==================== Files in the root of some directories =======
 
2016-09-13 16:38 - 2017-09-07 22:20 - 000007582 _____ () C:\Users\mac386\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-09-05 09:55
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-08-2017
Ran by mac386 (08-09-2017 09:45:13)
Running from C:\Users\mac386\Downloads
Windows 10 Home Version 1703 (X64) (2017-07-10 16:26:52)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-4261554209-109482278-4118987465-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4261554209-109482278-4118987465-503 - Limited - Disabled)
Guest (S-1-5-21-4261554209-109482278-4118987465-501 - Limited - Disabled)
Lexi (S-1-5-21-4261554209-109482278-4118987465-1001 - Administrator - Enabled) => C:\Users\Lexi
mac386 (S-1-5-21-4261554209-109482278-4118987465-1002 - Administrator - Enabled) => C:\Users\mac386
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Symantec Endpoint Protection (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (HKLM\...\{0EBC740B-4363-489B-8C27-98CE0740BA19}) (Version: 18.2.4 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat DC (2015) (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-0E0F06755100}) (Version: 15.006.30355 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)
Anki (HKLM-x32\...\Anki) (Version:  - )
AutoHotkey 1.1.24.02 (HKLM\...\AutoHotkey) (Version: 1.1.24.02 - Lexikos)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CellProfiler 2.1.1 r20140723174500 (HKLM-x32\...\{E6064576-236D-4C12-ACBD-BC8B606F9329}_is1) (Version:  - Broad Institute)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.04072 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\{8EC376A3-F279-47D7-97AA-7BA2A2EB006E}) (Version: 3.1.04072 - Cisco Systems, Inc.) Hidden
CyberLink PhotoDirector (HKLM\...\{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.6907 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.6.6907 - CyberLink Corp.)
CyberLink Power Media Player 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.6.7428 - CyberLink Corp.)
CyberLink PowerDirector 12 (HKLM\...\{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4508 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.5.4508 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.2.4508 - CyberLink Corp.)
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKLM-x32\...\Dropbox) (Version: 33.4.23 - Dropbox, Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.2 - Dropbox, Inc.)
Dropbox Update Helper (HKLM-x32\...\{099218A5-A723-43DC-8DB5-6173656A1E94}) (Version: 1.3.65.1 - Dropbox, Inc.) Hidden
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 6.5.4 (HKLM-x32\...\{D47E7D82-0D98-11E7-A6D6-005056951CAD}) (Version: 6.5.4.4720 - Evernote Corp.)
f.lux (HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\Flux) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 60.0.3112.113 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
GraphPad Prism 7 (HKLM-x32\...\{E37D94D0-6897-11E3-030A-00508F646B89}) (Version: 7.00 - GraphPad Software)
HELLDIVERS™ (HKLM\...\Steam App 394510) (Version:  - Arrowhead Game Studios)
Herramientas de corrección de Microsoft Office 2016: español (HKLM-x32\...\{90160000-001F-0C0A-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
hott notes 4 (HKLM-x32\...\hott notes 4) (Version: 4.1 - Joel Riley)
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{1504CF6F-8139-497F-86FC-46174B67CF7F}) (Version: 2.20.51 - Hewlett-Packard Company)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.8305.5282 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{56D27851-B9A6-430F-875A-E2D7A3802C7B}) (Version: 8.4.19.3 - HP Inc.)
HP Support Solutions Framework (HKLM-x32\...\{E7F7C2F3-0BEF-471A-A6F3-4B43002034F4}) (Version: 12.7.27.15 - HP Inc.)
HP System Event Utility (HKLM-x32\...\{1A13FE59-6F7E-44DC-9AA7-2D7B9E08C2D4}) (Version: 1.4.6 - Hewlett-Packard Company)
HP Welcome (HKLM\...\HPWelcome) (Version: 1.0 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{F5852AA8-30EA-495B-84B4-C2403C935D6F}) (Version: 1.1.19.1 - HP)
Intel® Chipset Device Software (HKLM-x32\...\{c7f54569-0018-439c-809a-48046a4d4ebc}) (Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10603.192 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1163 - Intel Corporation)
Intel® PRO/Wireless Driver (HKLM\...\{4200af36-26bc-4a5a-ae8b-1291373ec2e1}) (Version: 18.40.0003.4359 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 21.20.16.4542 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.5.2.1088 - Intel Corporation)
Intel® Visual Fortran Redistributables on IA-32 (HKLM-x32\...\{F4DA0EDD-E9AC-4808-8B64-8FD33C51BD0F}) (Version: 14.0.237 - Intel Corporation)
Intel® WiDi (HKLM\...\{5DD8D7E4-87F1-4134-AD28-4228FB1A03BA}) (Version: 6.0.44.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (HKLM-x32\...\{86905E62-645F-482E-A417-82C812ABD787}) (Version: 1.1.383 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{5068B0F8-CE24-4B61-9C2F-301B411FFB9C}) (Version: 18.1.1611.3223 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{d5572863-793c-4ec8-872a-43cccc68b948}) (Version: 18.40.0 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{5355ACC0-A7BF-4384-9078-C58CCCA03AF5}) (Version: 1.0.27373.1395 - Intel Corporation)
Java 8 Update 141 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180141F0}) (Version: 8.0.1410.15 - Oracle Corporation)
Malwarebytes version 3.2.2.2018 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2018 - Malwarebytes)
Mendeley Desktop 1.17.2 (HKLM-x32\...\Mendeley Desktop) (Version: 1.17.2 - Mendeley Ltd.)
Microsoft Office Professional Plus 2016 (HKLM-x32\...\Office16.PROPLUS) (Version: 16.0.4266.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\OneDriveSetup.exe) (Version: 17.3.6943.0625 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50907.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Minitab 17 (HKLM-x32\...\{F14DC15E-2394-4FE4-99B5-8BD5C4F1965F}) (Version: 17.3.1.0 - Minitab, Inc.) Hidden
Minitab 17 (HKLM-x32\...\Minitab 17 17.3.1.0) (Version: 17.3.1.0 - Minitab, Inc.)
Mozilla Firefox 55.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 55.0.3 (x86 en-US)) (Version: 55.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 55.0.3.6445 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Outils de vérification linguistique 2016 de Microsoft Office - Français (HKLM-x32\...\{90160000-001F-040C-0000-0000000FF1CE}) (Version: 16.0.4266.1001 - Microsoft Corporation) Hidden
Overcooked (HKLM\...\Steam App 448510) (Version:  - Ghost Town Games Ltd.)
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
RadiAnt DICOM Viewer (64-bit) (HKLM-x32\...\RadiAnt64) (Version: 3.2.2.12895 - Medixant)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.103 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.7.107.2016 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7917 - Realtek Semiconductor Corp.)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Seagate Dashboard (HKLM-x32\...\{EA266F00-A8E7-43A0-8DED-FBFE3F076934}) (Version: 4.8.5.0 - Seagate)
Skype Click to Call (HKLM-x32\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.39 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.39.102 - Skype Technologies S.A.)
SofTest v11 (HKLM-x32\...\{C363046A-F22A-4B9B-92A3-77B76F265DE6}) (Version: 11.30.2 - Examsoft) Hidden
SofTest v11 (HKLM-x32\...\InstallShield_{C363046A-F22A-4B9B-92A3-77B76F265DE6}) (Version: 11.30.2 - Examsoft)
Spotify (HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\Spotify) (Version: 1.0.60.492.gbb40dab8 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Symantec Endpoint Protection (HKLM\...\{F90EEB64-A4CB-484A-8666-812D9F92B37B}) (Version: 12.1.7004.6500 - Symantec Corporation)
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.3.31.31 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.76421 - TeamViewer)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-0011-0000-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-002A-0000-1000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
Update for Skype for Business 2016 (KB3213548) 32-Bit Edition (HKLM-x32\...\{90160000-012B-0409-0000-0000000FF1CE}_Office16.PROPLUS_{BCEFD249-ED9A-4696-9022-9001BF7C7FB3}) (Version:  - Microsoft)
US - InterMathonalNLW (HKLM\...\{D6A9BA80-1B67-4BED-A703-5065343FBF14}) (Version: 1.0.3.40 - Company)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
wepa Print App (HKLM-x32\...\{1BA07F7C-F49A-46B6-A0D9-4D58535FF15A}) (Version: 2017.7.19.0 - wēpa)
WhatsApp (HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\WhatsApp) (Version: 0.2.1880 - WhatsApp)
Windows 10 Update and Privacy Settings (HKLM\...\{4DFCD818-036A-4229-A67D-CF17DC461D92}) (Version: 1.0.14.0 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\ZoomUMX) (Version: 4.0 - Zoom Video Communications, Inc.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers1: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers1: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers1: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\vpshell2.dll [2016-06-22] (Symantec Corporation)
ContextMenuHandlers2: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\vpshell2.dll [2016-06-22] (Symantec Corporation)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2010-11-18] (Igor Pavlov)
ContextMenuHandlers4: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.18.0.dll [2017-08-22] (Dropbox, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\System32\DriverStore\FileRepository\120322.inf_amd64_496b556827a662cb\igfxDTCM.dll [2017-02-22] (Intel Corporation)
ContextMenuHandlers6: [Adobe.Acrobat.ContextMenu] -> {A6595CD1-BF77-430A-A452-18696685F7C7} => C:\Program Files (x86)\Adobe\Acrobat 2015\Acrobat Elements\ContextMenuShim64.dll [2015-03-17] (Adobe Systems Inc.)
ContextMenuHandlers6: [LDVPMenu] -> {8BEEE74D-455E-4616-A97A-F6E86C317F32} => C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\vpshell2.dll [2016-06-22] (Symantec Corporation)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2017-08-21] (Malwarebytes)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03B4B25A-EE75-4B26-B88D-80949D8CC0CC} - System32\Tasks\SDMsgUpdate (Local) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-22] ()
Task: {17120537-5F14-4E64-9E10-84EEBB76E019} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {1AF3BEB0-38AE-4EF8-9740-09B5CB9D09AB} - System32\Tasks\HPCeeScheduleFormac386 => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-05-12] (HP Development Company, L.P.)
Task: {1C0FB6C8-C093-4507-9689-9745341D8DC0} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {21E14280-8E79-4582-9D4F-39D561D69686} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-07-19] (Adobe Systems Incorporated)
Task: {2584952B-1347-43D5-89CD-0A6C5569F0F7} - System32\Tasks\mac386 Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC)
Task: {2D48E8E3-884C-4321-AB6A-B83AB13EC4F7} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2017-06-22] (HP Inc.)
Task: {3A4E05A1-65D4-4EA9-94D4-2B1ED0E618FC} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {43EC43FE-FD10-4D82-80F8-E0D556A50748} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {45FDAB89-8C3F-4D6A-A279-69CADC4CCF9A} - System32\Tasks\mac386 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2017-07-21] (Seagate Technology LLC)
Task: {4617C04C-5A16-4181-A58C-227DD8053859} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {4AF82FCF-E530-40BE-90DE-34445AF21B82} - System32\Tasks\MssUpdater => C:\Program Files (x86)\Minitab\Minitab 17\MssUpdater.exe [2016-02-19] (Minitab, Inc.)
Task: {4C53AEBA-55D9-439A-8DBD-A66476A013FD} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-11-07] (HP Inc.)
Task: {5BC9CB47-5EC1-4294-BB0D-3F6E56944F75} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-22] (Dropbox, Inc.)
Task: {7276A582-F19A-43C1-8736-808B7E91F916} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-04-22] (Dropbox, Inc.)
Task: {7867E13C-DD2A-4E83-9738-FE4B555C0E92} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2017-07-21] (Seagate Technology LLC)
Task: {7FB5B647-DE05-47D0-95B4-3AB1D0FC38C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
Task: {803F9C5D-174B-4E62-8B4E-EDE943F541F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {8167C8E9-7B31-4622-9F00-B8A5B34615C6} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-06-24] (Intel Corporation)
Task: {82B0F5F6-E541-415B-9B25-125857A3CE62} - System32\Tasks\Avast SecureLine => C:\Program Files\AVAST Software\SecureLine\SecureLine.exe
Task: {94CEC122-29D5-496D-BB65-11C15910C88D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\Office16\msoia.exe [2015-07-31] (Microsoft Corporation)
Task: {A2BA4C52-7709-40CC-BDC4-5B75DFC96D0F} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {A388301C-230A-415A-BEF5-A7840BCA7B47} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2015-05-21] (Hewlett-Packard Development Company, L.P.)
Task: {A49168D6-D02E-4467-A006-FE7D1F9025D5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-24] (Google Inc.)
Task: {B622FA02-0F97-46A1-97FE-9E5C0CB96739} - System32\Tasks\{5D0A2F5E-D30A-43DA-98FD-6A64A45333C6} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.64.101/en/abandoninstall?page=tsProgressBar
Task: {BFB72118-962B-45B6-82A6-FFD79371E15A} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
Task: {C222A27C-D022-43FA-88FD-57DA1898C358} - System32\Tasks\SDMsgUpdate (TE) => C:\SmartDraw 2016\Messages\SDNotify.exe [2016-01-22] ()
Task: {C31E45A3-9CB3-4CB1-901C-0D5F3C7B4D2E} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [2015-09-08] (CyberLink Corp.)
Task: {CEAD7125-DB4E-40F7-BC29-B1AE86B143E3} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Product Configurator => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\ProductConfig.exe [2017-08-14] (HP Inc.)
Task: {D43547B1-44A8-4920-90A2-398E2799B960} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2017-04-07] (HP Inc.)
Task: {D74E5313-D3A3-4EFA-9983-B89C4D831140} - System32\Tasks\mac386 DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2017-07-21] (Seagate Technology LLC)
Task: {E5799198-D528-4FB3-A134-90E5802BF45B} - System32\Tasks\avast! SL Update => C:\Program Files\AVAST Software\SecureLine\SLUpdate.exe
Task: {EA64681D-BA5E-442D-A483-33D2F42EC84A} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe
Task: {EB38C485-ECCF-4CA2-A442-D77961D9B6C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2017-08-09] (Microsoft Corporation)
Task: {EC4175C7-AD0C-4693-B37A-90ED0C326740} - System32\Tasks\{535591E5-84B0-40C6-9FBA-03EEDD34EB41} => "c:\program files (x86)\google\chrome\application\chrome.exe" hxxp://ui.skype.com/ui/0/7.26.64.101/en/abandoninstall?page=tsProgressBar
Task: {F011B496-896D-485F-BEFF-0276F3ECDC2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant printer driver installation => C:\WINDOWS\TEMP\sp80660.exe <==== ATTENTION
Task: {F742D279-5B39-4FC3-B148-92F744262F34} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2017-08-03] (HP Inc.)
Task: {F9B6BB0A-EC01-4F2A-80ED-8591F6F6EF06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-08-24] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleFormac386.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
ShortcutWithArgument: C:\Users\mac386\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9501e18d7c2ab92e\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 2"
ShortcutWithArgument: C:\Users\mac386\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Priceline.com.lnk -> C:\Program Files (x86)\Hewlett-Packard\Shared\WizLink.exe () -> hxxp://www.priceline.com/?refid=PLHBC6240OPQ&refclickid=square
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-21 12:08 - 2014-04-14 18:59 - 000389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2017-03-18 16:58 - 2017-03-18 16:58 - 000138000 _____ () C:\WINDOWS\SYSTEM32\inputhost.dll
2016-11-11 12:42 - 2016-10-13 05:07 - 001208832 _____ () C:\Program Files\AutoHotkey\AutoHotkey.exe
2017-08-28 15:49 - 2017-08-23 04:48 - 003824472 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libglesv2.dll
2017-08-28 15:49 - 2017-08-23 04:48 - 000100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\libegl.dll
2017-09-08 06:41 - 2017-08-24 11:27 - 002264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2017-03-18 16:59 - 2017-03-18 22:31 - 001731072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2013-10-10 17:48 - 2013-10-10 17:48 - 000063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2016-06-22 01:38 - 2016-06-22 01:38 - 000578856 ____C () C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\AvPluginImpl.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 000148664 _____ () C:\Program Files (x86)\Evernote\Evernote\zlibwapi.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 026137272 _____ () C:\Program Files (x86)\Evernote\Evernote\libcef.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 000212664 _____ () C:\Program Files (x86)\Evernote\Evernote\websockets.dll
2017-03-20 11:57 - 2017-03-20 11:57 - 000321208 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2017-03-20 11:10 - 2017-03-20 11:10 - 000740352 _____ () C:\Program Files (x86)\Evernote\Evernote\libglesv2.dll
2017-03-20 11:10 - 2017-03-20 11:10 - 000130048 _____ () C:\Program Files (x86)\Evernote\Evernote\libegl.dll
2017-08-23 19:34 - 2017-08-22 12:55 - 000757568 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_watchdog.dll
2017-08-23 19:34 - 2017-08-22 12:55 - 001787200 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_crashpad.dll
2017-08-10 16:55 - 2017-08-22 12:53 - 000100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000020800 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2017-08-23 19:34 - 2017-08-22 12:56 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000125904 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2017-08-23 19:34 - 2017-08-22 12:56 - 001862992 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2017-08-23 19:34 - 2017-08-22 12:56 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2017-08-23 19:34 - 2017-08-22 12:53 - 000145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2017-08-23 19:34 - 2017-08-22 12:55 - 000116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2017-08-10 16:55 - 2017-08-22 12:53 - 000105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000062784 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000040248 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2017-08-23 19:34 - 2017-08-22 12:53 - 000020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000116176 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2017-08-23 19:34 - 2017-08-22 12:55 - 000392656 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2017-08-10 16:55 - 2017-08-22 12:57 - 000392512 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2017-08-23 19:34 - 2017-08-22 12:56 - 000022336 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000082264 _____ () C:\Program Files (x86)\Dropbox\Client\winenumhandles.compiled._WinEnumHandles.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000025432 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 003928896 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 001826104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 001972024 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000171336 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000042816 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000531264 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000133432 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000224064 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000207680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000054608 _____ () C:\Program Files (x86)\Dropbox\Client\winrpcserver.compiled._RPCServer.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000022864 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32.compiled._winffi_user32.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000069968 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000021848 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror.compiled._winffi_winerror.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000022872 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet.compiled._winffi_wininet.pyd
2017-08-23 19:34 - 2017-08-22 12:56 - 000027488 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-08-10 16:55 - 2017-08-22 12:53 - 000349128 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000103232 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWinExtras.pyd
2017-08-10 16:55 - 2017-08-22 12:58 - 000023896 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000025936 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2017-08-23 19:34 - 2017-08-22 12:55 - 000036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2017-08-23 19:34 - 2017-08-22 12:57 - 000033112 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2017-08-23 19:34 - 2017-08-22 12:55 - 000293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2017-08-23 19:34 - 2017-08-22 12:56 - 000181056 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2017-08-10 16:55 - 2017-08-22 12:57 - 000030536 _____ () C:\Program Files (x86)\Dropbox\Client\wind3d11.compiled._wind3d11.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000024368 _____ () C:\Program Files (x86)\Dropbox\Client\libEGL.dll
2017-08-23 19:34 - 2017-08-22 12:57 - 001637688 _____ () C:\Program Files (x86)\Dropbox\Client\libGLESv2.dll
2017-08-10 16:55 - 2017-08-22 12:57 - 000026456 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-08-10 16:55 - 2017-08-22 12:57 - 000023368 _____ () C:\Program Files (x86)\Dropbox\Client\wincrashpad.compiled._Crashpad.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000546104 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2017-08-23 19:34 - 2017-08-22 12:57 - 000357688 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2017-08-10 16:55 - 2017-08-22 12:55 - 000697304 _____ () C:\Program Files (x86)\Dropbox\Client\QtQuick\Controls\qtquickcontrolsplugin.dll
2017-07-21 09:09 - 2017-07-21 09:09 - 000729792 _____ () C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\PocoNet.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 07:04 - 2015-07-10 07:02 - 000000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\mac386\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 129.22.4.32 - 129.22.104.132
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\StartupFolder: => "OneNote 2016.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Cisco AnyConnect Secure Mobility Agent for Windows"
HKLM\...\StartupApproved\Run32: => "LogMeIn Hamachi Ui"
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-4261554209-109482278-4118987465-1002\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_28C2ECE2C2B1E72C83B33FB7773B21FF"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{D44D5564-61EB-411E-B7A2-4349F28F1140}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{C48DE134-04F0-4495-936C-C31E506C9F7D}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{0C2551DC-17E7-4F25-B7A7-DFFDF9EC89BE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{451C57F4-2321-4FE3-A487-035F1EFD2038}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe
FirewallRules: [{A97C39B1-02A0-4050-B12F-808CA45F0B99}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{38BE994F-FD4F-448D-BCC3-54AB15EA3A3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{83F55BC3-92D2-4265-A90D-BD0A7835A651}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5E43007E-B529-434B-8D7E-8B12F38BDDE3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{54B73E05-5734-4377-91F9-B4DA5FB18ADB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overcooked\Overcooked.exe
FirewallRules: [{C34B6ED1-7698-47B3-842B-19136D3F7B90}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Overcooked\Overcooked.exe
FirewallRules: [{E0C81B96-688F-4539-B23F-69A168ABF397}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{8F14BDEE-B927-4812-BC38-86C1E26F336C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x86\helldivers.exe
FirewallRules: [{C4F80AC6-EAC5-4CE4-9E5F-C88E48A74AA1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{47466F47-580F-4403-8A21-86E945A3F2C0}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Helldivers\binaries\x64\helldivers.exe
FirewallRules: [{6F735185-BE74-495C-BDA3-0C47B54621FF}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{BE925E0D-41C0-4EA1-8072-E15AF60F6C92}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{4A82DF3C-C8E5-41D6-BC0D-6E4F1505122D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0CCDE1D2-D521-4C23-9E10-5CCC9A72F228}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{F3EC7639-468D-4AA8-9456-A65F07AFE785}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C8F38E73-CD90-4CC2-8C8A-B3805866E51E}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{F7F1E2DB-FA5C-4276-924F-EE4C2716BFFC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{E000FC2F-86FA-4D53-A9C3-18863BA80B38}] => (Allow) c:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{0B714B20-454F-4B07-9AFC-5CA55C55F62F}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{3E14B7C2-95BB-4EBF-942F-8CB52E37852B}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{3328BD3E-A569-45FA-96FB-22819377F2C5}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{83C0AB8A-2A66-415B-9B94-88D6939F8C3A}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{D247F932-5F11-4D80-A1B7-37430024D951}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1C544112-AA48-4D70-9D3F-A7DD238D2459}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7EAB18CD-3CD6-4138-93F9-0175BEA3E7A8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2CE55FA7-5A8A-4B38-A3A0-93B43C52269A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{0660C941-F9C3-4DBE-B687-CDB88D72AFF8}C:\users\lexi\desktop\image j\imagej\imagej.exe] => (Allow) C:\users\lexi\desktop\image j\imagej\imagej.exe
FirewallRules: [UDP Query User{5942E90D-A711-4A04-90D1-DEB0ED2D7478}C:\users\lexi\desktop\image j\imagej\imagej.exe] => (Allow) C:\users\lexi\desktop\image j\imagej\imagej.exe
FirewallRules: [{AE3F3053-612C-494F-894B-03D29CC7AF17}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe
FirewallRules: [{80F3A83F-7A5A-415B-9814-81704C4117FE}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin\ccSvcHst.exe
FirewallRules: [{FF55CEB3-7F8D-4197-951D-21D7D6F877FE}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\snac64.exe
FirewallRules: [{2A870FB0-5E44-4443-87F3-852110470FC5}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.7004.6500.105\Bin64\snac64.exe
FirewallRules: [{DE52178D-A860-42B6-BF6A-5F59090A838C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{AF94B613-ED29-4745-BEFF-C7AD70B558E7}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\lync.exe
FirewallRules: [{EC98457C-0411-4850-8993-B1E2B7C1937F}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{4B87DEBB-B617-462B-B0D7-9981D4681A2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office16\UcMapi.exe
FirewallRules: [{D4731397-B95E-4777-A774-91726EF5F0E0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{16CC5255-1C10-4159-8FF4-512121561600}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{29FB5233-5AB1-45B7-B29A-3A0B0AB4550D}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{108E2222-DF8A-4027-928D-E8C383E045AD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{7B440494-C9C4-431E-BB28-7057EEE46D24}] => (Allow) LPort=8888
 
==================== Restore Points =========================
 
24-08-2017 11:07:27 Removed LogMeIn Hamachi
06-09-2017 14:05:27 Windows Update
06-09-2017 14:07:23 Windows Update
08-09-2017 06:36:12 Installed Seagate Dashboard.
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/08/2017 09:40:24 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: consent.exe, version: 10.0.15063.0, time stamp: 0xe0f856c4
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000409
Fault offset: 0x0000000000000000
Faulting process id: 0x2500
Faulting application start time: 0x01d328a80591aa6e
Faulting application path: c:\windows\system32\consent.exe
Faulting module path: unknown
Report Id: 8fc896c0-c324-4cbb-80c9-0d22358b10b4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (09/08/2017 08:00:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Unexpected conflict discarding   13 1.0.0.127.in-addr.arpa. PTR MANGO.local.
 
Error: (09/08/2017 08:00:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 127.0.0.1:5353   15 1.0.0.127.in-addr.arpa. PTR MANGO-2.local.
 
Error: (09/08/2017 07:32:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 10062
 
Error: (09/08/2017 07:32:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 10062
 
Error: (09/08/2017 07:32:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/08/2017 07:32:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8687
 
Error: (09/08/2017 07:32:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8687
 
Error: (09/08/2017 07:32:29 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (09/08/2017 07:32:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7297
 
 
System errors:
=============
Error: (09/08/2017 08:00:11 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 05:54:57 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 05:54:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/08/2017 05:54:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/07/2017 11:06:50 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x800f0247: HP Development Company, L.P. - System - 5/26/2017 12:00:00 AM - 6.0.21.1.
 
Error: (09/07/2017 10:56:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SoftshieldService service to connect.
 
Error: (09/07/2017 10:55:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The CldFlt service failed to start due to the following error: 
The request is not supported.
 
Error: (09/07/2017 10:29:50 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/07/2017 10:23:07 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (09/07/2017 10:17:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2017-09-07 22:59:49.143
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-07 22:59:49.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-07 22:54:52.678
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\macustom.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-09-06 13:45:18.808
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-06 13:45:18.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-06 13:38:19.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\macustom.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-08-24 12:19:59.222
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-24 12:19:59.215
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-08-24 12:11:59.128
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\System32\macustom.dll that did not meet the Windows signing level requirements.
 
  Date: 2017-08-23 21:36:07.071
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6700HQ CPU @ 2.60GHz
Percentage of memory in use: 65%
Total physical RAM: 8045.72 MB
Available physical RAM: 2771.76 MB
Total Virtual: 9837.72 MB
Available Virtual: 3246.65 MB
 
==================== Drives ================================
 
Drive c: (Windows) (Fixed) (Total:904.79 GB) (Free:672.27 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:25.43 GB) (Free:2.84 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: (Seagate Backup Plus Drive) (Fixed) (Total:1863.01 GB) (Free:1740.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 0664B0C4)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 1CDEB493)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,749 posts
  • MVP

A few things jump out and grab me:

 

Uninstall Bonjour as your version is not Win 10 compatible.

 

I see reference to a random named dll:

 

  Date: 2017-09-06 13:38:19.880
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\wininit.exe) attempted to load \Device\HarddiskVolume3\Windows\System32mac\ustom.dll that did not meet the Windows signing level requirements.
 
I say random because a Google search for "macustom.dll" (with quotes) does not get any hits.
 
Put macustom.dll in FRST's Search Box and Search Registry.  You will get one file.  Please post it.
 
I think 
SofTest v11 (HKLM-x32\...\{C363046A-F22A-4B9B-92A3-77B76F265DE6}) (Version: 11.30.2 - Examsoft) Hidden
SofTest v11 (HKLM-x32\...\InstallShield_{C363046A-F22A-4B9B-92A3-77B76F265DE6}) (Version: 11.30.2 - Examsoft)
is responsible for this error:
 
Error: (09/07/2017 10:56:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SoftshieldService service to connect.
 

 

 

 
I don't know anything about the program tho it appears legit.  Perhaps the macustom.dll belongs to them?  You might see if there is a newer version available.

 

 

Get Process Explorer
 
Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  
 
View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures
 
 
Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  
 
Wait a full minute then:
 
File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.

  • 0

#3
demani

demani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Hello, 

 

So softtest is an examination sotware that my medical school uses to allows us to use a secure browser while taking exams but not acess anything else. For the fastbar search for the .dll I couldn't quite figure out which button to hit (scan? search files? search registry? or fix?)

 

Procexp text

Process CPU Private Bytes Working Set PID Description Company Name Verified Signer
System Idle Process 89.35 52 K 8 K 0
procexp64.exe 2.29 41,736 K 75,844 K 16628 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 1.55 176 K 15,672 K 4
Interrupts 1.08 0 K 0 K n/a Hardware Interrupts and DPCs
SynTPEnh.exe 0.78 7,332 K 22,120 K 8176 Synaptics TouchPad 64-bit Enhancements Synaptics Incorporated (Verified) Synaptics Incorporated
audiodg.exe 0.85 29,400 K 36,948 K 14612
ccSvcHst.exe 0.45 59,340 K 20,860 K 3840 Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
MBAMService.exe 1.21 285,676 K 166,892 K 4624 Malwarebytes Service Malwarebytes (Verified) Malwarebytes Corporation
dwm.exe 0.24 63,188 K 63,760 K 1124
csrss.exe 0.22 2,528 K 5,076 K 808
explorer.exe 0.15 72,708 K 124,164 K 8872 Windows Explorer Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.18 121,828 K 117,116 K 3404 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
vpnui.exe 0.10 26,172 K 41,108 K 16088 Cisco AnyConnect User Interface Cisco Systems, Inc. (Verified) Cisco Systems
chrome.exe 0.07 113,244 K 86,576 K 16380 Google Chrome Google Inc. (Verified) Google Inc
Dropbox.exe 0.05 167,540 K 98,392 K 10820 Dropbox Dropbox, Inc. (Verified) Dropbox
WmiPrvSE.exe 0.05 14,832 K 26,152 K 6900
taskhostw.exe 0.02 9,752 K 23,068 K 1544 Host Process for Windows Tasks Microsoft Corporation (Verified) Microsoft Windows
svchost.exe 0.06 9,260 K 17,564 K 3132 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
HPMSGSVC.exe 0.04 2,256 K 9,324 K 10688 HP Message Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
hottnotes.exe 0.03 4,092 K 14,292 K 10776 hott notes by Joel Riley (No signature was present in the subject) by Joel Riley
chrome.exe 0.05 191,640 K 229,244 K 12416 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe < 0.01 3,828 K 11,336 K 2040 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
Evernote.exe 0.01 366,800 K 232,772 K 1436 Evernote Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
chrome.exe 0.01 243,516 K 172,420 K 11096 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 0.02 134,340 K 155,876 K 11876 Google Chrome Google Inc. (Verified) Google Inc
svchost.exe 0.02 8,440 K 15,680 K 796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
services.exe 0.01 5,484 K 9,636 K 968
chrome.exe 0.01 354,352 K 303,484 K 12988 Google Chrome Google Inc. (Verified) Google Inc
TeamViewer_Service.exe 0.01 7,452 K 20,160 K 14460 TeamViewer 11 TeamViewer GmbH (Verified) TeamViewer GmbH
chrome.exe 0.01 95,740 K 53,820 K 5164 Google Chrome Google Inc. (Verified) Google Inc
ONENOTE.EXE 0.01 83,100 K 94,852 K 6748 Microsoft OneNote Microsoft Corporation (Verified) Microsoft Corporation
chrome.exe 0.01 94,460 K 53,080 K 4244 Google Chrome Google Inc. (Verified) Google Inc
flux.exe 0.01 26,680 K 16,692 K 10436 f.lux Flux Software LLC (Verified) Michael Herf
MobileService.exe 0.01 28,872 K 34,564 K 3872 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
chrome.exe 0.01 109,460 K 56,028 K 11188 Google Chrome Google Inc. (Verified) Google Inc
Memory Compression < 0.01 1,208 K 481,940 K 4556
msiexec.exe < 0.01 26,396 K 39,604 K 12436
chrome.exe < 0.01 94,076 K 52,052 K 8524 Google Chrome Google Inc. (Verified) Google Inc
EvernoteNw.exe < 0.01 12,672 K 33,472 K 5196 (Verified) EVERNOTE CORPORATION
chrome.exe < 0.01 239,372 K 212,040 K 17528 Google Chrome Google Inc. (Verified) Google Inc
lsass.exe 0.01 7,204 K 14,692 K 984 Local Security Authority Process Microsoft Corporation (Verified) Microsoft Windows Publisher
chrome.exe < 0.01 75,616 K 53,460 K 404 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 75,088 K 48,252 K 12256 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe < 0.01 33,748 K 33,064 K 7556 Google Chrome Google Inc. (Verified) Google Inc
SecurityHealthService.exe < 0.01 4,048 K 11,792 K 3820 Windows Security Health Service Microsoft Corporation (Verified) Microsoft Windows Publisher
wuauclt.exe < 0.01 5,656 K 15,360 K 12432
AGSService.exe < 0.01 4,876 K 15,068 K 3848 Adobe Genuine Software Integrity Service Adobe Systems, Incorporated (Verified) Adobe Systems Incorporated
EvernoteNw.exe < 0.01 62,544 K 26,148 K 16908 (Verified) EVERNOTE CORPORATION
WUDFHost.exe 26,528 K 15,220 K 1476
svchost.exe < 0.01 3,064 K 9,592 K 3284 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 11,716 K 20,104 K 1256 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
fontdrvhost.exe < 0.01 4,868 K 12,976 K 668
esif_assist_64.exe < 0.01 1,900 K 5,104 K 7788
EvernoteClipper.exe < 0.01 2,340 K 9,072 K 10848 Evernote Clipper Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
svchost.exe < 0.01 13,356 K 27,548 K 676 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
tv_w32.exe < 0.01 1,836 K 7,228 K 3776
spoolsv.exe 18,912 K 30,076 K 2692 Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows
svchost.exe < 0.01 3,744 K 12,092 K 10028 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
tv_x64.exe < 0.01 2,028 K 6,956 K 17420
ccSvcHst.exe < 0.01 6,060 K 4,536 K 7888 Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ZeroConfigService.exe 5,632 K 16,152 K 3936 Intel® PROSet/Wireless Zero Configure Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
WmiPrvSE.exe 11,812 K 21,096 K 6936
wlanext.exe < 0.01 6,084 K 16,664 K 2840
WinStore.App.exe Suspended 27,028 K 62,624 K 16152 Store Microsoft Corporation (No signature was present in the subject) Microsoft Corporation
winlogon.exe 2,884 K 9,780 K 916
wininit.exe 1,432 K 5,964 K 836
WepaUploader.exe 0.16 87,084 K 74,992 K 9516 Wepa Microsoft (Verified) wepa
VSSVC.exe 2,564 K 8,880 K 12324 Microsoft® Volume Shadow Copy Service Microsoft Corporation (Verified) Microsoft Windows
vpnagent.exe 8,004 K 10,072 K 2556 VPN Agent Service Cisco Systems, Inc. (Verified) Cisco Systems
unsecapp.exe 2,260 K 7,048 K 6764
TeamViewer.exe 13,528 K 34,900 K 5780 TeamViewer 11 TeamViewer GmbH (Verified) TeamViewer GmbH
taskhostw.exe 8,356 K 22,584 K 1988
SystemSettings.exe Suspended 16,392 K 44,928 K 3568 Settings Microsoft Corporation (Verified) Microsoft Windows
SynTPHelper.exe 1,656 K 6,148 K 8944
SynTPEnhService.exe 1,740 K 4,804 K 3952 64-bit Synaptics Pointing Enhance Service Synaptics Incorporated (Verified) Synaptics Incorporated
svchost.exe < 0.01 13,872 K 14,384 K 1576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 7,068 K 15,060 K 8616 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,824 K 17,896 K 2504 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 18,792 K 33,716 K 18380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 0.01 3,464 K 11,912 K 1972 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,944 K 20,716 K 7196 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,884 K 11,568 K 3008 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,352 K 8,548 K 3100 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,624 K 8,096 K 2316 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,072 K 17,624 K 3484 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 23,104 K 27,188 K 3156 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,180 K 6,320 K 7628 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,348 K 8,188 K 2304 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,592 K 13,528 K 2308 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,092 K 6,600 K 2272 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,568 K 10,124 K 2192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,636 K 9,024 K 3140 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,448 K 25,700 K 7464 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,432 K 18,876 K 3448 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,704 K 21,196 K 3476 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,516 K 16,168 K 1852 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 5,168 K 13,008 K 3064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,956 K 8,220 K 16472 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,492 K 14,444 K 2576 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,544 K 6,992 K 10960 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,552 K 8,952 K 3172 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 3,932 K 9,124 K 2324 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 7,912 K 22,524 K 3164 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 6,908 K 10,584 K 2264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe < 0.01 2,504 K 8,412 K 3116 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,472 K 19,428 K 9548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,720 K 10,512 K 1300 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,300 K 8,292 K 1668 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,188 K 10,316 K 11588 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,852 K 7,004 K 1064 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,360 K 11,388 K 1372 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,064 K 15,908 K 10632 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,608 K 6,232 K 8996 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,472 K 8,564 K 1808 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,644 K 6,384 K 6232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,200 K 4,100 K 564 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,552 K 9,928 K 1232 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,636 K 5,604 K 1264 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,700 K 10,216 K 1652 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,552 K 6,084 K 1660 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,288 K 8,740 K 1772 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,272 K 7,820 K 2004 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,128 K 6,808 K 2012 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,688 K 7,488 K 1092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,500 K 9,852 K 2872 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,436 K 7,928 K 2796 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,976 K 7,996 K 2908 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,084 K 7,520 K 2380 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,188 K 14,000 K 3148 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,952 K 9,772 K 3412 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,508 K 5,716 K 3492 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 3,172 K 9,924 K 3656 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,560 K 5,492 K 3548 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 4,420 K 14,948 K 4532 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,884 K 7,336 K 4068 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,280 K 11,632 K 5128 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,756 K 11,520 K 6192 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,892 K 21,904 K 12276 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,844 K 6,556 K 5240 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,812 K 10,564 K 11092 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 2,460 K 7,480 K 11076 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 8,056 K 10,336 K 5208 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,960 K 7,404 K 7052 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
svchost.exe 1,904 K 7,784 K 15020 Host Process for Windows Services Microsoft Corporation (Verified) Microsoft Windows Publisher
smss.exe 500 K 1,048 K 504
sihost.exe 8,020 K 26,008 K 7468 Shell Infrastructure Host Microsoft Corporation (Verified) Microsoft Windows
ShellExperienceHost.exe Suspended 38,148 K 60,440 K 8928 Windows Shell Experience Host Microsoft Corporation (Verified) Microsoft Windows
SettingSyncHost.exe 3,024 K 3,976 K 8000 Host Process for Setting Synchronization Microsoft Corporation (Verified) Microsoft Windows
SearchUI.exe Suspended 43,468 K 57,724 K 7120 Search and Cortana application Microsoft Corporation (Verified) Microsoft Windows
SearchProtocolHost.exe 2,776 K 11,348 K 15040
SearchIndexer.exe 25,684 K 25,636 K 9992 Microsoft Windows Search Indexer Microsoft Corporation (Verified) Microsoft Windows
SearchFilterHost.exe 1,880 K 6,948 K 10860
Seagate.Dashboard.Uploader.exe 27,796 K 43,308 K 10492 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
Seagate.Dashboard.DASWindowsService.exe 28,116 K 32,824 K 7412 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
RuntimeBroker.exe < 0.01 28,388 K 47,560 K 9024 Runtime Broker Microsoft Corporation (Verified) Microsoft Windows
RtkNGUI64.exe < 0.01 10,320 K 14,988 K 10344 Realtek HD Audio Manager Realtek Semiconductor (Verified) Realtek Semiconductor Corp.
RtkAudioService64.exe 2,800 K 8,308 K 2140 Realtek Audio Service Realtek Semiconductor (Verified) Realtek Semiconductor Corp
RichVideo64.exe 2,056 K 6,932 K 3856 RichVideo Module (Verified) CyberLink Corp.
RegSrvc.exe 2,616 K 9,200 K 3928 Intel® PROSet/Wireless Registry Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
RAVBg64.exe < 0.01 7,148 K 12,604 K 2228
procexp.exe 3,564 K 11,316 K 6344 Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
PresentationFontCache.exe 25,432 K 16,356 K 7132 PresentationFontCache.exe Microsoft Corporation (Verified) Microsoft Corporation
POWERPNT.EXE 166,020 K 88,856 K 15284 Microsoft PowerPoint Microsoft Corporation (Verified) Microsoft Corporation
ONENOTEM.EXE 1,868 K 1,848 K 13840 Send to OneNote Tool Microsoft Corporation (Verified) Microsoft Corporation
nlssrv32.exe 1,252 K 3,936 K 3908 This service enables products that use the Nalpeiron Licensing System Nalpeiron Ltd. (Verified) Nalpeiron Inc
msiexec.exe 6,512 K 12,688 K 15528
MSASCuiL.exe 2,684 K 10,068 K 10292 Windows Defender notification icon Microsoft Corporation (Verified) Microsoft Windows
mbamtray.exe 21,560 K 24,064 K 7804 Malwarebytes Tray Application Malwarebytes (Verified) Malwarebytes Corporation
jusched.exe < 0.01 4,044 K 14,260 K 10896 Java Update Scheduler Oracle Corporation (Verified) Oracle America
jhi_service.exe 1,740 K 6,272 K 11440 Intel® Dynamic Application Loader Host Interface Intel Corporation (Verified) Intel Corporation - Embedded Subsystems and IP Blocks Group
igfxEM.exe 6,428 K 12,424 K 7852 igfxEM Module Intel Corporation (Verified) Intel® pGFX
igfxCUIService.exe 2,372 K 7,812 K 1912 igfxCUIService Module Intel Corporation (Verified) Intel® pGFX
ibtsiva.exe 1,584 K 4,444 K 3328 Intel® Wireless Bluetooth® iBtSiva Service Intel Corporation (Verified) Intel® Wireless Connectivity Solutions
IAStorDataMgrSvc.exe 35,116 K 40,560 K 11268 IAStorDataSvc Intel Corporation (Verified) Intel Corporation - Rapid Storage Technology
HPWMISVC.exe 1,716 K 6,276 K 17960 HP WMI Service Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
HPSupportSolutionsFrameworkService.exe 46,396 K 34,636 K 12992 HP Support Solutions Framework Service HP Inc. (Verified) HP Inc.
hpservice.exe 1,596 K 4,816 K 2092 HP Service HP (Verified) HP Inc.
HPRadioMgr64.exe 2,688 K 9,336 K 11056 HP Radio Manager HP (Verified) HP Inc.
hpqwmiex.exe 2,528 K 9,548 K 12768 HP CASL Framework Service HP (Verified) Hewlett-Packard Company
hpqwmiex.exe 2,516 K 9,300 K 8888 HP Software Framework WMI Service Hewlett-Packard Company (Verified) Hewlett-Packard Company
GoogleCrashHandler64.exe 2,104 K 88 K 8392
GoogleCrashHandler.exe 2,052 K 788 K 1804
fontdrvhost.exe 2,268 K 4,180 K 552
EvtEng.exe 6,604 K 14,804 K 3944 Intel® PROSet/Wireless Event Log Service Intel® Corporation (Verified) Intel Corporation-Wireless Connectivity Solutions
EvernoteTray.exe 2,004 K 8,048 K 8668 Evernote Tray Application Evernote Corp., 305 Walnut Street, Redwood City, CA 94063 (Verified) EVERNOTE CORPORATION
EvernoteNw.exe 84,600 K 31,296 K 6100 (Verified) EVERNOTE CORPORATION
esif_uf.exe 2,380 K 6,852 K 3864 Intel® Dynamic Platform and Thermal Framework Intel Corporation (Verified) Intel® Software
DropboxUpdate.exe 2,508 K 296 K 1528
Dropbox.exe < 0.01 3,288 K 10,816 K 11132 Dropbox Dropbox, Inc. (Verified) Dropbox
Dropbox.exe 2,432 K 8,532 K 11064 Dropbox Dropbox, Inc. (Verified) Dropbox
dllhost.exe 3,336 K 14,832 K 1000
dllhost.exe 2,708 K 9,148 K 7000 COM Surrogate Microsoft Corporation (Verified) Microsoft Windows
DeviceAgent.exe 41,688 K 28,812 K 12376 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
DbxSvc.exe 3,060 K 5,728 K 3364 Dropbox Service Dropbox, Inc. (Verified) Dropbox
DBAgent.exe 4,976 K 21,880 K 11208 Seagate Dashboard Seagate Technology LLC (Verified) Seagate Technology LLC
dasHost.exe 6,204 K 13,956 K 3056
csrss.exe < 0.01 1,936 K 5,080 K 700
CoolSense.exe 2,660 K 1,012 K 9184 HP CoolSense Hewlett-Packard Development Company, L.P. (Verified) Hewlett-Packard Company
conhost.exe 1,812 K 5,800 K 2852
chrome.exe 43,276 K 38,768 K 11716 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 53,460 K 49,408 K 12204 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 51,048 K 55,848 K 8092 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 44,384 K 39,284 K 14996 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 29,824 K 29,832 K 12700 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 30,876 K 29,844 K 5144 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 28,756 K 28,804 K 16252 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 4,824 K 10,844 K 12196 Google Chrome Google Inc. (Verified) Google Inc
chrome.exe 6,280 K 11,768 K 10228 Google Chrome Google Inc. (Verified) Google Inc
Calculator.exe Suspended 16,628 K 38,344 K 1888 (No signature was present in the subject)
AutoHotkey.exe 3,176 K 10,148 K 10660 AutoHotkey Unicode 64-bit (No signature was present in the subject)
ApplicationFrameHost.exe 17,536 K 29,584 K 3632 Application Frame Host Microsoft Corporation (Verified) Microsoft Windows
aesm_service.exe 3,088 K 8,628 K 8732 Intel® SGX Application Enclave Services Manager Intel Corporation (Verified) Intel® Corporation
acrotray.exe 2,124 K 8,168 K 1760 AcroTray Adobe Systems Inc. (Verified) Adobe Systems

  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,749 posts
  • MVP

Put macustom.dll in FRST's Search Box and hit the Search Registry button.  You will get one file.  Please post it.

 

I'm not saying softtest is malware just that it is not compatible with this version of windows or perhaps is just a bad install.  Try a new install.


  • 0

#5
demani

demani

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts

Thanks! Sorry I didn't understand the original info 

 

Farbar Recovery Scan Tool (x64) Version: 13-09-2017 02
Ran by mac386 (14-09-2017 11:30:38)
Running from C:\Program Files\Cleanup
Boot Mode: Normal
 
================== Search Registry: "macustom.dll" ===========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4261554209-109482278-4118987465-1002\Components\AC69CD9AE623E744FB2C412A7E1A3C23]
"08AB9A6D76B1DEB47A30055643F3FB41"="C:\?WINDOWS\SysWOW64\macustom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-21-4261554209-109482278-4118987465-1002\Components\D8B82A277E78D7D4CB4E5D4312B27FDE]
"08AB9A6D76B1DEB47A30055643F3FB41"="C:\?WINDOWS\system32\macustom.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs]
"C:\WINDOWS\system32\macustom.dll"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\SharedDlls]
"C:\WINDOWS\system32\macustom.dll"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\a0000409]
"Layout File"="macustom.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\a0000409]
"Layout Display Name"="@%SystemRoot%\system32\macustom.dll,-1000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\a0000409]
"Custom Language Display Name"="@%SystemRoot%\system32\macustom.dll,-1100"
 
====== End of Search ======

  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,749 posts
  • MVP

macustom.dll doesn't look like malware.  Something to do with keyboad layout.  

 

We can submit the file to virustotal and see what they say:

 

 
Easiest way to submit a file is to copy the path:
 
c:\Windows\System32\macustom.dll
 
Then
Go to virustotal.com with your browser.  Click on Choose File then when the file chooser window opens, move down to the File Name: box and then Ctrl + v and the path should appear.  Hit Open and it should return to the main page with macustom.dll chosen.  Click on Scan it.  If it knows the file already it will tell you it's already been analyzed and offer you a choice of Reanalyze and View Last Analysis.  In that case click on View Last Analysis.  If it doesn't know the file it will take a minute to query 50+  different anti-virus companies.  In either case, If the Detection ratio: is not 0 / 50+ then copy the Analysis page and paste it into the forum.  You can just hit Ctrl + a then Ctrl + c to copy the page then go to a reply and Ctrl + v.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP