OTL logfile created on: 1/12/2018 1:08:01 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steve\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.18792)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
23.95 Gb Total Physical Memory | 19.56 Gb Available Physical Memory | 81.65% Memory free
23.95 Gb Paging File | 19.11 Gb Available in Paging File | 79.79% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223.57 Gb Total Space | 100.76 Gb Free Space | 45.07% Space Free | Partition Type: NTFS
Drive D: | 1566.80 Gb Total Space | 500.88 Gb Free Space | 31.97% Space Free | Partition Type: NTFS
Drive E: | 103.84 Gb Total Space | 27.95 Gb Free Space | 26.91% Space Free | Partition Type: NTFS
Drive K: | 192.38 Gb Total Space | 61.20 Gb Free Space | 31.81% Space Free | Partition Type: NTFS
Drive S: | 931.51 Gb Total Space | 457.59 Gb Free Space | 49.12% Space Free | Partition Type: NTFS
 
Computer Name: BERT | User Name: Steve | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - File not found -- 
PRC - [2018/01/12 13:06:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Downloads\OTL.exe
PRC - [2017/12/13 15:41:04 | 000,288,848 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe
PRC - [2017/12/13 05:18:24 | 000,037,864 | ---- | M] (Python Software Foundation) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
PRC - [2017/12/13 05:18:22 | 016,971,752 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
PRC - [2017/12/13 05:18:22 | 002,346,472 | ---- | M] (Plex) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Tuner Service.exe
PRC - [2017/12/13 05:18:22 | 002,102,248 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe
PRC - [2017/12/13 05:18:20 | 004,518,376 | ---- | M] (Plex, Inc.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex DLNA Server.exe
PRC - [2017/12/05 08:12:04 | 000,022,304 | ---- | M] (Intel) -- C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
PRC - [2017/11/15 18:54:37 | 006,086,232 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2017/10/19 21:29:10 | 000,417,400 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
PRC - [2017/05/02 13:20:29 | 000,218,336 | ---- | M] (Tweaking.com) -- C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
PRC - [2017/01/18 18:48:06 | 005,535,064 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2017/01/18 18:02:42 | 000,588,136 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2017/01/16 15:06:42 | 001,175,976 | ---- | M] (Acronis International GmbH) -- C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
PRC - [2017/01/16 00:26:42 | 000,752,224 | ---- | M] (DEVGURU Co., LTD.) -- C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
PRC - [2016/12/21 14:13:50 | 007,013,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
PRC - [2016/11/13 19:59:32 | 000,425,864 | ---- | M] (Acronis International GmbH) -- C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
PRC - [2016/04/19 12:19:34 | 001,049,464 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2016/04/19 12:09:18 | 005,571,944 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2016/04/19 12:07:10 | 000,314,744 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2016/02/12 17:01:12 | 000,019,440 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2015/08/22 13:28:30 | 000,365,120 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
PRC - [2015/08/22 13:28:30 | 000,165,440 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe
PRC - [2012/09/12 23:38:44 | 000,204,136 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2004/03/17 06:45:30 | 000,118,784 | ---- | M] (CompuBridge, Inc.) -- C:\Program Files (x86)\Autospell60\autospel.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
MOD - [2017/12/13 05:18:50 | 000,930,280 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
MOD - [2017/12/13 05:18:50 | 000,218,088 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
MOD - [2017/12/13 05:18:50 | 000,071,656 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
MOD - [2017/12/13 05:18:50 | 000,041,448 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
MOD - [2017/12/13 05:18:48 | 000,095,720 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
MOD - [2017/12/13 05:18:48 | 000,050,152 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
MOD - [2017/12/13 05:18:48 | 000,024,552 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
MOD - [2017/12/13 05:18:46 | 000,694,248 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
MOD - [2017/12/13 05:18:46 | 000,143,336 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
MOD - [2017/12/13 05:18:46 | 000,083,432 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
MOD - [2017/12/13 05:18:46 | 000,018,920 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
MOD - [2017/12/13 05:18:44 | 000,772,072 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
MOD - [2017/12/13 05:18:44 | 000,064,488 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\TeVii.dll
MOD - [2017/12/13 05:18:42 | 000,115,688 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
MOD - [2017/12/13 05:18:42 | 000,059,880 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
MOD - [2017/12/13 05:18:40 | 001,962,984 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\opencv_core2411.dll
MOD - [2017/12/13 05:18:40 | 001,741,288 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\opencv_imgproc2411.dll
MOD - [2017/12/13 05:18:40 | 000,025,576 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\lyric_lite.dll
MOD - [2017/12/13 05:18:38 | 001,549,104 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libstdc++-6.dll
MOD - [2017/12/13 05:18:38 | 001,083,368 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
MOD - [2017/12/13 05:18:38 | 000,203,240 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
MOD - [2017/12/13 05:18:38 | 000,190,952 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
MOD - [2017/12/13 05:18:36 | 000,127,136 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libgcc_s_dw2-1.dll
MOD - [2017/12/13 05:18:36 | 000,074,728 | ---- | M] () -- C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
MOD - [2017/09/19 07:24:44 | 002,842,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\3c4fd32f8f98f8159fd50bb3c7961ff7\System.Runtime.Serialization.ni.dll
MOD - [2017/09/19 07:24:44 | 000,802,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\81d0b8ede1f0debc1e753f573b5d8f2f\System.ServiceModel.Internals.ni.dll
MOD - [2017/09/19 07:24:27 | 000,118,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\d933b806156cc1e36e61d867de679f4c\SMDiagnostics.ni.dll
MOD - [2017/09/19 07:12:19 | 000,991,744 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8cd2ea81270dc2a06c42b413068201b0\System.Configuration.ni.dll
MOD - [2017/09/19 07:12:18 | 007,577,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\a5b56d2bc05d7d8a9550a2e4e04e7593\System.Xml.ni.dll
MOD - [2017/09/19 07:12:17 | 007,684,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\cd861c2270d996d2662e3ba03ef388a9\System.Core.ni.dll
MOD - [2017/09/19 07:12:14 | 010,336,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\c6ee4d494416e8f67ef0b51fde04327a\System.ni.dll
MOD - [2017/09/19 07:12:10 | 020,493,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\5a63cba6fca9851d84db4a2860bf633a\mscorlib.ni.dll
MOD - [2017/01/18 18:48:06 | 005,535,064 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
MOD - [2017/01/18 18:40:48 | 020,956,944 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers.dll
MOD - [2017/01/18 18:02:42 | 000,588,136 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
MOD - [2017/01/18 18:02:20 | 000,396,208 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\resource.dll
MOD - [2017/01/18 18:01:52 | 000,049,584 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\rpc_client.dll
MOD - [2017/01/18 18:01:42 | 007,993,264 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\qt_resources.dll
MOD - [2016/12/21 14:01:52 | 000,248,240 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\sync_agent_api.dll
MOD - [2016/08/29 22:57:46 | 000,444,336 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll
MOD - [2016/08/29 20:16:44 | 000,685,488 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\sqlite3.dll
MOD - [2016/08/29 20:16:36 | 000,115,632 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Home\expat.dll
MOD - [2016/08/15 10:28:56 | 000,129,968 | ---- | M] () -- C:\Program Files (x86)\Acronis\TrueImageHome\afcdpapi.dll
MOD - [2012/09/12 23:38:52 | 007,955,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2012/09/12 23:38:52 | 000,341,352 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2012/09/12 23:38:52 | 000,127,336 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2012/09/12 23:38:52 | 000,028,008 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2012/09/12 23:38:44 | 002,144,104 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QTCore4.dll
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - [2018/01/08 18:20:29 | 010,962,648 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (CmdAgent)
SRV:[b]64bit:[/b] - [2018/01/08 18:13:47 | 002,875,816 | ---- | M] (COMODO) [On_Demand | Stopped] -- C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe -- (cmdvirth)
SRV:[b]64bit:[/b] - [2018/01/08 15:15:16 | 000,051,016 | ---- | M] (Dropbox, Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\DbxSvc.exe -- (DbxSvc)
SRV:[b]64bit:[/b] - [2017/11/01 08:07:08 | 006,234,056 | ---- | M] (Malwarebytes) [Disabled | Stopped] -- C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe -- (MBAMService)
SRV:[b]64bit:[/b] - [2017/10/19 21:29:10 | 000,225,400 | ---- | M] (Logitech Inc.) [Disabled | Stopped] -- C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe -- (LogiRegistryService)
SRV:[b]64bit:[/b] - [2017/08/13 10:51:09 | 000,116,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:[b]64bit:[/b] - [2017/06/01 15:50:53 | 000,543,112 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:[b]64bit:[/b] - [2017/06/01 15:44:08 | 000,324,608 | ---- | M] (Realtek Semiconductor) [Disabled | Stopped] -- C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe -- (RtkAudioService)
SRV:[b]64bit:[/b] - [2017/03/07 19:15:56 | 000,824,592 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe -- (USER_ESRV_SVC_QUEENCREEK)
SRV:[b]64bit:[/b] - [2017/03/07 19:15:56 | 000,824,592 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel\SUR\QUEENCREEK\esrv_svc.exe -- (ESRV_SVC_QUEENCREEK)
SRV:[b]64bit:[/b] - [2017/03/07 19:04:22 | 000,157,456 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Intel Driver and Support Assistant\SUR\SurSvc.exe -- (SystemUsageReportSvc_QUEENCREEK)
SRV:[b]64bit:[/b] - [2016/11/03 10:17:36 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:[b]64bit:[/b] - [2016/10/18 08:41:28 | 000,116,736 | ---- | M] (Stas'M Corp.) [Auto | Running] -- C:\Windows\SysNative\rdpwrap.dll -- (TermService)
SRV:[b]64bit:[/b] - [2016/08/28 17:18:26 | 000,622,872 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64)
SRV:[b]64bit:[/b] - [2016/08/22 10:19:43 | 001,386,496 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\diagtrack.dll -- (DiagTrack)
SRV:[b]64bit:[/b] - [2016/05/09 15:25:24 | 000,152,640 | ---- | M] (SEIKO EPSON CORPORATION) [Disabled | Stopped] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE -- (EPSON_PM_RPCV4_06)
SRV:[b]64bit:[/b] - [2016/05/09 07:17:12 | 011,127,016 | ---- | M] (DisplayLink Corp.) [Disabled | Stopped] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:[b]64bit:[/b] - [2016/02/12 17:01:12 | 000,019,440 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV:[b]64bit:[/b] - [2016/02/02 07:27:26 | 001,439,424 | ---- | M] (Disc Soft Ltd) [Disabled | Stopped] -- C:\Program Files\DAEMON Tools Ultra\DiscSoftBusService.exe -- (Disc Soft Ultra Bus Service)
SRV:[b]64bit:[/b] - [2015/11/29 19:13:40 | 000,741,056 | ---- | M] (@ByELDI) [Auto | Running] -- C:\Program Files\KMSpico\Service_KMS.exe -- (Service KMSELDI)
SRV:[b]64bit:[/b] - [2015/07/02 14:21:26 | 000,356,808 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:[b]64bit:[/b] - [2015/03/29 17:55:23 | 000,803,872 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2015/03/29 17:55:23 | 000,732,160 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV:[b]64bit:[/b] - [2015/03/29 16:47:24 | 001,068,032 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\restore_aw_assistant.exe -- (AURService)
SRV:[b]64bit:[/b] - [2014/06/06 16:11:32 | 001,008,384 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV:[b]64bit:[/b] - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:[b]64bit:[/b] - [2010/03/18 14:25:55 | 000,126,976 | ---- | M] (CrypKey (Canada) Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\Crypserv.exe -- (CrypKey License)
SRV:[b]64bit:[/b] - [2009/07/13 19:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:[b]64bit:[/b] - [2009/04/21 11:59:08 | 002,869,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Disabled | Stopped] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2018/01/05 09:36:00 | 000,194,000 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2017/12/15 05:47:57 | 010,945,776 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe -- (TeamViewer)
SRV - [2017/12/13 05:18:22 | 002,102,248 | ---- | M] (Plex, Inc.) [Auto | Running] -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Update Service.exe -- (PlexUpdateService)
SRV - [2017/12/09 08:53:45 | 000,272,384 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2017/12/05 08:12:04 | 000,022,304 | ---- | M] (Intel) [Auto | Running] -- C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe -- (DSAService)
SRV - [2017/11/21 09:33:42 | 000,332,144 | ---- | M] (HP Inc.) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe -- (HPSupportSolutionsFrameworkService)
SRV - [2017/11/15 18:54:37 | 006,086,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2017/11/02 06:57:00 | 000,071,512 | ---- | M] (Google Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe -- (chromoting)
SRV - [2017/10/24 18:03:24 | 000,493,792 | ---- | M] (Wondershare) [Disabled | Stopped] -- C:\Program Files (x86)\Wondershare\WAF\2.4.3.231\WsAppService.exe -- (WsAppService)
SRV - [2017/09/27 11:27:08 | 000,083,984 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2017/09/21 13:47:06 | 005,026,296 | ---- | M] (WIBU-SYSTEMS AG) [Disabled | Stopped] -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe -- (CodeMeter.exe)
SRV - [2017/08/23 11:51:32 | 002,257,016 | ---- | M] (Adobe Systems, Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe -- (AGSService)
SRV - [2017/08/17 10:34:04 | 014,545,920 | ---- | M] () [Disabled | Stopped] -- c:\wamp64\bin\mariadb\mariadb10.2.8\bin\mysqld.exe -- (wampmariadb64)
SRV - [2017/08/07 20:46:57 | 000,133,840 | ---- | M] (COMODO) [Disabled | Stopped] -- C:\Program Files (x86)\COMODO\Internet Security Essentials\isesrv.exe -- (isesrv)
SRV - [2017/07/07 12:41:30 | 000,029,184 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- c:\wamp64\bin\apache\apache2.4.27\bin\httpd.exe -- (wampapache64)
SRV - [2017/06/22 17:18:42 | 039,496,704 | ---- | M] () [Disabled | Stopped] -- c:\wamp64\bin\mysql\mysql5.7.19\bin\mysqld.exe -- (wampmysqld64)
SRV - [2017/04/05 15:09:10 | 000,317,400 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2017/01/18 18:12:30 | 001,276,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2017/01/18 18:11:32 | 001,611,368 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe -- (mobile_backup_status_server)
SRV - [2017/01/16 15:06:42 | 001,175,976 | ---- | M] (Acronis International GmbH) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe -- (AcronisActiveProtectionService)
SRV - [2017/01/16 00:26:42 | 000,752,224 | ---- | M] (DEVGURU Co., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- (ss_conn_service)
SRV - [2017/01/06 17:19:58 | 002,908,352 | ---- | M] (Acronis International GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe -- (mobile_backup_server)
SRV - [2016/12/23 12:54:26 | 005,098,008 | ---- | M] (Binary Fortress Software) [Disabled | Stopped] -- C:\Program Files (x86)\DisplayFusion\DisplayFusionService.exe -- (DisplayFusionService)
SRV - [2016/12/21 14:13:50 | 007,013,704 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe -- (syncagentsrv)
SRV - [2016/12/20 20:45:00 | 004,679,576 | ---- | M] (Acronis International GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe -- (mmsminisrv)
SRV - [2016/11/28 12:33:54 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdatem)
SRV - [2016/11/28 12:33:54 | 000,143,144 | ---- | M] (Dropbox, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe -- (dbupdate)
SRV - [2016/10/14 00:09:00 | 004,838,400 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PureVPN\vpnclient.exe -- (sevpnclient)
SRV - [2016/07/14 14:43:42 | 000,107,192 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2016/05/20 18:21:38 | 000,115,200 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Speech2Go Voice Package\IvonaVoiceService_x86.exe -- (S2Gvc32)
SRV - [2016/04/19 12:19:34 | 001,049,464 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2016/04/19 12:07:10 | 000,314,744 | R--- | M] (Western Digital Technologies, Inc.) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2016/01/16 03:00:29 | 000,067,224 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2015/08/22 13:28:30 | 000,365,120 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe -- (DragonSvc)
SRV - [2015/08/22 13:28:30 | 000,165,440 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nuance\loggerservice.exe -- (DragonLoggerService)
SRV - [2015/05/26 14:43:12 | 000,113,488 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Moborobo\MoboRoboDeviceService.exe -- (MoboroboDeviceService)
SRV - [2015/04/09 18:23:50 | 000,311,808 | ---- | M] (Windows (R) Win 7 DDK provider) [Disabled | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\AdminService.exe -- (AtherosSvc)
SRV - [2015/03/29 17:18:18 | 002,451,456 | ---- | M] (Realsil Microelectronics Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2014/05/13 10:15:46 | 001,710,456 | ---- | M] (Motorola Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2014/03/26 11:37:04 | 001,165,688 | ---- | M] (Motorola Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2014/03/26 11:36:30 | 001,206,648 | ---- | M] (Motorola Solutions, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2013/12/16 20:31:34 | 000,443,080 | ---- | M] () [Disabled | Stopped] -- C:\Windows\SysWOW64\GSService.exe -- (GSService)
SRV - [2012/12/16 01:09:50 | 000,139,264 | ---- | M] (SOURCENEXT) [Disabled | Stopped] -- C:\Windows\SysWOW64\bgsvcgen.exe -- (bgsvcgen)
SRV - [2011/05/10 08:30:32 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Mitchell1\OnDemand5\Mitchell1.Security.MachineTokenService.exe -- (MachineTokenService)
SRV - [2011/03/21 14:00:34 | 000,243,712 | ---- | M] (SMServer) [On_Demand | Stopped] -- C:\Windows\SysWOW64\snmvtsvc.exe -- (SMServer)
SRV - [2009/11/15 22:37:24 | 000,016,896 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\LBTService\LBTService.exe -- (LBTService)
SRV - [2008/12/12 17:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/11/13 13:43:49 | 000,204,800 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2005/11/17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [Disabled | Stopped] -- C:\Program Files (x86)\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - [2018/01/12 09:35:15 | 000,046,008 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtection)
DRV:[b]64bit:[/b] - [2018/01/12 09:33:36 | 000,110,016 | ---- | M] (Malwarebytes) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\farflt.sys -- (MBAMFarflt)
DRV:[b]64bit:[/b] - [2018/01/07 09:00:33 | 000,193,968 | ---- | M] (Malwarebytes) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\MbamChameleon.sys -- (MBAMChameleon)
DRV:[b]64bit:[/b] - [2018/01/07 09:00:16 | 000,253,880 | ---- | M] (Malwarebytes) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV:[b]64bit:[/b] - [2017/12/28 07:47:05 | 000,034,280 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:[b]64bit:[/b] - [2017/12/02 12:58:42 | 000,200,792 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TeeDriverx64.sys -- (MEIx64)
DRV:[b]64bit:[/b] - [2017/12/02 12:57:01 | 007,828,216 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:38 | 000,447,328 | ---- | M] (Acronis International GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\file_protector.sys -- (file_protector)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:37 | 000,375,136 | ---- | M] (Acronis International GmbH) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\file_tracker.sys -- (file_tracker)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:31 | 000,688,864 | ---- | M] (Acronis International GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tnd.sys -- (tnd)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:31 | 000,324,448 | ---- | M] (Acronis International GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\virtual_file.sys -- (virtual_file)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:31 | 000,214,360 | ---- | M] (Acronis International GmbH) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tib_mounter.sys -- (tib_mounter)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:30 | 001,310,560 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tib.sys -- (tib)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:25 | 000,370,016 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:[b]64bit:[/b] - [2017/11/15 18:54:24 | 000,181,600 | ---- | M] (Acronis International GmbH) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fltsrv.sys -- (fltsrv)
DRV:[b]64bit:[/b] - [2017/09/27 12:23:00 | 001,077,216 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:[b]64bit:[/b] - [2017/08/07 20:46:27 | 000,050,856 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\isedrv.sys -- (isedrv)
DRV:[b]64bit:[/b] - [2017/06/01 15:52:43 | 001,467,904 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:[b]64bit:[/b] - [2017/06/01 15:52:43 | 000,031,728 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:[b]64bit:[/b] - [2017/06/01 15:51:10 | 000,520,072 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:[b]64bit:[/b] - [2017/06/01 15:51:08 | 036,549,512 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:[b]64bit:[/b] - [2017/06/01 15:46:59 | 000,408,280 | ---- | M] (Realsil Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUer.sys -- (RTSUER)
DRV:[b]64bit:[/b] - [2017/06/01 15:43:10 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:[b]64bit:[/b] - [2017/06/01 15:41:56 | 000,600,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:[b]64bit:[/b] - [2017/06/01 15:41:55 | 000,172,760 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:[b]64bit:[/b] - [2017/06/01 15:41:46 | 000,038,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ICCWDT.sys -- (ICCWDT)
DRV:[b]64bit:[/b] - [2017/04/11 14:15:46 | 000,824,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:[b]64bit:[/b] - [2017/04/11 14:10:18 | 000,410,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:[b]64bit:[/b] - [2017/01/16 00:26:40 | 000,165,504 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:[b]64bit:[/b] - [2017/01/16 00:26:40 | 000,131,712 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:[b]64bit:[/b] - [2016/12/21 13:52:50 | 000,040,240 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:[b]64bit:[/b] - [2016/11/30 11:20:40 | 000,104,584 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evsbc8.sys -- (VSBC8)
DRV:[b]64bit:[/b] - [2016/11/30 11:20:40 | 000,021,128 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evserial8.sys -- (evserial8)
DRV:[b]64bit:[/b] - [2016/11/03 10:17:36 | 000,023,760 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:[b]64bit:[/b] - [2016/10/18 17:14:08 | 000,021,984 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\semav6msr64.sys -- (semav6msr64)
DRV:[b]64bit:[/b] - [2016/10/06 13:26:41 | 000,047,672 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtultrausbbus.sys -- (dtultrausbbus)
DRV:[b]64bit:[/b] - [2016/10/06 13:26:30 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtultrascsibus.sys -- (dtultrascsibus)
DRV:[b]64bit:[/b] - [2016/09/30 14:44:25 | 000,054,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:[b]64bit:[/b] - [2016/09/09 13:18:57 | 000,021,264 | ---- | M] (CyberLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CLMirrorDriver.sys -- (CLMirrorDriver)
DRV:[b]64bit:[/b] - [2016/08/29 18:17:22 | 000,067,736 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGJoyXlCore.sys -- (LGJoyXlCore)
DRV:[b]64bit:[/b] - [2016/08/29 18:17:22 | 000,036,496 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:[b]64bit:[/b] - [2016/08/29 18:17:22 | 000,026,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:[b]64bit:[/b] - [2016/08/02 19:21:42 | 000,039,040 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:[b]64bit:[/b] - [2016/07/21 14:55:38 | 000,029,744 | ---- | M] (PureVPN) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\neo_vpn.sys -- (Neo_VPN)
DRV:[b]64bit:[/b] - [2016/06/06 18:53:22 | 000,004,608 | ---- | M] (RealVNC Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vncmirror.sys -- (vncmirror)
DRV:[b]64bit:[/b] - [2016/05/09 07:17:16 | 000,229,648 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dlusbaudio_x64.sys -- (dlusbaudio)
DRV:[b]64bit:[/b] - [2016/05/09 07:17:15 | 000,058,640 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbIo_x64_7.9.1589.0.sys -- (DisplayLinkUsbIo_x64)
DRV:[b]64bit:[/b] - [2016/04/28 09:31:30 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:[b]64bit:[/b] - [2016/04/28 09:31:29 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:[b]64bit:[/b] - [2016/04/27 00:14:15 | 000,458,512 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:[b]64bit:[/b] - [2016/04/27 00:14:15 | 000,026,896 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:[b]64bit:[/b] - [2016/04/24 16:37:07 | 000,050,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:[b]64bit:[/b] - [2016/04/04 21:56:20 | 000,042,600 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys -- (SmbDrvI)
DRV:[b]64bit:[/b] - [2016/04/04 21:55:00 | 000,338,168 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:[b]64bit:[/b] - [2016/04/04 21:55:00 | 000,111,352 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt)
DRV:[b]64bit:[/b] - [2016/04/01 15:44:32 | 000,394,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:[b]64bit:[/b] - [2016/04/01 14:38:10 | 000,030,264 | ---- | M] (Disc Soft Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dtproscsibus.sys -- (dtproscsibus)
DRV:[b]64bit:[/b] - [2016/04/01 13:14:25 | 000,056,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:[b]64bit:[/b] - [2016/03/26 20:20:06 | 000,086,672 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:[b]64bit:[/b] - [2016/03/26 20:20:06 | 000,069,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:[b]64bit:[/b] - [2016/03/26 20:20:04 | 000,087,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:[b]64bit:[/b] - [2016/03/26 20:20:04 | 000,023,184 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:[b]64bit:[/b] - [2016/03/26 07:34:11 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:[b]64bit:[/b] - [2016/03/26 07:34:11 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:[b]64bit:[/b] - [2016/03/26 07:34:11 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:[b]64bit:[/b] - [2016/03/16 22:53:52 | 000,181,920 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiK075C.sys -- (SaiK075C)
DRV:[b]64bit:[/b] - [2016/03/16 22:46:46 | 000,051,616 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:[b]64bit:[/b] - [2016/01/26 11:23:25 | 000,015,104 | ---- | M] (Headsoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vjoy.sys -- (vhidmini)
DRV:[b]64bit:[/b] - [2016/01/26 10:07:29 | 000,038,400 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:[b]64bit:[/b] - [2016/01/22 15:26:41 | 000,023,968 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:[b]64bit:[/b] - [2016/01/22 15:12:12 | 000,326,784 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH075C.sys -- (SaiH075C)
DRV:[b]64bit:[/b] - [2016/01/18 14:47:57 | 011,761,928 | ---- | M] (Broadcom Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwl63a.sys -- (BCMWL63A)
DRV:[b]64bit:[/b] - [2016/01/17 10:36:40 | 000,032,464 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DDDriver64Dcsa.sys -- (DDDriver)
DRV:[b]64bit:[/b] - [2016/01/17 10:36:37 | 000,024,240 | ---- | M] (Dell Computer Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DellProf.sys -- (DellProf)
DRV:[b]64bit:[/b] - [2016/01/16 12:40:41 | 000,086,144 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:[b]64bit:[/b] - [2016/01/15 15:12:03 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\ampa.sys -- (ampa)
DRV:[b]64bit:[/b] - [2016/01/15 14:51:32 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:[b]64bit:[/b] - [2016/01/15 11:03:21 | 000,276,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmdcap.sys -- (U6000ALL)
DRV:[b]64bit:[/b] - [2016/01/15 11:03:11 | 000,050,072 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:[b]64bit:[/b] - [2016/01/15 11:03:06 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:[b]64bit:[/b] - [2015/06/21 14:13:48 | 000,014,184 | ---- | M] (Logitech) [Kernel | Auto | Running] -- C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\LgCoreTemp.sys -- (LGCoreTemp)
DRV:[b]64bit:[/b] - [2015/06/07 14:20:23 | 000,034,704 | ---- | M] (Arainia Solutions LLC) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gizmodrv.sys -- (GizmoDrv)
DRV:[b]64bit:[/b] - [2015/04/09 18:24:37 | 000,133,760 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:[b]64bit:[/b] - [2015/04/09 18:24:37 | 000,074,368 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:[b]64bit:[/b] - [2015/04/09 18:24:36 | 000,176,256 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:[b]64bit:[/b] - [2015/04/09 18:24:29 | 000,030,848 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:[b]64bit:[/b] - [2015/04/01 10:30:16 | 000,031,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pmxdrv.sys -- (pmxdrv)
DRV:[b]64bit:[/b] - [2015/04/01 08:44:58 | 000,023,112 | ---- | M] (SiSoftware) [Kernel | On_Demand | Stopped] -- C:\Program Files\SiSoftware\SiSoftware Sandra Professional Business 2011.SP4c\WNt500x64\sandra.sys -- (SANDRA)
DRV:[b]64bit:[/b] - [2015/03/29 17:18:18 | 000,252,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:[b]64bit:[/b] - [2015/03/29 16:47:24 | 000,020,464 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (%ServiceName%)
DRV:[b]64bit:[/b] - [2015/03/23 11:00:30 | 000,031,392 | ---- | M] (Tarlogic) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TRLNDISMON.sys -- (TRLNDISMON)
DRV:[b]64bit:[/b] - [2015/02/27 13:54:04 | 000,031,080 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VirtualAudio.sys -- (WsAudio_Device)
DRV:[b]64bit:[/b] - [2014/11/18 13:39:06 | 000,018,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:[b]64bit:[/b] - [2014/11/18 13:39:06 | 000,010,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:[b]64bit:[/b] - [2014/11/05 03:17:37 | 000,095,496 | ---- | M] (CyberLink) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CLVirtualBus01.sys -- (CLVirtualBus01)
DRV:[b]64bit:[/b] - [2014/09/02 17:01:16 | 000,041,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vbaudio_cable64_win7.sys -- (VBAudioVACMME)
DRV:[b]64bit:[/b] - [2014/08/12 16:27:38 | 000,022,568 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:[b]64bit:[/b] - [2014/05/19 09:47:18 | 000,087,864 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btmaud.sys -- (btmaudio)
DRV:[b]64bit:[/b] - [2014/05/13 10:17:06 | 000,141,624 | ---- | M] (Motorola Solutions, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:[b]64bit:[/b] - [2014/05/06 03:20:34 | 000,059,856 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\womic.sys -- (wovad_micarray)
DRV:[b]64bit:[/b] - [2013/09/30 16:26:50 | 000,019,152 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\pwdrvio.sys -- (pwdrvio)
DRV:[b]64bit:[/b] - [2013/09/30 16:26:48 | 000,012,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\pwdspio.sys -- (pwdspio)
DRV:[b]64bit:[/b] - [2013/02/28 19:49:12 | 000,036,600 | ---- | M] (Riverbed Technology, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (npf)
DRV:[b]64bit:[/b] - [2012/12/24 15:45:48 | 000,027,256 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtAudioBusSrv)
DRV:[b]64bit:[/b] - [2012/12/24 15:42:26 | 000,031,480 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (IvtPanBusSrv)
DRV:[b]64bit:[/b] - [2012/12/16 01:09:50 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cdrbsdrv.sys -- (cdrbsdrv)
DRV:[b]64bit:[/b] - [2012/09/21 13:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:[b]64bit:[/b] - [2012/09/21 13:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:[b]64bit:[/b] - [2012/03/23 05:54:38 | 000,027,288 | ---- | M] (Ekahau Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ekaprot6.sys -- (EkaProt6)
DRV:[b]64bit:[/b] - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:[b]64bit:[/b] - [2011/03/22 01:25:34 | 000,034,040 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV:[b]64bit:[/b] - [2010/11/20 21:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:[b]64bit:[/b] - [2010/11/20 21:23:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:[b]64bit:[/b] - [2010/10/04 08:40:18 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:[b]64bit:[/b] - [2010/03/18 17:11:09 | 000,030,272 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\Ckldrv.sys -- (NetworkX)
DRV:[b]64bit:[/b] - [2009/09/08 15:50:46 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\frmupgr.sys -- (DFUBTUSB)
DRV:[b]64bit:[/b] - [2009/08/26 06:48:44 | 000,071,040 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:[b]64bit:[/b] - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:[b]64bit:[/b] - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:[b]64bit:[/b] - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:[b]64bit:[/b] - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:[b]64bit:[/b] - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:[b]64bit:[/b] - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:[b]64bit:[/b] - [2009/03/13 10:55:38 | 000,318,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:[b]64bit:[/b] - [2009/01/08 10:55:04 | 000,129,280 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:[b]64bit:[/b] - [2008/12/26 11:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer)
DRV:[b]64bit:[/b] - [2008/12/12 17:05:18 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
DRV:[b]64bit:[/b] - [2008/12/12 17:05:18 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
DRV:[b]64bit:[/b] - [2008/08/28 00:12:10 | 000,051,240 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV - [2017/12/02 12:54:21 | 000,027,552 | ---- | M] (REALiX(tm)) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS -- (HWiNFO32)
DRV - [2016/03/27 22:00:26 | 000,029,624 | ---- | M] (CyberLink Corp.) [2016/11/07 09:42:03] [Kernel | Auto | Running] -- D:\CyberLink\PowerDVD16\Common\NavFilter\000.fcl -- ({41E8078B-96D9-42DC-8789-A1CF102CD880})
DRV - [2016/01/15 15:12:03 | 000,017,008 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\ampa.sys -- (ampa)
DRV - [2014/11/18 13:39:06 | 000,015,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2014/11/18 13:39:06 | 000,010,208 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/07/04 13:51:26 | 000,004,096 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2010/06/23 05:25:14 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/06/23 05:25:04 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE:[b]64bit:[/b] - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:[b]64bit:[/b] - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:[b]64bit:[/b] - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {24B3EC13-508C-416F-89A9-22FD1A447FBD}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,IE11UpgradePageShownTime = 82 90 84 9E C5 56 D1 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://amatureantics.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page_TIMESTAMP = 70 AF 89 F7 5A 8A D3 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SyncHomePage Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy = Reg Error: Value error.
IE - HKCU\..\SearchScopes,DefaultScope = {36257078-4C70-4312-A90E-A3841A005C51}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
IE - HKCU\..\SearchScopes\{36257078-4C70-4312-A90E-A3841A005C51}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.countryCode: "US"
FF - prefs.js..browser.search.hiddenOneOffs: "Yahoo,Bing,DuckDuckGo"
FF - prefs.js..browser.search.region: "US"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - user.js - File not found
 
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_27_0_0_187.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.151.2: C:\Program Files\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2: C:\Program Files\Java\jre1.8.0_151\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.4: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\nuance.com/DgnRia2_x86_64: C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\npDgnRia2_x64.dll (Nuance Communications, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_27_0_0_187.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1224194.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Web Player Plug-In,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=11.151.2: C:\Program Files (x86)\Java\jre1.8.0_151\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=11.151.2: C:\Program Files (x86)\Java\jre1.8.0_151\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office16\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@nullsoft.com/winampDetector;version=1: C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\Users\Steve\AppData\Roaming\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.2.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\nuance.com/DgnRia2: C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\npDgnRia2.dll (Nuance Communications, Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Steve\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Steve\AppData\Local\Google\Update\1.3.33.7\npGoogleUpdate3.dll (Google Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension.17@acrobat.adobe.com: C:\PROGRAM FILES (X86)\ADOBE\ACROBAT DC\ACROBAT\BROWSER\WCFIREFOXEXTN\WEBEXTN\SIGNED_EXTN\ADOBE_ACROBAT-1.0-WINDOWS.XPI [2017/11/27 15:04:02 | 000,467,907 | ---- | M] ()
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 57.0.4\extensions\\Components: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 57.0.4\extensions\\Plugins: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [2017/12/31 15:51:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2017/12/19 08:16:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\WSVCU@Wondershare.com: C:\ProgramData\Wondershare\Video Converter Ultimate\WSVCU@Wondershare.com_xpi [2017/12/13 10:39:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension.17@acrobat.adobe.com: C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Browser\WCFirefoxExtn\WebExtn\signed_extn\adobe_acrobat-1.0-windows.xpi [2017/11/27 15:04:02 | 000,467,907 | ---- | M] ()
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.5.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 52.5.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2017/12/02 16:57:39 | 000,000,000 | ---D | M]
 
[2016/01/15 11:36:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Extensions
[2017/11/14 09:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\SystemExtensionsDev
[2017/11/19 15:43:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\browser-extension-data
[2017/12/23 21:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\browser-extension-data\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2017/12/08 22:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\browser-extension-data\screenshots@mozilla.org
[2017/12/16 08:11:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\extensions
[2017/11/19 14:27:02 | 000,005,590 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\extensions\firefoxsearchtest@mozilla.com.xpi
[2017/12/14 10:11:37 | 000,535,494 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi
[2018/01/05 21:26:42 | 000,005,324 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\features\{636b9d0e-5382-4e0a-a185-b905e6ea15e9}\disable-js-shared-memory@mozilla.org.xpi
[2018/01/05 21:26:42 | 000,005,507 | ---- | M] () (No name found) -- C:\Users\Steve\AppData\Roaming\Mozilla\Firefox\Profiles\c5i5nvns.default-1511121226497\features\{636b9d0e-5382-4e0a-a185-b905e6ea15e9}\disable-media-wmf-nv12@mozilla.org.xpi
[2018/01/05 09:36:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2017/08/08 05:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2016/10/18 02:45:36 | 000,039,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.10_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.10_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl\2.17.926.0_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.2_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.3_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0\
CHR - Extension: No name found = C:\Users\Steve\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\6317.1002.0.5_0\
 
O1 HOSTS File: ([2018/01/02 17:59:04 | 000,000,285 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activation.acronis.com web-api-tih.acronis.com 
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com 
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2:[b]64bit:[/b] - BHO: (Dragon Web Extension For Internet Explorer) - {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\x64\dgnriaie_x64.dll (Nuance Communications, Inc.)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_151\bin\ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2:[b]64bit:[/b] - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
O2:[b]64bit:[/b] - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_151\bin\jp2ssv.dll (Oracle Corporation)
O2:[b]64bit:[/b] - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2 - BHO: (Wondershare Video Converter Ultimate 7.1.0) - {451C804F-C205-4F03-B48E-537EC94937BF} - C:\ProgramData\Wondershare\Video Converter Ultimate\WSBrowserAppMgr.dll (Wondershare)
O2 - BHO: (Dragon Web Extension For Internet Explorer) - {609C0837-8DD3-4F9B-AAC5-446F36BC0353} - C:\Program Files (x86)\Nuance\NaturallySpeaking14\Program\dgnriaie.dll (Nuance Communications, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Create 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_151\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe Acrobat Create PDF from Selection) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3:[b]64bit:[/b] - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DocuCom PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Create 7\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3:[b]64bit:[/b] - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe Acrobat Create PDF Toolbar) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (Adobe Systems Incorporated)
O4:[b]64bit:[/b] - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll (Motorola Solutions, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (COMODO)
O4:[b]64bit:[/b] - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:[b]64bit:[/b] - HKLM..\Run: [StartCN] C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [(default)]  File not found
O4 - HKLM..\Run: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (Acronis International GmbH)
O4 - HKLM..\Run: [DNS7reminder] C:\Program Files (x86)\Nuance\NaturallySpeaking14\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe ()
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKLM..\Run: [WDAppManager] C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [AutoSpell] C:\Program Files (x86)\Autospell60\autospel.exe (CompuBridge, Inc.)
O4 - HKCU..\Run: [GoogleChromeAutoLaunch_3E7806DA78C4352052F851DEE3FA5D4E] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
O4 - HKCU..\Run: [HP ENVY 4500 series (NET)] C:\Program Files\HP\HP ENVY 4500 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Development Company, LP)
O4 - HKCU..\Run: [Plex Media Server] C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe (Plex, Inc.)
O4 - Startup: C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutorun = 158
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: BtvStack = "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe" (Qualcomm Atheros)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run-Disabled: autochkENGD = "C:\ProgramData\colorcpl4h.bat"
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SoftwareSASGeneration = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings =  [binary data]
O8:[b]64bit:[/b] - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8:[b]64bit:[/b] - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8:[b]64bit:[/b] - Extra context menu item: spellchecker - C:\Program Files (x86)\Autospell60\IEspellchecker.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: spellchecker - C:\Program Files (x86)\Autospell60\IEspellchecker.htm ()
O9:[b]64bit:[/b] - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9:[b]64bit:[/b] - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software)
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (Hewlett-Packard)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O13[b]64bit:[/b] - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: appspot.com ([mighty-app] https in Trusted sites)
O15 - HKCU\..Trusted Domains: appspot.com ([textyserver] https in Trusted sites)
O15 - HKCU\..Trusted Domains: dell.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: mightytext.net ([]https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab (Java Plug-in 11.151.2)
O16 - DPF: {CAFEEFAC-0018-0000-00101-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0018-0000-0066-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_66-windows-i586.cab (Java Plug-in 1.8.0_66)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.8.0/jinstall-1_8_0_101-windows-i586.cab (Java Plug-in 11.151.2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}  (Reg Error: Value error.)
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/da2/PCPitStop2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C24DC08-7267-4FE1-997A-B433208D44BF}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C24DC08-7267-4FE1-997A-B433208D44BF}: NameServer = 8.8.8.8,8.8.4.4
O18:[b]64bit:[/b] - Protocol\Handler\belarc - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
O18:[b]64bit:[/b] - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\WSWSVCUchrome - No CLSID value found
O18:[b]64bit:[/b] - Protocol\Filter\AutorunsDisabled - No CLSID value found
O18 - Protocol\Filter\AutorunsDisabled - No CLSID value found
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: UserInit - (C:\Windows\System32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Program Files\Common Files\logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{118ba216-f853-11e5-9fdb-9cad97debd56}\Shell - "" = AutoRun
O33 - MountPoints2\{118ba216-f853-11e5-9fdb-9cad97debd56}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{118ba216-f853-11e5-9fdb-9cad97debd56}\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{118ba216-f853-11e5-9fdb-9cad97debd56}\Shell\install\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{176cc362-4bfa-11e7-9363-9cad97debd56}\Shell - "" = AutoRun
O33 - MountPoints2\{176cc362-4bfa-11e7-9363-9cad97debd56}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{2b4d4fa2-adbd-11e7-a234-9cad97debd56}\Shell - "" = AutoRun
O33 - MountPoints2\{2b4d4fa2-adbd-11e7-a234-9cad97debd56}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{37f3f52b-8b2a-11e6-8a8b-9cad97debd56}\Shell - "" = AutoRun
O33 - MountPoints2\{37f3f52b-8b2a-11e6-8a8b-9cad97debd56}\Shell\AutoRun\command - "" = E:\Setup.exe
O33 - MountPoints2\{5b47e24c-4c63-11e7-9adb-9cad97debd56}\Shell - "" = AutoRun
O33 - MountPoints2\{5b47e24c-4c63-11e7-9adb-9cad97debd56}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{de0e587a-4b14-11e7-a6a2-9cad97debd56}\Shell - "" = AutoRun
O33 - MountPoints2\{de0e587a-4b14-11e7-a6a2-9cad97debd56}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O33 - MountPoints2\{de0e58e5-4b14-11e7-a6a2-9cad97debd56}\Shell - "" = AutoRun
O33 - MountPoints2\{de0e58e5-4b14-11e7-a6a2-9cad97debd56}\Shell\AutoRun\command - "" = E:\VZW_Software_upgrade_assistant.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2018/01/12 11:56:06 | 000,000,000 | R--D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2018/01/12 09:33:36 | 000,110,016 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018/01/12 09:19:20 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\AdobeGC
[2018/01/11 18:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
[2018/01/11 15:33:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign0b8d3d695967b9c3
[2018/01/11 15:33:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd226c765582ec3bf
[2018/01/11 15:32:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignba2bced6d42b61c8
[2018/01/10 13:02:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign74dfb0792fdd0702
[2018/01/10 12:54:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign2f3e9b915b18394b
[2018/01/10 12:50:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign631e8946384dbd0e
[2018/01/08 15:45:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
[2018/01/08 15:15:16 | 000,051,016 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2018/01/08 15:15:16 | 000,045,672 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-dev.sys
[2018/01/08 15:15:16 | 000,045,640 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-stable.sys
[2018/01/08 15:15:16 | 000,045,640 | ---- | C] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-canary.sys
[2018/01/07 11:54:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\FileZilla
[2018/01/07 11:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla Client
[2018/01/07 11:53:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileZilla Client
[2018/01/07 09:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
[2018/01/07 09:00:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2018/01/06 19:54:43 | 000,000,000 | ---D | C] -- D:\Unnamed Site 5
[2018/01/06 19:53:06 | 000,000,000 | ---D | C] -- D:\Unnamed Site 4
[2018/01/06 14:34:47 | 000,000,000 | ---D | C] -- C:\AmatureAntics
[2018/01/06 13:21:26 | 000,000,000 | ---D | C] -- D:\amatureantics.com
[2018/01/04 11:12:56 | 000,000,000 | ---D | C] -- D:\HpReg_Backup
[2018/01/04 11:11:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\HPPSDr
[2018/01/04 09:53:30 | 000,000,000 | ---D | C] -- C:\bayside
[2018/01/03 08:35:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wampserver64
[2018/01/03 08:27:38 | 000,000,000 | ---D | C] -- C:\wamp64
[2018/01/02 14:05:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ambiera
[2018/01/02 08:00:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign0295d9209430d506
[2018/01/02 08:00:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignfce8cf05539b0db3
[2018/01/02 08:00:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf126e8a8891343a3
[2018/01/02 08:00:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign14c1545cadfd4eb7
[2018/01/02 07:59:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignec5f1cd7767026e2
[2017/12/31 19:06:10 | 000,000,000 | ---D | C] -- D:\OneNote Notebooks
[2017/12/31 15:17:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2017/12/31 15:13:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2017/12/31 14:11:21 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
[2017/12/31 14:09:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2017/12/31 14:09:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2017/12/31 14:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2017/12/31 14:09:17 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2017/12/30 20:01:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\OfficeBSCache-MyComputer
[2017/12/29 21:22:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign9a7a935e6075bdb2
[2017/12/29 21:21:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignbaff75a10b4ebf3b
[2017/12/29 21:17:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne12edf6eb661f96e
[2017/12/29 21:17:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc16f90a1cc47f04e
[2017/12/29 21:14:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigndf4deb126ef039ac
[2017/12/29 21:14:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8e24dfcf30b3b3a8
[2017/12/29 21:13:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign55ef84810ebd20c8
[2017/12/29 21:13:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3524d8307174c2d4
[2017/12/29 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignaf8b913da5266356
[2017/12/29 19:28:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign22e0bd1e63589188
[2017/12/29 16:06:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne95314b3ebf6d79a
[2017/12/29 16:06:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd5bde96724e7288b
[2017/12/29 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign819c7506002b05f4
[2017/12/29 15:58:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign0fd258ea275e1dc4
[2017/12/29 13:27:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign556be1e321d9b42a
[2017/12/29 13:17:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7969cb37004a332b
[2017/12/29 13:17:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign37908ed7725d2ca3
[2017/12/29 13:02:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign55183c73a7841c66
[2017/12/29 13:02:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign28932abaa8a2e028
[2017/12/29 11:33:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign4b0e117bdddd4862
[2017/12/29 11:32:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign411e58f29103e509
[2017/12/29 11:32:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne3ac130fa481f90f
[2017/12/29 11:24:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8c5b447a6e4f86b9
[2017/12/29 11:10:52 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf1b36188d9c956b6
[2017/12/29 11:10:52 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign25aa2512cdc155e0
[2017/12/29 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign92d58a6470687fdc
[2017/12/29 11:09:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign04976496af12a34d
[2017/12/29 10:52:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign38c340dc21e34f8a
[2017/12/29 10:44:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignea10d8d457cbc4e6
[2017/12/29 10:44:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3240906cb48c85a3
[2017/12/29 10:30:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignb96028c7142ab384
[2017/12/29 10:30:14 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd9b6312575af9e11
[2017/12/29 10:30:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3a677e6ed005d1e8
[2017/12/29 10:09:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign39627269bd62c3c4
[2017/12/29 10:09:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign17d3b33ed00dd567
[2017/12/29 10:09:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc8a2d9e8e9676364
[2017/12/29 10:09:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign5820290a45ada491
[2017/12/29 10:07:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign52164653746fc523
[2017/12/29 10:06:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne3693692698f6d89
[2017/12/29 10:02:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign9e4394cc23c3b496
[2017/12/29 10:02:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3e8ea9f0670eb749
[2017/12/29 09:29:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\TemplateToaster
[2017/12/29 09:27:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TemplateToaster 6
[2017/12/29 09:27:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TemplateToaster 6
[2017/12/29 08:31:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigncaa7e41eeb3e797f
[2017/12/29 08:31:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignafbda0458dd51ba5
[2017/12/28 23:09:00 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc85bb609bcc55d24
[2017/12/28 23:09:00 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigna2566ef50e97aafa
[2017/12/28 23:08:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign082fdf315ec7f09f
[2017/12/28 23:08:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf0708764b6d34de5
[2017/12/28 23:08:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne93dfb2f007cdf49
[2017/12/28 23:08:23 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignca327701c563905a
[2017/12/28 23:02:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign06c9c75114b0a683
[2017/12/28 23:01:00 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8939a877902d10d2
[2017/12/28 22:41:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign0fc2f657d736e1bf
[2017/12/28 22:37:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign6dc2212f2bb1cb4a
[2017/12/28 22:36:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign75845e7e4f05745a
[2017/12/28 22:36:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign327e13c9ac727d36
[2017/12/28 22:27:00 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign48814f84a01a012f
[2017/12/28 22:25:09 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigncf8235231bfb9b46
[2017/12/28 22:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign476fc30bcd8d77c8
[2017/12/28 22:24:03 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign92d724600b9ddcd5
[2017/12/28 17:13:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne429b07f95abcc05
[2017/12/28 16:58:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign19874120e93cb124
[2017/12/28 16:58:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignda32c9aa11b4fd82
[2017/12/28 16:58:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign686adb9291eb7142
[2017/12/28 16:52:24 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7fb75552427b981a
[2017/12/28 16:52:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigndbf3a0afe023c887
[2017/12/28 16:52:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign67b6e54beb368da9
[2017/12/28 16:52:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign51045b430888c0d9
[2017/12/28 16:35:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign4ea2e0b70e34e0ff
[2017/12/28 16:35:01 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign70d689ada6149acb
[2017/12/28 16:34:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8287f62e4f7f5a30
[2017/12/28 16:34:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign4b5a1c420a516419
[2017/12/28 16:33:17 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign6195268475654906
[2017/12/28 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign737c698f8f6e90c1
[2017/12/28 16:25:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc4aed6aa2b4ad6d9
[2017/12/28 16:25:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigncf07f081df7874ce
[2017/12/28 16:18:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignbfdc44ac19d1afae
[2017/12/28 16:18:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignfa458966146808d2
[2017/12/28 16:18:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigndb69981149cf874d
[2017/12/28 16:18:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign169d06c2a5c75ef5
[2017/12/28 10:43:10 | 000,000,000 | ---D | C] -- D:\popcorn
[2017/12/26 14:40:02 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2017/12/26 12:43:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Logitech
[2017/12/25 16:20:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\ElevatedDiagnostics
[2017/12/25 09:59:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\wp-content
[2017/12/24 20:39:51 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2017/12/24 20:16:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2017/12/24 20:04:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigned4ed5acc15e5cf7
[2017/12/24 20:04:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign101ba63736772616
[2017/12/24 19:56:59 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc329c92829c5ab4c
[2017/12/24 19:55:12 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd0a790f7997b9c23
[2017/12/24 19:53:57 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign9ea73924a8c20347
[2017/12/24 19:53:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign146277b011c23356
[2017/12/24 19:53:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc97e179565fa2967
[2017/12/24 12:15:35 | 000,046,008 | ---- | C] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2017/12/24 10:55:00 | 000,000,000 | ---D | C] -- C:\INET
[2017/12/23 19:41:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign4c073975490f41b6
[2017/12/23 19:22:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign09dd2d57e197b217
[2017/12/23 19:19:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignb7c9d28058c315e9
[2017/12/23 19:17:28 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign2222d05cfc465435
[2017/12/23 19:17:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign776f911496b7ade7
[2017/12/23 19:17:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign4bef43997b40f8e4
[2017/12/23 18:55:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf5efa3d0b788038c
[2017/12/23 18:55:58 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd78829b3b40c2d7a
[2017/12/23 18:54:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign1c5334b0629dc855
[2017/12/23 18:54:01 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8ae8cd582f29a5bb
[2017/12/23 18:52:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc570dc2755bdef4f
[2017/12/23 18:52:45 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign430a1290e3369422
[2017/12/23 18:52:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignbfa1637407ed780e
[2017/12/22 14:42:18 | 000,000,000 | ---D | C] -- D:\Unnamed Site 3
[2017/12/22 14:41:26 | 000,000,000 | ---D | C] -- D:\Unnamed Site 2
[2017/12/22 11:18:40 | 000,000,000 | ---D | C] -- D:\AA
[2017/12/20 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7581e7e499bb2671
[2017/12/20 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7264c018a1bb9ed1
[2017/12/20 21:56:50 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign6a2c5b4749e06a88
[2017/12/20 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignec5dafcf4b858387
[2017/12/20 21:42:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne4a85f53b9dd0e0f
[2017/12/20 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign54752ff632d59558
[2017/12/20 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignfae8f0dd38b9b9eb
[2017/12/20 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignb8080020eba81b04
[2017/12/20 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign1ed6305ef689d857
[2017/12/20 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignfa57e135aab1369a
[2017/12/20 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigndc0c5c9f19309920
[2017/12/20 21:38:44 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign2fed34c7960ccb27
[2017/12/20 21:13:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign2b6177dd719c2c81
[2017/12/20 21:12:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign35448f6aa03a2245
[2017/12/20 21:12:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignbc75b540afa1be65
[2017/12/20 21:12:05 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign23496aaecd9e7c8c
[2017/12/20 21:12:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign50a5c92b9d80c158
[2017/12/20 16:38:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign305f6a604ebf65b9
[2017/12/20 16:38:38 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignefae9701290c127f
[2017/12/20 16:38:20 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign9f648a77e4772961
[2017/12/20 16:38:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc133c724b980ea6a
[2017/12/20 16:38:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf8eda69652c4a680
[2017/12/20 14:33:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign4133908887a9d7a1
[2017/12/20 14:33:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign122a2d2cb5805299
[2017/12/20 14:33:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigndc75d3c6501f6396
[2017/12/20 14:33:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign60440ba596c3c9b3
[2017/12/20 14:32:52 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3ece5d5eb7dd915c
[2017/12/20 14:31:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne41e18ebefd80bb9
[2017/12/20 14:31:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigna02d8cb4be2c392a
[2017/12/20 14:31:37 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignad5c929d778915d7
[2017/12/20 14:31:36 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8fa410ecf211cd28
[2017/12/20 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc7b773bd87e10cf5
[2017/12/20 14:31:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign39eccc21ae70eb4e
[2017/12/20 14:30:31 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign08497045204f428d
[2017/12/20 14:30:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign03ddd91ef18c7aa7
[2017/12/20 14:29:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign863d4a7f488dead7
[2017/12/20 14:29:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign82f134dd779d8262
[2017/12/19 20:16:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd05526b63e9443d1
[2017/12/19 20:16:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigna601e82aebfc4204
[2017/12/19 20:16:16 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign1d3e9a615cc8c46c
[2017/12/19 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignfd3a655fec811dca
[2017/12/19 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign573848150da03383
[2017/12/19 20:12:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign39c9dec23b1862b9
[2017/12/19 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigna6690331c7ed1e18
[2017/12/19 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign301bed753fc3b68f
[2017/12/19 20:09:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign12f7f27294d4c5cc
[2017/12/19 20:04:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne9bed8b24e9714d7
[2017/12/19 20:04:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignce0cca69837cbf48
[2017/12/19 20:04:18 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7db82064a8cfd4e9
[2017/12/19 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignb7fccc904b4398bd
[2017/12/19 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7c2b206366513c1b
[2017/12/19 19:52:53 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3e0f4e3b7528d9ed
[2017/12/19 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignbe2acbf9af3ed10b
[2017/12/19 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign64618f851e637c38
[2017/12/19 19:49:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign0ad3bcb5dad3ab04
[2017/12/19 19:48:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignabafb9ab02ff3e0b
[2017/12/19 19:48:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignaa6485b2aa8d4114
[2017/12/19 19:48:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3ae2d4e9076e9b7e
[2017/12/19 19:46:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigncb31c8454becbc53
[2017/12/19 19:46:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign9df3031691a0eb6a
[2017/12/19 19:46:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3c49f0acddfd3d78
[2017/12/19 19:46:09 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign223e245c65c1e323
[2017/12/19 19:43:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign947cb1fe7fbec013
[2017/12/19 19:43:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc51039129a80729f
[2017/12/19 19:43:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign517816f9b9997a3c
[2017/12/19 19:42:52 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignb5e17450b4b6842f
[2017/12/19 19:42:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne984e82310cf6e16
[2017/12/19 19:41:09 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7abcfe29da6c1b0f
[2017/12/19 19:41:06 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc9819293af31631a
[2017/12/19 19:38:39 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign395414572d9382c4
[2017/12/19 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign86fb610d27bd73cb
[2017/12/19 19:38:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign58a6ff2152788009
[2017/12/19 19:30:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign60a879bf2b2884d8
[2017/12/19 19:29:22 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign3d85437c88468b00
[2017/12/19 19:29:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigne9653fd559948ed4
[2017/12/19 19:29:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign9423fc174b67dcd6
[2017/12/19 19:17:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc6390e86cdeafc14
[2017/12/19 19:15:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd8714e103b00003a
[2017/12/19 19:15:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign48cc9823b129228e
[2017/12/19 19:15:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign5295591bb68abe0b
[2017/12/19 19:09:27 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign1b0cabbb44bda8a8
[2017/12/19 19:06:34 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf991017ae9b8047e
[2017/12/19 19:05:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign2a1020ec83c17c7b
[2017/12/19 19:05:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign23b6e2be0f9c7057
[2017/12/19 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigncf4e616d2f8259bb
[2017/12/19 19:03:51 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc314fc4c943eb2b5
[2017/12/19 15:54:08 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignae1d778317c2104e
[2017/12/19 15:51:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd49558c9d51ab01f
[2017/12/19 15:51:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigned3e34aab67b5722
[2017/12/19 15:51:54 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignbf5ceaf29c8b54f1
[2017/12/19 15:51:21 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign6073341b7c5b0afe
[2017/12/19 15:48:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign14d0051877249a79
[2017/12/19 15:48:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignfc4a195d0794a5f7
[2017/12/19 15:48:04 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigndb94bd7fd58af379
[2017/12/19 15:43:48 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignfd5aa9167dce97f1
[2017/12/19 15:40:10 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignc24878c3134caf12
[2017/12/19 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf1098d1b91c1392f
[2017/12/19 15:38:56 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign80a6ac3b3f09a4e7
[2017/12/19 14:55:15 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8efb5acc343581c0
[2017/12/19 14:53:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignade6cda806da5e2f
[2017/12/19 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd7dc031766d5c07f
[2017/12/19 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign4510352255e65d47
[2017/12/19 14:52:35 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign399412076fa81487
[2017/12/19 14:19:11 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign97185eeff2123dd6
[2017/12/19 14:16:46 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign47457790f0635d35
[2017/12/19 14:15:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign5f68ec18e808a59f
[2017/12/19 14:15:42 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign1db0514ed6d9d17a
[2017/12/19 14:14:49 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsigndd087e565d63299b
[2017/12/19 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign7f755413554c080e
[2017/12/19 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign337aa1cf5a4d8e56
[2017/12/19 14:14:40 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign04f91ecefb25fb28
[2017/12/19 14:07:13 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignd00b405b9bfa6393
[2017/12/19 14:06:47 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignb27652368eccf5d6
[2017/12/19 14:06:26 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign6c589bc135570e29
[2017/12/19 14:06:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign8f1da76e23e91788
[2017/12/19 14:06:25 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign228a06f129121f5e
[2017/12/19 14:01:07 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign9696dabd17b6ad8a
[2017/12/19 14:00:41 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign38ad614877673286
[2017/12/19 14:00:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsignf3055a70525353cc
[2017/12/19 14:00:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign64550f02bc9b1489
[2017/12/19 14:00:30 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\Tempzxpsign6350c77bd89dc680
[2017/12/19 10:33:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver and Support Assistant
[2017/12/19 10:33:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel Driver and Support Assistant
[2017/12/19 10:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\Intel Driver and Support Assistant
[2017/12/19 09:33:33 | 000,000,000 | ---D | C] -- C:\Users\Steve\Intel
[2017/12/19 08:16:30 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2017/12/18 09:31:19 | 000,000,000 | ---D | C] -- C:\Users\Steve\dwhelper
[2017/12/16 20:54:55 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Roaming\Google
[2017/12/16 10:25:37 | 000,000,000 | ---D | C] -- C:\Users\Steve\AppData\Local\SoftHardware
[2017/12/16 10:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TweakPrefetch
[2017/12/15 08:06:16 | 000,000,000 | RH-D | C] -- C:\Users\Steve\Creative Cloud Files
[2017/12/14 16:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
[2017/12/14 16:09:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Plex
[2017/12/14 09:10:16 | 000,000,000 | ---D | C] -- D:\bayside
[2017/06/07 21:48:51 | 000,067,584 | ---- | C] (Genry) -- C:\ProgramData\ISTask.dll
[2016/02/14 09:21:21 | 003,429,056 | ---- | C] (COMODO) -- C:\ProgramData\cis4CB8.exe
[2016/02/14 09:18:29 | 003,429,056 | ---- | C] (COMODO) -- C:\ProgramData\cisAC26.exe
[2 D:\*.tmp files -> D:\*.tmp -> ]
[1 C:\Users\Steve\AppData\Local\*.tmp files -> C:\Users\Steve\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2018/01/12 13:35:30 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2018/01/12 12:46:18 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineUA.job
[2018/01/12 12:45:24 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\DropboxUpdateTaskMachineCore.job
[2018/01/12 12:16:17 | 000,023,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2018/01/12 12:16:16 | 000,023,632 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2018/01/12 11:58:07 | 000,008,192 | ---- | M] () -- C:\Windows\SysWow64\WDPABKP.dat
[2018/01/12 11:51:51 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\spu_storage.bin
[2018/01/12 11:26:46 | 000,007,636 | ---- | M] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2018/01/12 09:40:39 | 000,000,068 | RHS- | M] () -- C:\Windows\SysNative\drivers\womic.winsecurity
[2018/01/12 09:35:15 | 000,046,008 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbam.sys
[2018/01/12 09:33:36 | 000,110,016 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\farflt.sys
[2018/01/11 22:02:42 | 000,000,262 | ---- | M] () -- C:\Users\Steve\Desktop\How to set HTML page properties and CSS properties in a Dreamweaver page.URL
[2018/01/11 09:57:32 | 000,002,864 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2018/01/10 10:29:50 | 000,107,953 | ---- | M] () -- D:\Gangster squad.rtf
[2018/01/10 08:20:27 | 000,001,397 | ---- | M] () -- C:\Users\Steve\Desktop\easytube-child.lnk
[2018/01/09 14:48:27 | 000,042,550 | ---- | M] () -- D:\Grocery.rtf
[2018/01/09 08:00:54 | 000,922,744 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2018/01/09 08:00:54 | 000,751,890 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2018/01/09 08:00:54 | 000,154,196 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2018/01/09 02:45:37 | 000,000,000 | ---- | M] () -- C:\Users\Steve\AppData\Local\{F96F9B65-8E61-4465-A719-75292FF77D67}
[2018/01/08 18:20:17 | 000,051,528 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdcsr.dll
[2018/01/08 18:20:05 | 000,710,920 | ---- | M] (COMODO) -- C:\Windows\SysWow64\guard32.dll
[2018/01/08 18:19:59 | 000,924,984 | ---- | M] (COMODO) -- C:\Windows\SysNative\guard64.dll
[2018/01/08 18:17:29 | 000,467,368 | ---- | M] (COMODO) -- C:\Windows\SysNative\cmdvrt64.dll
[2018/01/08 18:15:53 | 000,371,112 | ---- | M] (COMODO) -- C:\Windows\SysWow64\cmdvrt32.dll
[2018/01/08 15:44:34 | 000,002,239 | ---- | M] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2018/01/08 15:44:29 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2018/01/08 15:15:16 | 000,051,016 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\DbxSvc.exe
[2018/01/08 15:15:16 | 000,045,672 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-dev.sys
[2018/01/08 15:15:16 | 000,045,640 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-stable.sys
[2018/01/08 15:15:16 | 000,045,640 | ---- | M] (Dropbox, Inc.) -- C:\Windows\SysNative\drivers\dbx-canary.sys
[2018/01/07 11:53:19 | 000,001,924 | ---- | M] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2018/01/07 09:00:33 | 000,193,968 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\MbamChameleon.sys
[2018/01/07 09:00:16 | 000,253,880 | ---- | M] (Malwarebytes) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2018/01/07 09:00:14 | 000,001,827 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/01/06 10:56:22 | 000,000,351 | ---- | M] () -- C:\Users\Steve\ovtr.properties
[2018/01/04 14:56:56 | 000,002,554 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\SAS7_000.DAT
[2018/01/03 08:37:25 | 000,001,445 | ---- | M] () -- C:\Users\Public\Desktop\Wampserver64.lnk
[2018/01/02 18:02:54 | 000,001,024 | ---- | M] () -- C:\Users\Steve\Desktop\Adobe Dreamweaver CC 2015.lnk
[2018/01/02 18:02:25 | 005,346,048 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2018/01/02 10:23:33 | 000,001,169 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2018/01/02 08:00:01 | 000,000,033 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\AdobeWLCMCache.dat
[2018/01/01 21:52:10 | 000,001,104 | ---- | M] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2018/01/01 21:12:11 | 000,000,270 | ---- | M] () -- C:\Users\Steve\Desktop\How to make a website part 5, style with CSS Adobe Dreamweaver CC tutorials.URL
[2018/01/01 13:24:03 | 000,000,271 | ---- | M] () -- C:\Users\Steve\Desktop\How to make a website part 4, add html5 elements Adobe Dreamweaver CC tutorials.URL
[2017/12/30 11:19:28 | 000,000,272 | ---- | M] () -- C:\Users\Steve\Desktop\How to make a website in Dreamweaver part 2, add HTML content Adobe Dreamweaver CC tutorials.URL
[2017/12/30 11:19:21 | 000,000,271 | ---- | M] () -- C:\Users\Steve\Desktop\How to make a website in Dreamweaver part 1, site setup Adobe Dreamweaver CC tutorials.URL
[2017/12/29 19:30:17 | 000,001,456 | ---- | M] () -- C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
[2017/12/29 09:27:59 | 000,001,065 | ---- | M] () -- C:\Users\Public\Desktop\TemplateToaster 6.lnk
[2017/12/28 07:47:05 | 000,034,280 | ---- | M] (COMODO) -- C:\Windows\SysNative\drivers\cmderd.sys
[2017/12/26 21:38:48 | 000,000,498 | ---- | M] () -- C:\Users\Steve\Desktop\Rocket Account.URL
[2017/12/25 22:12:00 | 000,000,765 | ---- | M] () -- C:\Users\Steve\Desktop\www.lnk
[2017/12/24 20:39:00 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Steve\Desktop\TFC.exe
[2017/12/23 09:49:43 | 000,000,878 | ---- | M] () -- C:\Users\Steve\Desktop\test.lnk
[2017/12/22 20:55:38 | 000,000,236 | ---- | M] () -- C:\Users\Steve\Desktop\JW Player Dashboard.URL
[2017/12/20 21:40:37 | 000,002,423 | ---- | M] () -- C:\Users\Steve\Desktop\Adobe Illustrator CC 2017.lnk
[2017/12/20 16:37:56 | 000,001,000 | ---- | M] () -- C:\Users\Steve\Desktop\Adobe Photoshop CC 2017.lnk
[2017/12/19 20:20:51 | 000,000,000 | ---- | M] () -- C:\Users\Steve\AppData\Local\{95DE75AC-C016-488F-97D4-AB93F2EDBB3C}
[2017/12/19 11:36:27 | 000,000,239 | ---- | M] () -- C:\Users\Steve\Desktop\Local TV listings for 72756, Rogers, Arkansas.URL
[2017/12/17 21:18:30 | 000,001,584 | ---- | M] () -- C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
[2017/12/13 22:30:43 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 D:\*.tmp files -> D:\*.tmp -> ]
[1 C:\Users\Steve\AppData\Local\*.tmp files -> C:\Users\Steve\AppData\Local\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2018/01/12 11:10:08 | 000,001,104 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
[2018/01/11 22:02:42 | 000,000,262 | ---- | C] () -- C:\Users\Steve\Desktop\How to set HTML page properties and CSS properties in a Dreamweaver page.URL
[2018/01/10 08:20:27 | 000,001,397 | ---- | C] () -- C:\Users\Steve\Desktop\easytube-child.lnk
[2018/01/09 02:44:01 | 000,000,000 | ---- | C] () -- C:\Users\Steve\AppData\Local\{F96F9B65-8E61-4465-A719-75292FF77D67}
[2018/01/08 15:44:29 | 000,002,239 | ---- | C] () -- C:\Users\Steve\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2018/01/08 15:44:29 | 000,002,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2018/01/08 15:44:29 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2018/01/07 11:53:19 | 000,001,924 | ---- | C] () -- C:\Users\Public\Desktop\FileZilla Client.lnk
[2018/01/07 09:00:14 | 000,001,827 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2018/01/07 09:00:12 | 000,077,432 | ---- | C] () -- C:\Windows\SysNative\drivers\mbae64.sys
[2018/01/03 08:35:06 | 000,001,445 | ---- | C] () -- C:\Users\Public\Desktop\Wampserver64.lnk
[2018/01/02 18:02:54 | 000,001,024 | ---- | C] () -- C:\Users\Steve\Desktop\Adobe Dreamweaver CC 2015.lnk
[2018/01/02 17:09:27 | 000,001,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Dreamweaver CC 2015.lnk
[2018/01/02 10:23:33 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
[2018/01/02 10:23:33 | 000,001,169 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
[2018/01/01 21:12:11 | 000,000,270 | ---- | C] () -- C:\Users\Steve\Desktop\How to make a website part 5, style with CSS Adobe Dreamweaver CC tutorials.URL
[2017/12/31 15:22:38 | 000,002,857 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
[2017/12/31 15:22:38 | 000,002,833 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
[2017/12/31 15:22:38 | 000,002,811 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
[2017/12/31 15:22:38 | 000,002,805 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
[2017/12/31 15:22:38 | 000,002,785 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
[2017/12/31 15:22:38 | 000,002,777 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
[2017/12/31 15:22:38 | 000,002,769 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
[2017/12/30 22:34:47 | 000,000,271 | ---- | C] () -- C:\Users\Steve\Desktop\How to make a website part 4, add html5 elements Adobe Dreamweaver CC tutorials.URL
[2017/12/30 11:19:28 | 000,000,272 | ---- | C] () -- C:\Users\Steve\Desktop\How to make a website in Dreamweaver part 2, add HTML content Adobe Dreamweaver CC tutorials.URL
[2017/12/29 09:27:59 | 000,001,065 | ---- | C] () -- C:\Users\Public\Desktop\TemplateToaster 6.lnk
[2017/12/27 15:08:15 | 000,001,003 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 13.lnk
[2017/12/26 21:38:48 | 000,000,498 | ---- | C] () -- C:\Users\Steve\Desktop\Rocket Account.URL
[2017/12/25 22:12:00 | 000,000,765 | ---- | C] () -- C:\Users\Steve\Desktop\www.lnk
[2017/12/23 09:49:43 | 000,000,878 | ---- | C] () -- C:\Users\Steve\Desktop\test.lnk
[2017/12/22 20:55:38 | 000,000,236 | ---- | C] () -- C:\Users\Steve\Desktop\JW Player Dashboard.URL
[2017/12/20 21:40:37 | 000,002,423 | ---- | C] () -- C:\Users\Steve\Desktop\Adobe Illustrator CC 2017.lnk
[2017/12/20 21:38:07 | 000,002,423 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2017.lnk
[2017/12/20 16:37:56 | 000,001,000 | ---- | C] () -- C:\Users\Steve\Desktop\Adobe Photoshop CC 2017.lnk
[2017/12/20 16:35:55 | 000,001,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2017.lnk
[2017/12/19 20:20:51 | 000,000,000 | ---- | C] () -- C:\Users\Steve\AppData\Local\{95DE75AC-C016-488F-97D4-AB93F2EDBB3C}
[2017/12/19 15:51:14 | 000,001,456 | ---- | C] () -- C:\Users\Steve\AppData\Local\Adobe Save for Web 13.0 Prefs
[2017/12/19 14:00:20 | 000,000,033 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\AdobeWLCMCache.dat
[2017/12/19 11:36:27 | 000,000,239 | ---- | C] () -- C:\Users\Steve\Desktop\Local TV listings for 72756, Rogers, Arkansas.URL
[2017/12/15 07:27:55 | 000,000,271 | ---- | C] () -- C:\Users\Steve\Desktop\How to make a website in Dreamweaver part 1, site setup Adobe Dreamweaver CC tutorials.URL
[2017/12/10 09:00:07 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\WDPABKP.dat
[2017/11/24 13:17:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\REMOTEDEVICE.INI
[2017/11/18 18:21:47 | 000,000,207 | ---- | C] () -- C:\Windows\tweaking.com-regbackup-BERT-Windows-7-Ultimate-(64-bit).dat
[2017/11/01 15:40:08 | 000,000,439 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2017/10/09 09:30:08 | 000,000,816 | ---- | C] () -- C:\Windows\ampa.ini
[2017/10/09 08:47:00 | 001,809,520 | ---- | C] () -- C:\Windows\ampa.exe
[2017/09/01 17:02:49 | 000,638,976 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2017/09/01 17:02:49 | 000,235,520 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2017/08/09 10:46:26 | 000,518,144 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2017/06/24 09:20:44 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2017/06/07 18:01:26 | 000,015,008 | ---- | C] () -- C:\Windows\SysWow64\drivers\MoboroboAssDriver64.sys
[2017/06/01 15:52:32 | 000,356,744 | ---- | C] () -- C:\Windows\SysWow64\GameManager32.dll
[2017/06/01 15:50:51 | 000,325,512 | ---- | C] () -- C:\Windows\SysWow64\atieah32.exe
[2017/06/01 15:47:18 | 000,351,624 | ---- | C] () -- C:\Windows\SysWow64\amdgfxinfo32.dll
[2017/05/23 11:53:02 | 000,721,263 | ---- | C] () -- C:\Windows\SysWow64\WSCM64.dll
[2017/05/23 11:53:02 | 000,214,528 | ---- | C] () -- C:\Windows\SysWow64\WSCM32.dll
[2017/05/08 11:26:12 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2017/05/04 09:07:46 | 000,000,126 | ---- | C] () -- C:\Windows\QUICKEN.INI
[2017/03/25 21:32:21 | 000,001,362 | ---- | C] () -- C:\Users\Steve\advanced_ip_scanner_MAC.bin
[2017/03/25 21:32:21 | 000,000,081 | ---- | C] () -- C:\Users\Steve\advanced_ip_scanner_Aliases.bin
[2017/03/14 10:42:16 | 000,000,028 | ---- | C] () -- C:\Windows\Autospel.INI
[2017/02/27 08:12:54 | 000,000,004 | ---- | C] () -- C:\Windows\vx86036.dat
[2017/02/27 08:07:05 | 000,000,055 | ---- | C] () -- C:\Windows\Crypkey.ini
[2017/02/27 08:07:04 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2017/02/19 10:21:14 | 000,092,959 | ---- | C] () -- C:\Windows\News Rover Uninstaller.exe
[2017/02/16 16:30:20 | 000,012,542 | ---- | C] () -- C:\Program Files (x86)\Common Files\client.wyc
[2016/11/27 23:46:57 | 000,000,001 | ---- | C] () -- C:\Users\Steve\AppData\Local\llftool.4.25.agreement
[2016/11/05 20:29:07 | 000,000,703 | ---- | C] () -- C:\Windows\NewsRover.INI
[2016/10/11 10:33:48 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2016/10/11 10:13:35 | 000,000,016 | ---- | C] () -- C:\ProgramData\mntemp
[2016/10/09 10:47:41 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1.dll
[2016/10/09 10:47:41 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo.exe
[2016/10/04 20:18:52 | 000,233,352 | ---- | C] () -- C:\Windows\SysWow64\hsa-thunk.dll
[2016/09/29 08:33:02 | 000,030,601 | ---- | C] () -- C:\Users\Steve\x.exe
[2016/09/17 13:46:55 | 000,012,288 | ---- | C] () -- C:\Users\Steve\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2016/09/17 10:52:07 | 000,004,896 | ---- | C] () -- C:\ProgramData\uxxadbmu.rlu
[2016/09/09 12:25:58 | 000,269,600 | ---- | C] () -- C:\Windows\SysWow64\vulkan-1-1-0-26-0.dll
[2016/09/09 12:25:28 | 000,110,880 | ---- | C] () -- C:\Windows\SysWow64\vulkaninfo-1-1-0-26-0.exe
[2016/09/08 13:46:50 | 000,069,424 | ---- | C] () -- C:\Windows\SysWow64\VMProtectSDK32.dll
[2016/09/08 13:46:10 | 000,341,296 | ---- | C] () -- C:\Windows\SysWow64\IVTCredentialProvider.dll
[2016/09/08 13:44:32 | 000,271,664 | ---- | C] () -- C:\Windows\SysWow64\Adpush.dll
[2016/09/07 11:31:39 | 000,005,002 | ---- | C] () -- C:\ProgramData\kaevcwgh.slj
[2016/08/30 09:59:54 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2016/08/13 08:47:26 | 012,067,328 | ---- | C] () -- C:\Windows\SysWow64\drivers\snp2sxp.sys
[2016/08/13 08:47:26 | 000,151,552 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2std.dll
[2016/08/13 08:47:26 | 000,025,472 | ---- | C] () -- C:\Windows\SysWow64\drivers\sncamd.sys
[2016/07/02 21:21:30 | 000,073,220 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2016/07/02 21:21:30 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2016/07/02 21:21:30 | 000,029,114 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2016/07/02 21:21:30 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2016/07/02 21:21:30 | 000,021,021 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2016/07/02 21:21:30 | 000,015,670 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2016/07/02 21:21:30 | 000,013,280 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2016/07/02 21:21:30 | 000,010,673 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2016/07/02 21:21:30 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2016/07/02 21:21:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2016/07/02 21:21:30 | 000,001,140 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2016/07/02 21:21:30 | 000,001,137 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2016/07/02 21:21:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2016/07/02 21:21:30 | 000,001,130 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2016/07/02 21:21:30 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2016/07/02 21:21:30 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2016/06/30 07:15:55 | 000,000,028 | ---- | C] () -- C:\Users\Steve\AppData\Local\X-Plane Installer.prf
[2016/05/31 15:10:51 | 000,008,354 | ---- | C] () -- C:\Users\Steve\AppData\Local\recently-used.xbel
[2016/05/30 11:07:02 | 000,000,132 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Adobe BMP Format CS6 Prefs
[2016/05/30 10:16:05 | 000,000,132 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Adobe Targa Format CS6 Prefs
[2016/04/26 19:22:45 | 000,000,232 | ---- | C] () -- C:\Windows\SysWow64\dllhost.exe.config
[2016/04/14 07:43:40 | 000,000,553 | ---- | C] () -- C:\Users\Steve\asus.dat
[2016/04/04 21:54:23 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2016/04/03 13:26:20 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2016/04/03 13:26:20 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2016/04/03 13:26:20 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2016/04/03 13:26:20 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2016/04/01 20:54:48 | 011,575,296 | ---- | C] () -- C:\Windows\SysWow64\gsdll32.dll
[2016/04/01 20:54:48 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\gswin32.exe
[2016/04/01 20:54:48 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\gswin32c.exe
[2016/03/24 17:19:40 | 000,003,242 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\glide_wrapper.zbag.ini
[2016/03/24 17:17:05 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\glide2x.dll
[2016/03/24 17:17:05 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\glide3x.dll
[2016/03/24 16:15:06 | 000,060,809 | ---- | C] () -- C:\Windows\SysWow64\nglide_uninst.exe
[2016/03/21 16:20:39 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\UNZDLL.DLL
[2016/03/18 11:03:29 | 019,136,512 | ---- | C] () -- C:\Users\Steve\energy-ntkl.etl
[2016/03/18 11:03:29 | 000,196,608 | ---- | C] () -- C:\Users\Steve\energy-trace.etl
[2016/03/17 16:25:26 | 000,000,041 | -H-- | C] () -- C:\Windows\SysWow64\MCIMPLE.DLL
[2016/03/17 16:21:03 | 000,000,026 | -H-- | C] () -- C:\Windows\SysWow64\MCIFXLE.DLL
[2016/02/12 15:54:43 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dat
[2016/02/11 13:43:15 | 000,000,006 | --S- | C] () -- C:\ProgramData\9d14874e4867a8275e174fe4445aabd83ba0869d
[2016/02/11 13:14:16 | 000,007,636 | ---- | C] () -- C:\Users\Steve\AppData\Local\Resmon.ResmonCfg
[2016/01/20 16:22:35 | 229,845,735 | ---- | C] () -- C:\Users\Steve\AppData\Local\ACCCx3_4_3_189.zip.aamdownload
[2016/01/20 16:22:35 | 000,002,657 | ---- | C] () -- C:\Users\Steve\AppData\Local\ACCCx3_4_3_189.zip.aamdownload.aamd
[2016/01/15 15:12:13 | 000,017,008 | ---- | C] () -- C:\Windows\SysWow64\ampa.sys
[2016/01/15 11:51:29 | 000,929,592 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2016/01/15 11:48:37 | 000,000,258 | RHS- | C] () -- C:\Users\Steve\ntuser.pol
[2015/12/26 09:53:50 | 000,000,012 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\0279
[2015/05/09 10:03:22 | 000,000,351 | ---- | C] () -- C:\Users\Steve\ovtr.properties
[2015/04/01 08:45:31 | 011,153,408 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\Sandra.mdb
[2014/06/05 10:51:22 | 000,000,120 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\FixVTS.ini
[2013/07/25 17:10:37 | 000,002,554 | ---- | C] () -- C:\Users\Steve\AppData\Roaming\SAS7_000.DAT
[2012/12/05 16:07:44 | 000,000,440 | RHS- | C] () -- C:\ProgramData\ntuser.pol
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2017/08/15 09:29:44 | 014,182,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2017/08/15 09:10:54 | 012,880,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2016/07/21 15:12:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\(C8-14-79-AC-39-45)
[2016/11/11 09:15:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\04EFFC69-A5E3-419D-9E48-BA2A83D52CB4
[2016/10/07 07:45:52 | 000,000,000 | -H-D | M] -- C:\Users\Steve\AppData\Roaming\703AN3EE
[2016/09/27 21:25:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\88cf0
[2016/07/11 06:01:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\88cf05
[2017/07/27 08:54:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\91 Harbor
[2016/01/15 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Absolute Uninstaller
[2016/09/27 12:34:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AC3Filter
[2017/11/15 18:58:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Acronis
[2017/01/04 16:04:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Acrylic Wi-Fi Home
[2017/01/27 10:04:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Acrylic Wi-Fi Professional
[2016/05/28 12:52:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Actual Tools
[2016/01/15 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AdamOutler
[2016/01/15 11:36:47 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AdbDriverInstaller
[2016/01/15 11:36:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Advanced
[2018/01/04 15:03:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Aegisub
[2016/01/15 11:36:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\All Free MP3 Cutter
[2016/06/26 08:54:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Amazon Cloud Drive
[2016/01/15 11:36:49 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ApkInstaller
[2017/05/29 12:08:01 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Apowersoft
[2016/10/20 15:16:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ATTSplus
[2016/06/26 08:54:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Audacity
[2016/01/15 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\AutoSizer
[2017/06/03 08:41:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\avidemux
[2016/06/26 08:54:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Azureus
[2016/01/15 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BITS
[2016/04/30 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\BlueLabsSoftware
[2016/11/11 18:33:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\cbSqpW
[2016/01/15 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\chc
[2016/01/15 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2016/01/19 11:44:46 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\CheckPoint
[2016/01/15 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2016/01/15 11:36:50 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2016/11/26 21:32:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\com.wd.WDMyCloud
[2016/05/31 08:09:51 | 000,000,000 | -HSD | M] -- C:\Users\Steve\AppData\Roaming\Common
[2017/06/28 14:55:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Coolmuster
[2016/10/06 13:30:02 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DAEMON Tools Ultra
[2016/05/06 08:52:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DesktopOK
[2016/03/24 15:11:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\dgVoodoo
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Digiarty
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\DiskDefrag
[2016/01/16 16:19:23 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Drivers For Free
[2016/11/28 12:34:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dropbox
[2016/02/29 17:04:38 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Dual Monitor Tools
[2017/06/01 15:38:21 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Easeware
[2016/07/02 22:14:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Epson
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ExpressDownloader
[2016/01/16 16:53:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\EZ93DownloadManager
[2018/01/07 22:26:29 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FileZilla
[2018/01/04 15:02:59 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\fontconfig
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Free Audio Editor
[2016/06/02 08:34:02 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\FreeFixer
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Fresco Logic Inc
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\G9hcquLb
[2017/07/10 10:43:02 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Garmin
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GEAR PRO Mastering Edition 8.01
[2017/11/19 13:59:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\GlarySoft
[2016/10/10 10:25:32 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HandBrake
[2016/04/26 19:23:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\HMYGSetting
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Hulubulu
[2016/03/20 14:44:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IcoFX2X
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ieSpell
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\iMobie
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Import Audio from Video
[2017/12/02 15:41:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IObit
[2016/11/29 19:10:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\iolo
[2016/11/29 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ioloGovernor
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\iSkysoft
[2016/09/18 15:49:02 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\IsolatedStorage
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Itipn
[2016/09/20 08:30:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\JAM Software
[2017/07/23 09:55:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\JetBrains
[2017/08/04 09:04:53 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\KingRoot
[2016/01/15 11:36:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Leadertech
[2017/08/28 14:08:09 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\LEAPS
[2016/05/18 09:26:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MacroToolworks
[2016/02/13 10:53:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mael
[2016/09/08 07:11:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MAGIX
[2016/09/08 06:25:56 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MAGIX Computer Products Intl. Co
[2016/01/15 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MailboxFetch
[2016/01/15 11:36:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MailFrontier
[2017/12/24 21:15:27 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MediaMonkey
[2017/06/13 20:03:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\mgyun
[2016/01/15 11:36:57 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MotionDSP
[2016/09/17 10:57:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MOVAVI
[2016/06/28 07:30:33 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mp3tag
[2016/07/09 08:25:55 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\MusicBrainz
[2016/01/15 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Mythicsoft
[2017/02/26 22:42:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nano
[2016/05/25 12:22:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\NaturalPoint
[2016/01/15 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\No Company Name
[2017/09/28 15:37:12 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Nuance
[2018/01/11 15:27:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ObviousIdea
[2017/10/20 10:43:40 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Opera Mail
[2016/01/15 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PACE Anti-Piracy
[2016/01/15 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PC Suite
[2017/07/02 10:34:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PCDr
[2016/10/20 15:17:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PCHC
[2017/09/21 08:43:03 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PDAppFlex
[2016/02/16 09:38:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PE Explorer
[2017/10/20 10:54:28 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Pegasus Mail
[2017/08/28 14:02:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Pegasys Inc
[2016/01/15 11:37:00 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Pioneer
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PioneerLog
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\player
[2016/12/30 15:48:36 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\PortForward.com
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\proDAD
[2016/07/28 20:42:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Publish Providers
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Red Giant
[2016/09/30 14:42:18 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\rzzzuj
[2017/11/23 13:55:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Samsung
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\ScanSoft
[2016/09/26 19:21:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Serviio-Console-Wrapper
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Shark007
[2017/08/04 09:16:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Shuame
[2016/07/07 21:33:20 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SmartSteamEmu
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SolidDocuments
[2017/08/31 09:03:07 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony
[2016/09/07 11:18:11 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Sony Creative Software Inc
[2016/04/04 16:57:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\sp6_log
[2016/05/20 18:29:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Speech2Go
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SweetScape
[2017/11/07 08:17:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\SyncDroid
[2017/11/07 08:17:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Syncios Data Transfer
[2017/12/27 15:08:15 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TeamViewer
[2016/09/23 09:16:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TechSmith
[2017/12/29 09:34:44 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\TemplateToaster
[2016/01/15 11:37:04 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Thunderbird
[2016/10/02 08:09:31 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\tinySpell
[2016/11/01 13:15:25 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Titler
[2016/08/07 08:08:17 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Trimble Connect for SketchUp
[2016/01/15 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Unuda
[2018/01/09 21:01:34 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\uTorrent
[2016/10/30 13:46:39 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\VC
[2017/08/31 09:06:58 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\VEGAS
[2017/08/31 09:06:52 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\VEGAS Pro
[2016/08/30 10:17:51 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Visan
[2016/02/05 12:37:43 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\VoiceAttack
[2017/07/10 15:37:10 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WandoujiaUsbDriver
[2016/01/15 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Wargaming.net
[2016/01/15 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Win7codecs
[2016/01/19 08:57:45 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows 7 Taskbar Color Changer
[2016/07/15 12:37:35 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Windows Live Writer
[2016/01/15 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WindSolutions
[2016/01/15 11:37:05 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\WinScanner
[2017/09/19 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Wondershare
[2017/05/07 17:28:24 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Wondershare Video Converter Ultimate
[2016/02/29 15:29:37 | 000,000,000 | -HSD | M] -- C:\Users\Steve\AppData\Roaming\wyUpdate AU
[2016/01/15 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Zeon
[2016/01/15 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Zuyt
[2016/01/15 11:37:08 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\Zyudih
[2016/09/27 12:54:54 | 000,000,000 | ---D | M] -- C:\Users\Steve\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 64 bytes -> C:\Windows\winhlp32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ZnMacroUI.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XpsPrint.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\XpsGdiConverter.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wshom.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wscript.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Wpc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVXENCD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVSENCD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVSDECD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVENCOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMVDECOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMSPDMOE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMSPDMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wmpmde.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMPhoto.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMADMOE.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WMADMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\winsta.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WindowsCodecsExt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\WindowsCodecs.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\wincredprovider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\VIDRESZR.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\VB6STKIT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\VB5StKit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\UNZDLL.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\TomsMoComp_ff.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tdh.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\tak_deco_lib.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\synceng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\swscale-lav-2.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\SpoonUninstall.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\shimeng.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\setupempdrv03.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\sdbinst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\scrrun.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\scesrv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\RtsUStoricon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\RsCRIcon.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\RESAMPLEDMO.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rdpcore.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\rastls.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\qedit.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\qasf.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\psisrndr.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\psisdecd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\prevhost.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\pku2u.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PCodec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\PAvFilt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\packager.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\OptimFROG.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\oleacc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\objsel.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nvaudcap32v.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nshwfp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\notepad.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nglide_uninst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\nglide_config.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\netapi32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mtxoci.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msxml6r.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msxml6.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msvcrt.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MSVBVM50.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mstsc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msorcl32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msmpeg2vdec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MSMPEG2ENC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\msmpeg2adec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MPG4DECD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MP4SDECD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MP43DECD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MP3DMOD.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MFWMAAEC.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfvdsp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfds.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\mfc45.dat:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MBTHX32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MBAPO32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MBAPO232.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\MaxxVoiceAPO30.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\libmpeg2_ff.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\libbluray.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\LAVVideo.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\LAVSplitter.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ksuser.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ksproxy.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\iologmsg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\InkEd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\inetcomm.dll_7-52-53:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ImageEnXLibrary.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\gswin32c.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\gswin32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\GSWDLL32.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\GSWAG32.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\GSPROP32.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\gsdll32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\GRID32.OCX:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\GRAPHS32.OCX:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\Graph32.ocx:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\gameux.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\FWPUCLNT.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ftsrch.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ftlx041e.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ftlx0411.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ffmpeg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ff_wmv9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ff_unrar.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ff_samplerate.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ff_libmad.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ff_libdts.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ff_liba52.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\EuEpmGdi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\EncDec.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\els.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dxgi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DvWrite.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DvRead.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\drvinst.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dpnet.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dpapiprovider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dns-sd.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dnscacheugc.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dnsapi.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DivXa32.acm:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DiscHandler.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\dimsroam.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\devrtl.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\devobj.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\devenum.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\DCBassSourceMod.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DX9_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3dx10_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_40.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\D3DCompiler_39.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10warp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10level9.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10core.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10_1core.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10_1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d3d10.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\d2d1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cscript.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cryptdlg.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\CPFilters.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\COLORCNV.DLL:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cngprovider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\clfsw32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\charmap.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cfgmgr32.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\certutil.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\certenc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\cdxareader.ax:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\capiprovider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\browcli.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\BootMan.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\basswv.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bassopus.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bassflac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\basscd.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass_tta.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass_tak.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass_ofr.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass_mpc.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass_ape.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass_alac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass_aac.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\bass.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\avutil-lav-52.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\avresample-lav-1.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\avformat-lav-55.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\avfilter-lav-4.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\avcodec-lav-55.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\aticfx32.dll{70504546-8e38-11e6-be13-9cad97debd56}:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\apphelp.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\ampa.sys:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdocl_ld32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\amdocl_as32.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\SysWow64\adprovider.dll:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\notepad.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\Windows\ampa.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\ProgramData\cisAC26.exe:$CmdTcID
@Alternate Data Stream - 64 bytes -> C:\ProgramData\cis4CB8.exe:$CmdTcID
@Alternate Data Stream - 36 bytes -> C:\Windows:CM_e0501b65315a77c6cde279a3a8d62a1a6c48bf2c2e353a3654218165115f1673
@Alternate Data Stream - 36 bytes -> C:\Windows:CM_36faabd924501fcd2f743302621d89eb425ec11f74fef19a5e0fe69c3f0b5201
@Alternate Data Stream - 26 bytes -> D:\xps_630i.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> D:\pressurecooker.pdf:$CmdZnID
@Alternate Data Stream - 26 bytes -> D:\37772.pdf:$CmdZnID
@Alternate Data Stream - 230 bytes -> C:\ProgramData\TEMP:6DAA43DB
@Alternate Data Stream - 179 bytes -> C:\ProgramData\TEMP:0FF263E8
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:44EAFCDF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:890CC2F3

< End of report >