Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ads popping up in new tabs when clicking on links [Closed]

Started by quasarn01 , Aug 27 2015 11:58 AM
rootkit

  • This topic is locked This topic is locked

#1
quasarn01
Posted 27 August 2015 - 11:58 AM

quasarn01

    Member

  • Member
  • PipPip
  • 56 posts

Whenever I click on a normal link, a new tab pops open with an ad...  Not every time but usually ever 3rd or 4th click...  Sometimes several times in a row...  Here is the FRS and the Addition text:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:26-08-2015
Ran by Michael (administrator) on MICHAEL-PC (27-08-2015 13:34:51)
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available Profiles: Michael)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
() C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\LocationNotificationWindows.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqnrs08.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\31.0.1889.174\opera.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-07] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM\...\Run: [rfagent] => "C:\Program Files\RFA 10\rfagent64.exe"
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161728 2015-08-09] (IvoSoft)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [408888 2015-02-27] (Power Software Ltd)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2670592 2015-06-01] (Sony Corporation)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1066192 2015-07-14] (Carbonite, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-04-05] (Siber Systems)
HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\Run: [OneDrive] => C:\Users\Michael\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-19] (Microsoft Corporation)
HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\RunOnce: [Uninstall C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-06-17]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Opera.lnk [2015-04-10]
ShortcutTarget: Opera.lnk -> C:\Program Files (x86)\Opera\launcher.exe (Opera Software)
ShellIconOverlayIdentifiers: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll [2015-07-14] (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1146172741-2665381763-399532911-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/?pc=U159
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-05] (Siber Systems Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-08-09] (IvoSoft)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-05] (Siber Systems Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-05] (Siber Systems Inc.)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-08-09] (IvoSoft)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-04-05] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-08-09] (IvoSoft)
Toolbar: HKU\S-1-5-21-1146172741-2665381763-399532911-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-04-05] (Siber Systems Inc.)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{60b72293-5f49-45a2-9b6d-c27311973c89}: [DhcpNameServer] 192.168.2.1
 
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hrzhc79z.default
FF DefaultSearchEngine: Bing 
FF DefaultSearchEngine.US: Bing
FF SearchEngineOrder.3: Bing 
FF SelectedSearchEngine: Bing 
FF Homepage: hxxp://www.bing.com/?pc=U159
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q=
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-03-31] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 -> C:\Program Files (x86)\Winamp Detect\npwachk.dll [2013-12-12] (Nullsoft, Inc.)
FF Plugin-x32: @siber.com/RoboForm -> C:\Program Files (x86)\Siber Systems\AI RoboForm\chrome\plugin\np-rf-plugin.dll [2015-04-05] (Siber Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-03-31] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Extension: Bing Search Engine - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hrzhc79z.default\Extensions\[email protected] [2015-04-06]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\hrzhc79z.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-05]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-05-01]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2015-04-05]
FF HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
 
Opera: 
=======
OPR Extension: (Video Downloader Multiformat) - C:\Users\Michael\AppData\Roaming\Opera Software\Opera Stable\Extensions\beemgnphifpbdehfmohojkhlklfaddih [2015-04-06]
OPR Extension: (roboformopera) - C:\Users\Michael\AppData\Roaming\Opera Software\Opera Stable\Extensions\jhicomgjechdjmijiabdcfnddhdbcdnn [2015-04-06]
OPR Extension: (YouTube Video and Mp3 Downloader) - C:\Users\Michael\AppData\Roaming\Opera Software\Opera Stable\Extensions\kjmgiabcpaeheldkmiloklplphfhobio [2015-04-12]
OPR Extension: (Adblock Plus) - C:\Users\Michael\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2015-08-27]
OPR Extension: (RoboForm) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Opera [2015-04-05]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 Belkin USB Center Helper; C:\Program Files\Belkin\USB Control Center\Bkapcs.exe [55296 2015-04-18] () [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CLDTVHNService; C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [75048 2009-09-17] ()
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-07-29] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-07-29] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session10; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session10; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session10; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session10; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [494592 2015-06-01] (Sony Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-07-29] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [970944 2015-01-31] (@ByELDI) [File not signed]
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-07] (Synaptics Incorporated)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-07-29] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-07-29] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session10; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session10; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session10; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session10; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-07-10] (Microsoft Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [15968 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Windows ® Codename Longhorn DDK provider)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-27] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3354384 2015-07-10] (Intel Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-07] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
R2 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [304480 2015-04-18] (silex technology, Inc.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45448 2015-07-25] (Toshiba Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-07-29] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-27 13:34 - 2015-08-27 13:35 - 00029190 _____ C:\Users\Michael\Desktop\FRST.txt
2015-08-27 13:34 - 2015-08-27 13:35 - 00000000 ____D C:\FRST
2015-08-27 13:32 - 2015-08-27 13:32 - 02186752 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-08-27 12:31 - 2015-08-27 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-08-27 12:31 - 2015-08-27 12:31 - 00000000 ____D C:\Program Files\Classic Shell
2015-08-27 12:30 - 2015-08-27 12:30 - 06946544 _____ (IvoSoft) C:\Users\Michael\Downloads\ClassicShellSetup_4_2_4.exe
2015-08-27 12:20 - 2015-08-27 12:20 - 00016148 _____ C:\WINDOWS\system32\MICHAEL-PC_Michael_HistoryPrediction.bin
2015-08-26 09:51 - 2015-08-26 09:51 - 00000000 ____D C:\WINDOWS\system32\config\RRBackups
2015-08-26 09:38 - 2015-08-26 09:38 - 00000000 ____D C:\ProgramData\ReviverSoft
2015-08-26 09:29 - 2015-08-27 12:15 - 00000000 ____D C:\Users\Michael\Downloads\Registry Reviver 4.0.0.34 (x86-x64) Final Incl. Crack [ATOM]
2015-08-26 09:29 - 2015-08-26 09:29 - 00014738 _____ C:\Users\Michael\Downloads\[kat.cr]registry.reviver.4.0.0.34.x86.x64.final.incl.crack.atom.torrent
2015-08-26 09:24 - 2015-08-26 09:24 - 00014783 _____ C:\Users\Michael\Downloads\Registry_Reviver_4.0.0.34_(x86-x64)_Final_Incl._Crack_[ATOM].torrent
2015-08-26 03:41 - 2015-08-26 03:41 - 00000000 ___HD C:\OneDriveTemp
2015-08-25 15:42 - 2015-08-25 15:42 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Nitro
2015-08-25 15:41 - 2015-08-27 12:16 - 00000000 ____D C:\Program Files\Common Files\Nitro
2015-08-25 15:41 - 2015-08-25 15:41 - 00000000 ____D C:\ProgramData\Nitro
2015-08-25 15:41 - 2015-08-25 15:41 - 00000000 ____D C:\Program Files\Nitro
2015-08-25 15:29 - 2015-08-25 15:29 - 00000000 ____D C:\Users\Michael\Downloads\Nitro Pro Enterprise 9.5.3.8 Incl.Serials
2015-08-25 15:28 - 2015-08-25 15:28 - 00020704 _____ C:\Users\Michael\Downloads\Nitro_PDF_Professional_Enterprise_v9.5.3.8_(x86+x64)+Serials.torrent
2015-08-25 09:53 - 2015-08-25 09:53 - 06383209 _____ C:\Users\Michael\Downloads\mbam-chameleon-3.1.25.0.zip
2015-08-25 09:48 - 2015-08-25 09:48 - 00012339 _____ C:\Users\Michael\Downloads\[kat.cr]malwarebytes.anti.rootkit.v1.09.1.1.final.activated.2015.torrent
2015-08-25 09:43 - 2015-08-26 09:22 - 00000000 ____D C:\ProgramData\RFA_Backups
2015-08-25 09:42 - 2015-08-27 12:16 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry First Aid 10
2015-08-25 09:42 - 2015-08-27 12:16 - 00000000 ____D C:\ProgramData\Registry First Aid
2015-08-25 09:42 - 2015-08-25 09:42 - 00000853 _____ C:\Users\Public\Desktop\Registry First Aid.lnk
2015-08-25 09:39 - 2015-08-25 09:39 - 00000000 ____D C:\Users\Michael\Downloads\Registry First Aid Platinum 10.1.0 Build 2292 + Crack [KaranPC]
2015-08-25 09:38 - 2015-08-25 09:38 - 00012261 _____ C:\Users\Michael\Downloads\[kat.cr]registry.first.aid.platinum.10.1.0.build.2292.crack.karanpc.torrent
2015-08-25 09:33 - 2015-08-25 09:33 - 01092028 _____ C:\Users\Michael\Downloads\HijackThis 2.0.5 Beta.zip
2015-08-25 09:32 - 2015-08-25 09:32 - 00001340 _____ C:\Users\Michael\Downloads\HijackThis_2.0.5_Beta.zip.torrent
2015-08-23 11:10 - 2015-08-23 11:13 - 00000000 ____D C:\Users\Michael\Documents\oCam
2015-08-23 11:10 - 2015-08-23 11:10 - 00001031 _____ C:\Users\Michael\Desktop\oCam.lnk
2015-08-23 11:10 - 2015-08-23 11:10 - 00000000 ____D C:\Users\Michael\Downloads\oCam Screen Recorder 130.0 RePack (& Portable) by KpoJIuK
2015-08-23 11:10 - 2015-08-23 11:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\oCam
2015-08-23 11:10 - 2015-08-23 11:10 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oCam
2015-08-23 11:10 - 2015-08-23 11:10 - 00000000 ____D C:\Program Files (x86)\oCam
2015-08-23 11:09 - 2015-08-23 11:09 - 00002950 _____ C:\Users\Michael\Downloads\[kat.cr]ocam.screen.recorder.130.0.2015.portable.repack.mr.p2d.torrent
2015-08-23 10:57 - 2015-08-23 10:57 - 00000000 ____D C:\Users\Michael\Downloads\ZD Soft Screen Recorder 6.1+Key-SND
2015-08-23 10:56 - 2015-08-23 10:56 - 00578919 _____ C:\Users\Michael\Downloads\ZD Soft Screen Recorder 6 1 Ke Downloader__3687_i1596512290.exe.rar
2015-08-23 10:56 - 2015-08-23 10:56 - 00015457 _____ C:\Users\Michael\Downloads\ZD_Soft_Screen_Recorder_6.1+Key-SND.torrent
2015-08-23 10:55 - 2015-08-23 10:55 - 00578919 _____ C:\Users\Michael\Downloads\ZD Soft Screen Recorder V5 2 I Downloader__3687_i1596510900.exe.rar
2015-08-22 14:04 - 2015-08-22 14:04 - 00002216 _____ C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2015-08-22 14:04 - 2015-08-22 14:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2015-08-22 13:15 - 2015-08-22 13:15 - 00001719 _____ C:\Users\Michael\Desktop\New Text Document2.txt
2015-08-21 15:42 - 2015-08-21 15:42 - 00001833 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-08-21 15:42 - 2015-08-21 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-21 15:40 - 2015-08-21 15:42 - 00000000 ____D C:\Program Files\iTunes
2015-08-21 15:40 - 2015-08-21 15:40 - 00000000 ____D C:\Program Files\iPod
2015-08-21 15:40 - 2015-08-21 15:40 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-08-20 20:09 - 2015-08-20 20:09 - 05718480 _____ C:\Users\Michael\Downloads\videostream.cgi.opdownload
2015-08-20 04:16 - 2015-08-20 04:16 - 16563304 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.09.2.1008.exe
2015-08-19 16:31 - 2015-08-20 04:02 - 316711688 _____ C:\Users\Michael\Downloads\TC00576000C.exe
2015-08-19 16:21 - 2015-08-19 16:21 - 00000301 _____ C:\CLDTCPIPLib.log
2015-08-19 16:20 - 2015-08-19 16:20 - 03507776 _____ ( ) C:\Users\Michael\Documents\DIRECTV.v5618_CyberLink_DMS090512-03.exe
2015-08-19 16:19 - 2015-08-27 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIRECTV2PC™
2015-08-19 16:19 - 2015-08-19 16:19 - 00002138 _____ C:\Users\Public\Desktop\DIRECTV2PC™.lnk
2015-08-19 16:19 - 2015-08-19 16:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\CyberLink
2015-08-19 16:19 - 2015-08-19 16:19 - 00000000 ____D C:\Users\Michael\AppData\Local\PowerCinema
2015-08-19 16:19 - 2015-08-19 16:19 - 00000000 ____D C:\Users\Michael\AppData\Local\DIRECTV2PC™
2015-08-19 16:15 - 2015-08-19 16:17 - 37085808 _____ ( ) C:\Users\Michael\Downloads\DIRECTV.v7507_CyberLink_DMS110302-01.exe
2015-08-19 16:06 - 2015-08-27 12:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DIRECTV2PC Playback Advisor
2015-08-19 16:06 - 2015-08-27 12:16 - 00000000 ____D C:\Program Files (x86)\DirecTV
2015-08-19 16:06 - 2015-08-19 16:06 - 00002278 _____ C:\Users\Public\Desktop\DIRECTV2PC Playback Advisor.lnk
2015-08-19 16:06 - 2015-08-19 16:06 - 00000000 ____D C:\ProgramData\CyberLink
2015-08-19 16:05 - 2015-08-19 16:05 - 04041304 _____ ( ) C:\Users\Michael\Downloads\DIRECTV.2107_DIP090826-01.exe
2015-08-19 06:45 - 2015-08-19 06:45 - 00003938 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1428284324
2015-08-19 06:41 - 2015-08-13 00:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-19 06:41 - 2015-08-13 00:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-19 06:41 - 2015-08-11 05:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-19 06:41 - 2015-08-11 05:22 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-19 06:41 - 2015-08-11 04:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-19 06:41 - 2015-08-11 04:45 - 18805760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-19 06:40 - 2015-08-13 00:23 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-19 06:40 - 2015-08-13 00:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-19 06:40 - 2015-08-13 00:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-19 06:40 - 2015-08-13 00:17 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-19 06:40 - 2015-08-12 23:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-19 06:40 - 2015-08-11 06:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-19 06:40 - 2015-08-11 06:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-19 06:40 - 2015-08-11 06:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-19 06:40 - 2015-08-11 06:03 - 08021840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-19 06:40 - 2015-08-11 06:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-19 06:40 - 2015-08-11 06:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-19 06:40 - 2015-08-11 06:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-19 06:40 - 2015-08-11 06:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-19 06:40 - 2015-08-11 05:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-19 06:40 - 2015-08-11 05:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-19 06:40 - 2015-08-11 05:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-19 06:40 - 2015-08-11 05:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-19 06:40 - 2015-08-11 05:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-19 06:40 - 2015-08-11 05:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-19 06:40 - 2015-08-11 05:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-19 06:40 - 2015-08-11 05:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-19 06:40 - 2015-08-11 05:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-19 06:40 - 2015-08-11 05:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-19 06:40 - 2015-08-11 05:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-19 06:40 - 2015-08-11 05:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-19 06:40 - 2015-08-11 05:20 - 02224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-19 06:40 - 2015-08-11 05:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-19 06:40 - 2015-08-11 05:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-19 06:40 - 2015-08-11 05:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-19 06:40 - 2015-08-11 05:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-19 06:40 - 2015-08-11 05:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-19 06:40 - 2015-08-11 05:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-19 06:40 - 2015-08-11 05:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-19 06:40 - 2015-08-11 05:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-19 06:40 - 2015-08-11 05:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-19 06:40 - 2015-08-11 05:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 06:40 - 2015-08-11 05:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-19 06:40 - 2015-08-11 05:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-19 06:40 - 2015-08-11 05:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-19 06:40 - 2015-08-11 05:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-19 06:40 - 2015-08-11 05:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-19 06:40 - 2015-08-11 05:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-19 06:40 - 2015-08-11 05:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-19 06:40 - 2015-08-11 05:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-19 06:40 - 2015-08-11 05:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-19 06:40 - 2015-08-11 05:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-19 06:40 - 2015-08-11 05:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-19 06:40 - 2015-08-11 05:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-19 06:40 - 2015-08-11 05:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-19 06:40 - 2015-08-11 05:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-19 06:40 - 2015-08-11 05:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-19 06:40 - 2015-08-11 05:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-19 06:40 - 2015-08-11 05:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-19 06:40 - 2015-08-11 05:02 - 01890304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-19 06:40 - 2015-08-11 05:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-19 06:40 - 2015-08-11 05:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-19 06:40 - 2015-08-11 05:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-19 06:40 - 2015-08-11 05:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-19 06:40 - 2015-08-11 05:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-19 06:40 - 2015-08-11 04:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-19 06:40 - 2015-08-11 04:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-19 06:40 - 2015-08-11 04:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-19 06:40 - 2015-08-11 04:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-19 06:40 - 2015-08-11 04:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-19 06:40 - 2015-08-11 04:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-19 06:40 - 2015-08-11 04:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-19 06:40 - 2015-08-11 04:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-19 06:40 - 2015-08-11 04:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-19 06:40 - 2015-08-11 04:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-19 06:40 - 2015-08-11 04:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-19 06:40 - 2015-08-11 04:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-19 06:40 - 2015-08-11 04:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-19 06:40 - 2015-08-11 04:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-19 06:40 - 2015-08-11 04:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-19 06:40 - 2015-08-11 04:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-19 06:40 - 2015-08-11 04:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-19 06:40 - 2015-08-11 04:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-19 06:40 - 2015-08-11 04:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-19 06:40 - 2015-08-11 04:40 - 01593856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-19 06:40 - 2015-08-11 04:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-19 06:40 - 2015-08-11 04:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-19 06:40 - 2015-08-11 04:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-11 18:33 - 2015-08-11 18:33 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-08-11 16:05 - 2015-08-02 22:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-11 16:05 - 2015-08-02 21:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-11 16:04 - 2015-08-08 03:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-11 16:04 - 2015-08-08 03:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-11 16:04 - 2015-08-08 03:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-11 16:04 - 2015-08-08 02:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-11 16:04 - 2015-08-08 02:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-11 16:04 - 2015-08-08 02:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-11 16:04 - 2015-08-08 02:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-11 16:04 - 2015-08-08 02:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-11 16:04 - 2015-08-08 02:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-11 16:04 - 2015-08-05 23:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-11 16:04 - 2015-08-05 23:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-11 16:04 - 2015-08-05 22:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-11 16:04 - 2015-08-05 00:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-11 16:04 - 2015-08-05 00:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-11 16:04 - 2015-08-05 00:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-11 16:04 - 2015-08-04 23:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-11 16:04 - 2015-08-04 23:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-11 16:04 - 2015-08-04 23:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-11 16:04 - 2015-08-04 00:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-11 16:04 - 2015-08-04 00:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-11 16:04 - 2015-08-04 00:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-11 16:04 - 2015-08-03 23:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-11 16:04 - 2015-08-03 22:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-11 16:04 - 2015-08-03 22:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-11 16:04 - 2015-08-02 22:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-11 16:04 - 2015-08-02 22:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-11 16:04 - 2015-08-02 22:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-11 16:04 - 2015-08-02 22:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-11 16:04 - 2015-08-02 22:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-11 16:04 - 2015-08-02 22:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-11 16:04 - 2015-08-02 22:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-11 16:04 - 2015-08-02 22:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-11 16:04 - 2015-08-02 22:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-11 16:04 - 2015-08-02 22:13 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-11 16:04 - 2015-08-02 22:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-11 16:04 - 2015-08-02 21:50 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-11 16:04 - 2015-08-02 21:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-11 16:04 - 2015-08-02 21:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-11 16:04 - 2015-08-02 21:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-11 16:04 - 2015-08-02 21:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-11 16:04 - 2015-08-02 21:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-11 16:04 - 2015-08-02 21:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-11 16:04 - 2015-08-02 21:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-11 16:04 - 2015-08-02 21:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-11 16:04 - 2015-08-02 21:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-11 16:04 - 2015-08-02 21:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-11 16:04 - 2015-08-02 21:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-11 16:04 - 2015-08-02 21:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-11 16:04 - 2015-08-02 21:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-11 16:04 - 2015-08-02 21:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-11 16:04 - 2015-08-02 21:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-11 16:04 - 2015-08-02 21:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-11 16:04 - 2015-08-02 21:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-11 16:04 - 2015-08-02 21:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-11 16:04 - 2015-08-02 21:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-11 16:04 - 2015-08-02 21:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-11 16:04 - 2015-08-02 21:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-11 16:04 - 2015-08-02 21:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-11 16:04 - 2015-08-02 21:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-11 16:04 - 2015-08-02 21:14 - 00247808 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-11 16:04 - 2015-08-02 21:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-11 16:04 - 2015-08-02 21:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-11 16:04 - 2015-08-02 21:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-11 16:04 - 2015-08-02 21:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-11 16:04 - 2015-08-02 21:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-11 16:04 - 2015-08-02 21:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-11 16:04 - 2015-08-02 21:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-11 16:04 - 2015-08-02 21:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-11 16:04 - 2015-08-02 21:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-11 16:04 - 2015-08-02 20:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-10 18:17 - 2015-08-10 18:20 - 13886712 _____ C:\Users\Michael\Downloads\TC00398200D.exe
2015-08-10 08:36 - 2015-08-10 08:36 - 00000540 _____ C:\Users\Michael\Downloads\Attachment
2015-08-09 09:32 - 2015-08-09 09:32 - 00289216 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2015-08-09 09:32 - 2015-08-09 09:32 - 00247744 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
2015-08-07 01:34 - 2015-08-07 01:34 - 00420040 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-08-07 01:34 - 2015-08-07 01:34 - 00254152 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo33.dll
2015-08-07 01:34 - 2015-08-07 01:34 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-08-07 01:34 - 2015-08-07 01:34 - 00042184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-08-06 03:37 - 2015-07-30 02:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-06 03:37 - 2015-07-30 02:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-06 03:37 - 2015-07-30 02:05 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-06 03:37 - 2015-07-30 02:04 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-06 03:37 - 2015-07-30 02:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-06 03:37 - 2015-07-30 00:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-06 03:37 - 2015-07-30 00:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-06 03:37 - 2015-07-29 23:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-06 03:37 - 2015-07-29 23:52 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-06 03:37 - 2015-07-29 23:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-06 03:37 - 2015-07-29 23:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-06 03:37 - 2015-07-29 23:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-06 03:37 - 2015-07-29 23:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-06 03:37 - 2015-07-29 23:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-06 03:37 - 2015-07-29 23:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-06 03:36 - 2015-07-30 02:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-06 03:36 - 2015-07-30 02:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-06 03:36 - 2015-07-30 02:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-06 03:36 - 2015-07-30 02:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-06 03:36 - 2015-07-30 02:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-06 03:36 - 2015-07-30 02:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-06 03:36 - 2015-07-30 02:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-06 03:36 - 2015-07-30 02:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-06 03:36 - 2015-07-30 02:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-06 03:36 - 2015-07-30 01:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-06 03:36 - 2015-07-30 00:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-06 03:36 - 2015-07-30 00:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-06 03:36 - 2015-07-30 00:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-06 03:36 - 2015-07-30 00:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-06 03:36 - 2015-07-30 00:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-06 03:36 - 2015-07-30 00:24 - 01769056 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-06 03:36 - 2015-07-30 00:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-06 03:36 - 2015-07-30 00:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-06 03:36 - 2015-07-30 00:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-06 03:36 - 2015-07-30 00:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-06 03:36 - 2015-07-30 00:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-06 03:36 - 2015-07-30 00:21 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-06 03:36 - 2015-07-30 00:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-06 03:36 - 2015-07-30 00:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-06 03:36 - 2015-07-30 00:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-06 03:36 - 2015-07-30 00:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-06 03:36 - 2015-07-29 23:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-06 03:36 - 2015-07-29 23:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-06 03:36 - 2015-07-29 23:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-06 03:36 - 2015-07-29 23:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-06 03:36 - 2015-07-29 23:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-06 03:36 - 2015-07-29 23:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-06 03:36 - 2015-07-29 23:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-06 03:36 - 2015-07-29 23:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-06 03:36 - 2015-07-29 23:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-06 03:36 - 2015-07-29 23:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-06 03:36 - 2015-07-29 23:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-06 03:36 - 2015-07-29 23:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-06 03:36 - 2015-07-29 23:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-06 03:36 - 2015-07-29 23:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-06 03:36 - 2015-07-29 23:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-06 03:36 - 2015-07-29 23:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-06 03:36 - 2015-07-29 23:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-06 03:36 - 2015-07-29 23:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-06 03:36 - 2015-07-29 23:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-06 03:36 - 2015-07-29 23:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-06 03:36 - 2015-07-29 23:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-06 03:36 - 2015-07-29 23:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-06 03:36 - 2015-07-29 22:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-06 03:36 - 2015-07-29 22:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-04 19:37 - 2015-08-04 19:47 - 177627427 _____ C:\Users\Michael\Downloads\Rodney Carrington Live At The Majestic Full show.mp4
2015-08-03 16:52 - 2015-08-03 16:52 - 00012168 _____ C:\Users\Michael\Documents\Daddy's life insurance.xlsx
2015-08-03 06:36 - 2015-08-03 06:36 - 00005416 _____ C:\Users\Michael\Downloads\Cam_Wizard_v10.14_Final_Cracked.torrent
2015-08-01 13:20 - 2015-08-01 13:20 - 00000168 _____ C:\Users\Michael\Downloads\ATT00001.htm
2015-07-31 16:36 - 2015-07-31 16:36 - 00001165 _____ C:\Users\Michael\Desktop\AD Sound Recorder.lnk
2015-07-31 16:36 - 2015-07-31 16:36 - 00000000 ____D C:\Users\Michael\AppData\Roaming\AD Sound Recorder
2015-07-31 16:36 - 2015-07-31 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AD Sound Recorder
2015-07-31 16:36 - 2015-07-31 16:36 - 00000000 ____D C:\Program Files (x86)\AD Sound Recorder
2015-07-31 16:35 - 2015-07-31 16:35 - 00000000 ____D C:\Users\Michael\Downloads\AD Sound Recorder 5.5.3 (Full Version With Serial Key)  ~~R@JU~~ [WBRG]
2015-07-31 16:33 - 2015-07-31 16:33 - 00006004 _____ C:\Users\Michael\Downloads\AD_Sound_Recorder_5.5.3_(Full_Version_With_Serial_Key)__--R@JU--_[WBRG].torrent
2015-07-31 10:41 - 2015-07-31 10:41 - 00997927 _____ C:\Users\Michael\Downloads\O15CTRRemove.diagcab
2015-07-31 09:12 - 2015-07-31 09:47 - 00000000 ____D C:\Users\Michael\Downloads\Microsoft Office 365 Home Premium + ProPlus + Small Business (by World4hack)
2015-07-31 08:50 - 2015-07-31 08:50 - 00028792 _____ C:\Users\Michael\Downloads\Microsoft_Office_365_Home_Premium_+_ProPlus_+_Small_Business_and_activator_(by_World4hack).torrent
2015-07-31 07:07 - 2015-07-31 07:07 - 00000000 ____D C:\Users\Michael\Downloads\Microsoft Office 365 Activator (KMSpico v4)
2015-07-31 06:58 - 2015-07-31 06:59 - 00000000 ____D C:\Users\Michael\Downloads\Microsoft Office 365 + activator FREE!!! and working ;)))
2015-07-31 06:58 - 2015-07-31 06:58 - 00001468 _____ C:\Users\Michael\Downloads\[kat.cr]office.365.activator.free.and.working.torrent
2015-07-31 06:48 - 2015-07-31 06:48 - 00002649 _____ C:\Users\Michael\Downloads\Microsoft_Office_365_Activator_(KMSpico_v4).torrent
2015-07-31 06:47 - 2015-07-31 06:47 - 00028729 _____ C:\Users\Michael\Downloads\Microsoft_Office_365.torrent
2015-07-30 06:29 - 2015-07-30 06:30 - 00000000 ____D C:\Users\Michael\AppData\Local\MicrosoftEdge
2015-07-29 20:43 - 2015-07-29 20:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-07-29 17:57 - 2015-07-29 17:57 - 00000813 _____ C:\Users\Michael\Desktop\Devices (2).lnk
2015-07-29 17:11 - 2015-07-29 14:05 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-29 17:03 - 2015-07-29 17:03 - 00000000 ____D C:\Windows.old
2015-07-29 17:01 - 2015-07-29 17:01 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-07-29 17:01 - 2015-07-29 17:01 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-07-29 17:01 - 2015-07-29 17:01 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-07-29 17:01 - 2015-07-29 17:01 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00607008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-07-29 17:01 - 2015-07-29 17:01 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-07-29 17:01 - 2015-07-29 17:01 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-07-29 16:55 - 2015-07-29 16:55 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-07-29 16:49 - 2009-08-15 00:58 - 00015920 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\i8042HDR.sys
2015-07-29 14:42 - 2015-08-27 13:31 - 00000000 ____D C:\Users\Michael\AppData\Local\ClassicShell
2015-07-29 14:42 - 2015-07-29 14:42 - 00000000 ____D C:\ProgramData\ClassicShell
2015-07-29 14:39 - 2015-07-29 14:39 - 06595312 _____ (IvoSoft) C:\Users\Michael\Downloads\ClassicShellSetup_4_2_1.exe
2015-07-29 14:29 - 2015-07-29 14:29 - 00252616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo32.dll
2015-07-29 14:16 - 2015-08-19 16:52 - 00002392 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-07-29 14:15 - 2015-07-29 14:15 - 00000000 ____D C:\Users\Michael\AppData\Local\NetworkTiles
2015-07-29 14:13 - 2015-07-29 14:13 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-29 14:11 - 2015-07-29 14:11 - 00000000 ____D C:\Users\Michael\AppData\Local\Publishers
2015-07-29 14:07 - 2015-08-01 16:54 - 00000000 ____D C:\Users\Michael\AppData\Local\Comms
2015-07-29 14:05 - 2015-07-29 14:05 - 00000020 ___SH C:\Users\Michael\ntuser.ini
2015-07-29 14:05 - 2015-07-29 14:05 - 00000000 ____D C:\Users\Michael\AppData\Local\TileDataLayer
2015-07-29 13:56 - 2015-07-29 13:56 - 00000000 __SHD C:\Recovery
2015-07-29 13:42 - 2015-08-20 03:57 - 00830266 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-29 13:36 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-07-29 13:32 - 2015-07-29 13:32 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-29 13:32 - 2015-07-29 13:32 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-07-29 13:32 - 2015-07-29 13:32 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-07-29 13:24 - 2015-07-29 13:24 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-07-29 13:21 - 2015-08-27 12:20 - 00000000 ____D C:\Users\Michael
2015-07-29 13:21 - 2015-07-29 17:58 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-29 13:21 - 2015-07-29 14:05 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-29 13:21 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-07-29 13:21 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-29 13:21 - 2015-07-10 07:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-29 13:17 - 2015-07-29 13:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-07-29 13:17 - 2015-07-29 13:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-07-29 13:17 - 2015-07-29 13:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2015-07-29 13:17 - 2015-07-29 13:17 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-07-29 13:17 - 2015-07-29 13:17 - 00000000 ____D C:\iBTWU
2015-07-29 13:16 - 2015-07-29 13:16 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-07-29 13:16 - 2015-07-29 13:16 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-07-29 13:16 - 2015-07-29 13:16 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-07-29 13:16 - 2015-07-29 13:16 - 00000000 ____D C:\Program Files\Synaptics
2015-07-29 13:15 - 2015-07-29 13:15 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-07-29 13:15 - 2015-07-29 13:15 - 00000000 ____D C:\Program Files\Realtek
2015-07-29 13:13 - 2015-07-29 13:14 - 00029837 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-07-29 13:12 - 2015-08-12 02:06 - 00012608 _____ C:\WINDOWS\PFRO.log
2015-07-29 12:12 - 2015-07-29 13:51 - 00006629 _____ C:\WINDOWS\comsetup.log
2015-07-29 05:58 - 2015-07-29 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S3 Ripper
2015-07-29 05:58 - 2015-07-29 05:58 - 03458744 _____ C:\Users\Michael\Downloads\amazon s3 ripper.zip
2015-07-29 05:58 - 2015-07-29 05:58 - 00000000 ____D C:\Users\Michael\AppData\Local\bhw
2015-07-29 05:58 - 2015-07-29 05:58 - 00000000 ____D C:\Program Files (x86)\S3 Ripper
2015-07-29 05:56 - 2015-07-29 05:56 - 00605455 _____ C:\Users\Michael\Downloads\S3 Ripper__13430_il470081.exe.zip
2015-07-29 05:56 - 2015-07-29 05:56 - 00605455 _____ C:\Users\Michael\Downloads\S3 Ripper__13430_il470081.exe (1).zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-27 13:32 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-27 13:22 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-27 13:17 - 2015-04-06 04:34 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-08-27 13:02 - 2015-04-05 23:23 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-27 12:50 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-27 12:29 - 2015-04-18 11:43 - 00004160 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{97E09C20-F6ED-4BC3-BB23-EC457DB8D048}
2015-08-27 12:22 - 2015-04-10 06:26 - 00000000 ____D C:\Users\Michael\OneDrive
2015-08-27 12:19 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-27 12:18 - 2015-04-05 23:22 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-27 12:17 - 2015-07-10 07:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-27 12:17 - 2015-04-05 21:53 - 00000000 ____D C:\Users\Michael\AppData\Roaming\uTorrent
2015-08-27 12:16 - 2015-06-12 15:47 - 00000000 ____D C:\ProgramData\TEMP
2015-08-27 12:16 - 2015-04-06 00:26 - 00000000 ___HD C:\$SysReset
2015-08-27 12:16 - 2015-04-05 22:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-27 12:06 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\registration
2015-08-27 12:05 - 2015-04-04 03:36 - 00000000 ____D C:\Users\Michael\AppData\Local\Packages
2015-08-27 12:04 - 2015-04-05 23:22 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-27 03:37 - 2015-04-02 18:09 - 00000000 ____D C:\Users\Michael\Documents\Nestle
2015-08-26 12:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-24 04:38 - 2015-04-04 12:17 - 00000000 ____D C:\Users\Michael\Documents\My PSP Files
2015-08-23 11:15 - 2015-06-17 07:07 - 00001827 _____ C:\ProgramData\hpzinstall.log
2015-08-23 11:15 - 2015-04-06 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-23 11:15 - 2015-04-06 21:58 - 00000000 ____D C:\Program Files (x86)\Hp
2015-08-22 20:34 - 2015-04-06 04:34 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-22 14:04 - 2015-06-24 07:24 - 00004264 _____ C:\WINDOWS\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2015-08-22 05:34 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-21 15:40 - 2015-07-26 13:01 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-08-20 05:44 - 2015-04-08 17:20 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-08-20 05:44 - 2015-04-04 15:20 - 00000000 ____D C:\Users\Michael\Desktop\mbar
2015-08-20 04:20 - 2015-04-05 23:22 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-08-20 03:50 - 2015-07-10 08:20 - 00345840 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-19 20:51 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-08-19 20:49 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-19 20:49 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-19 18:06 - 2015-04-06 16:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
2015-08-19 11:18 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-19 06:45 - 2015-04-05 21:38 - 00001215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-19 06:45 - 2015-04-05 21:37 - 00000000 ____D C:\Program Files (x86)\Opera
2015-08-12 03:15 - 2015-07-25 15:29 - 00000336 _____ C:\Users\Michael\Desktop\New Text Document.txt
2015-08-12 02:18 - 2015-04-06 04:34 - 00004030 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-08-12 02:18 - 2015-04-06 04:34 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-12 02:06 - 2015-04-06 04:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 02:06 - 2015-04-06 04:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 02:06 - 2015-04-05 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-11 21:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 21:05 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-11 21:05 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-11 18:40 - 2015-04-05 22:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-11 18:39 - 2015-04-06 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-11 18:39 - 2015-04-05 22:39 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-11 18:37 - 2015-04-06 04:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-11 18:34 - 2015-04-06 04:09 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-11 18:32 - 2012-07-26 01:26 - 00000202 _____ C:\WINDOWS\win.ini
2015-08-11 16:40 - 2015-05-24 10:40 - 00005226 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MICHAEL-PC-Michael Michael-PC
2015-08-09 21:04 - 2015-04-06 04:34 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Skype
2015-08-09 04:13 - 2015-04-05 21:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-08 11:38 - 2015-07-10 07:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 11:38 - 2015-07-10 07:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 01:35 - 2015-07-10 08:20 - 00016095 _____ C:\WINDOWS\setupact.log
2015-08-07 01:34 - 2015-06-12 04:34 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-08-07 01:34 - 2015-06-12 04:34 - 00764616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-08-07 01:34 - 2015-06-12 04:34 - 00618696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-08-07 01:34 - 2015-06-12 04:34 - 00269000 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-08-07 01:34 - 2015-06-12 04:34 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-08-06 19:43 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-04 17:30 - 2015-04-06 04:33 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-04 17:30 - 2015-04-06 04:33 - 00000000 ____D C:\ProgramData\Skype
2015-07-30 06:56 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-07-30 04:35 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-07-29 19:11 - 2015-04-03 14:38 - 00000024 _____ C:\Users\Michael\Desktop\Homegroup Password.txt
2015-07-29 17:11 - 2015-07-10 07:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-29 17:02 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-07-29 17:02 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-07-29 17:02 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-07-29 17:02 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-29 14:40 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-29 14:13 - 2015-04-06 21:35 - 00000000 ____D C:\ProgramData\HP
2015-07-29 14:09 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-07-29 14:09 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-07-29 14:09 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-07-29 14:08 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-07-29 13:55 - 2015-04-10 05:58 - 00034293 _____ C:\WINDOWS\diagwrn.xml
2015-07-29 13:55 - 2015-04-10 05:58 - 00034293 _____ C:\WINDOWS\diagerr.xml
2015-07-29 13:50 - 2015-04-23 06:52 - 00003996 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-07-29 13:50 - 2015-04-10 06:20 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-07-29 13:50 - 2015-04-05 22:59 - 00003100 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-07-29 13:50 - 2015-04-05 22:54 - 00003478 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2015-07-29 13:50 - 2015-04-05 22:28 - 00003494 _____ C:\WINDOWS\System32\Tasks\WINshell Event Notification
2015-07-29 13:50 - 2015-04-05 22:28 - 00003490 _____ C:\WINDOWS\System32\Tasks\WINshell Event Logging
2015-07-29 13:50 - 2015-04-05 22:23 - 00004242 _____ C:\WINDOWS\System32\Tasks\Open URL by RoboForm
2015-07-29 13:50 - 2015-04-05 22:23 - 00003610 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2015-07-29 13:50 - 2015-04-05 21:31 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1146172741-2665381763-399532911-1000
2015-07-29 13:34 - 2015-07-10 09:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-07-29 13:34 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-29 13:34 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-29 13:34 - 2015-06-27 16:04 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-07-29 13:34 - 2015-06-27 15:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2015-07-29 13:34 - 2015-05-27 16:32 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iDeer Blu-ray Player
2015-07-29 13:34 - 2015-05-10 14:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
2015-07-29 13:34 - 2015-04-27 09:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CommissionAlert
2015-07-29 13:34 - 2015-04-23 07:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF To Excel Converter
2015-07-29 13:34 - 2015-04-23 07:12 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-29 13:34 - 2015-04-23 07:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-29 13:34 - 2015-04-18 12:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\USB Control Center
2015-07-29 13:34 - 2015-04-06 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.2
2015-07-29 13:34 - 2015-04-06 04:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-29 13:34 - 2015-04-05 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-29 13:34 - 2015-04-05 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-07-29 13:34 - 2015-04-05 22:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2015-07-29 13:34 - 2015-04-05 22:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in
2015-07-29 13:34 - 2015-04-05 22:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerISO
2015-07-29 13:34 - 2015-04-05 22:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-07-29 13:32 - 2015-07-10 07:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-07-29 13:32 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-07-29 13:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-07-29 13:27 - 2015-06-17 07:14 - 00000000 ____D C:\WINDOWS\SysWOW64\spool
2015-07-29 13:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-07-29 13:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-07-29 13:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-07-29 13:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-07-29 13:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-07-29 13:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-07-29 13:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-07-29 13:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-07-29 13:25 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-07-29 13:25 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-07-29 13:25 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-07-29 13:25 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-07-29 13:25 - 2015-04-10 07:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcend
2015-07-29 13:25 - 2015-04-05 21:19 - 00000000 ____D C:\ProgramData\PRICache
2015-07-29 13:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-07-29 13:25 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-07-29 13:25 - 2010-11-21 03:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-07-29 13:24 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-07-29 13:24 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-07-29 13:24 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-07-29 13:24 - 2015-05-01 16:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Aiseesoft
2015-07-29 13:24 - 2015-04-06 19:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globalscape
2015-07-29 13:20 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-29 13:12 - 2015-07-10 05:05 - 00000000 __RHD C:\Users\Default
2015-07-29 12:18 - 2015-06-27 21:28 - 01656475 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-07-29 12:12 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-29 12:06 - 2015-04-05 21:41 - 00000000 ____D C:\Users\Michael\AppData\Roaming\ClassicShell
 
==================== Files in the root of some directories =======
 
2015-07-29 13:16 - 2015-07-29 13:16 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-06-17 07:07 - 2015-08-23 11:15 - 0001827 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-08-22 04:42
 
==================== End of FRST.txt ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:26-08-2015
Ran by Michael (2015-08-27 13:36:35)
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1146172741-2665381763-399532911-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1146172741-2665381763-399532911-503 - Limited - Disabled)
Guest (S-1-5-21-1146172741-2665381763-399532911-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1146172741-2665381763-399532911-1008 - Limited - Enabled)
Michael (S-1-5-21-1146172741-2665381763-399532911-1000 - Administrator - Enabled) => C:\Users\Michael
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden
7400 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AD Sound Recorder 5.5.3 (HKLM-x32\...\AD Sound Recorder_is1) (Version:  - Adrosoft)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.008.20082 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
Aiseesoft PDF to Word Converter 3.2.32 (HKLM-x32\...\{3CF515C0-55D9-4591-824F-1934352AC10E}_is1) (Version: 3.2.32 - Aiseesoft Studio)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVS Audio Converter 7.2 (HKLM-x32\...\AVS Audio Converter_is1) (Version: 7.2.2.529 - Online Media Technologies Ltd.)
AVS Audio Editor 7.2 (HKLM-x32\...\AVS Audio Editor_is1) (Version: 7.2.2.488 - Online Media Technologies Ltd.)
AVS Audio Recorder 4.0 (HKLM-x32\...\AVS Audio Recorder_is1) (Version: 4.0.2.22 - Online Media Technologies Ltd.)
AVS Cover Editor 2.0.1.3 (HKLM-x32\...\AVSCoverEditor2_is1) (Version: 2.0.1.3 - Online Media Technologies Ltd.)
AVS Disc Creator 5.2 (HKLM-x32\...\AVS Disc Creator_is1) (Version: 5.2.1.529 - Online Media Technologies Ltd.)
AVS Document Converter 2.3.1 (HKLM-x32\...\AVS Document Converter_is1) (Version: 2.3.1.232 - Online Media Technologies Ltd.)
AVS DVD Copy 4.1.2.283 (HKLM-x32\...\AVS DVD Copy_is1) (Version: 4.1.2.283 - Online Media Technologies Ltd.)
AVS Image Converter 3.1.1.275 (HKLM-x32\...\AVS Image Converter_is1) (Version: 3.1.1.275 - Online Media Technologies Ltd.)
AVS Media Player 4.2.2.104 (HKLM-x32\...\AVS Media Player_is1) (Version: 4.2.2.104 - Online Media Technologies Ltd.)
AVS Photo Editor 2.2.1.140 (HKLM-x32\...\AVS Photo Editor_is1) (Version: 2.2.1.140 - Online Media Technologies Ltd.)
AVS Registry Cleaner 2.3.2.257 (HKLM-x32\...\AVS Registry Cleaner_is1) (Version: 2.3.2.257 - Online Media Technologies Ltd.)
AVS Ringtone Maker version 1.6 (HKLM-x32\...\AVS Ringtone Maker 1.6_is1) (Version: 1.6.1.140 - Online Media Technologies Ltd.)
AVS Video Converter 8.5 (HKLM-x32\...\AVS4YOU Video Converter 7_is1) (Version: 8.5.1.551 - Online Media Technologies Ltd.)
AVS Video Editor 6.5 (HKLM-x32\...\AVS Video Editor_is1) (Version: 6.5.1.245 - Online Media Technologies Ltd.)
AVS Video Recorder 2.6 (HKLM-x32\...\AVS Video Recorder_is1) (Version: 2.6.1.92 - Online Media Technologies Ltd.)
AVS Video ReMaker 4.3.1.160 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.160 - Online Media Technologies Ltd.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.7.7 build 5155 (Jul-14-2015) - Carbonite)
CD+G Disc Player Plug-In for Winamp (HKLM-x32\...\in_cdg) (Version:  - )
Classic Shell (HKLM\...\{E289B7DD-6732-4333-A47A-75A145D23EE3}) (Version: 4.2.4 - IvoSoft)
CommissionAlert (HKLM-x32\...\ST6UNST #1) (Version:  - )
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CuteFTP 9 (HKLM-x32\...\{89B9E358-75C6-4C6B-BD38-803FF156CC4B}) (Version: 9.0.5 - Globalscape)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DIRECTV2PC Playback Advisor (HKLM-x32\...\InstallShield_{479F8C12-576B-4A58-AB78-4B70F7012AA8}) (Version: 1.0 - CyberLink Corp.)
DIRECTV2PC Playback Advisor (x32 Version: 1.0 - CyberLink Corp.) Hidden
DIRECTV2PC™ (HKLM-x32\...\InstallShield_{E9B10AA5-E5F6-4DEF-A435-FB20704AF1E8}) (Version: 2.0.7507 - CyberLink Corp.)
DIRECTV2PC™ (x32 Version: 2.0.7507 - CyberLink Corp.) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
EaseUS Partition Master 10.2 Trial Edition (HKLM-x32\...\EaseUS Partition Master Trial Edition_is1) (Version:  - EaseUS)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Google Earth Pro (HKLM-x32\...\{5BAA8884-F661-464B-B5B2-5C6C632BFC21}) (Version: 7.1.4.1529 - Google)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
iDeer Blu-ray Player (HKLM-x32\...\iDeer Blu-ray Player) (Version: 1.7.0.1817 - iDeerApp Software Inc.)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Jasc Paint Shop Pro 9 (HKLM-x32\...\{F843C6A3-224D-4615-94F8-3C461BD9AEA0}) (Version: 9.00.0000 - Jasc Software Inc)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0.3 (x86 en-US)) (Version: 39.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0.1 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
oCam (HKLM-x32\...\oCam_is1) (Version:  - oh!soft)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Opera Stable 31.0.1889.174 (HKLM-x32\...\Opera 31.0.1889.174) (Version: 31.0.1889.174 - Opera Software)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF To Excel Converter V3.0 (HKLM-x32\...\PDF To Excel Converter_is1) (Version:  - http://www.PDFExcelConverter.com)
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 9.3.01.06011 - Sony Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 9.3.00 - Sony Corporation) Hidden
PowerISO (HKLM-x32\...\PowerISO) (Version: 6.2 - Power Software Ltd)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39050 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RecoveRx version 3.0 (HKLM-x32\...\{3DE055DA-690F-43B8-9B7B-54E7D70806F9}_is1) (Version: 3.0 - Transcend Information, Inc.)
RoboForm 7-9-12-2 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-12-2 - Siber Systems)
S3 Ripper 2.0 (HKLM-x32\...\{AB3D78B7-8066-465A-82A8-5F3751564457}_is1) (Version:  - )
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{40930C8E-A677-414C-A72F-DFDEB10738FB}) (Version:  - Microsoft)
USB Control Center (HKLM\...\Belkin USB Control Center) (Version: 2.0.0 - Belkin International, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1146172741-2665381763-399532911-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
25-08-2015 09:45:03 Registry First Aid backup
26-08-2015 09:46:13 Registry Reviver Restore Point (08/26/15)
26-08-2015 09:48:35 Registry Reviver Restore Point (08/26/15)
26-08-2015 09:51:28 Registry Reviver Restore Point (08/26/15)
27-08-2015 11:58:49 Restore Operation
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0AE91900-F85E-4F74-B006-9B58043EC863} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0F3FDD32-235E-4858-ACE0-46A34E25D044} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {137701FF-A922-4028-9E44-CD926F0AD829} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1BB2E56D-F452-4381-AB57-28DE0F1A41AA} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2015-04-05] (Siber Systems)
Task: {3D6E6C18-A4FB-4210-B57E-4B82939F58D9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4284EC12-3D10-44C3-A615-16EF857CBB03} - System32\Tasks\Opera scheduled Autoupdate 1428284324 => C:\Program Files (x86)\Opera\launcher.exe [2015-08-17] (Opera Software)
Task: {4809ECEA-FF66-4E38-9A1A-6CCB72F0E07D} - System32\Tasks\WINshell Event Logging => C:\Users\Michael\AppData\Local\Temp\Dscp1.exe <==== ATTENTION
Task: {5BAF320B-8533-4C24-87D8-67DD39241C8E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5D1D183F-58C4-4E63-A308-9A17A0B32CE5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6718B479-E855-4424-8D1A-59D0D9812088} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {673A0BA5-2BD5-4003-B768-B59C313B25FA} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {67F15D2F-D3AF-4B1C-AE06-380F5CABF52D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {69B72AEC-5597-4411-BE63-B4FD20C5307D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {730697F1-8DF8-471A-82E9-796CFB6D49D1} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....GJKJMIBNKJHIKJ"
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B71E5E-14AF-4966-BC84-AF42F96BA3DA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8BA9A02E-C4BF-4041-A3B6-54653F35AD16} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-29] (Microsoft Corporation)
Task: {91C811FD-F8A7-448F-920A-FBEEE275ECCC} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {941A519A-5906-425F-B0C8-96566F159DEE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {959C1659-EC53-4FE7-B4B3-D0CA59BDDF1C} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-07] (Synaptics Incorporated)
Task: {9A25C19A-8CEC-421E-B9CA-284485EB1639} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A9351F8B-9202-45AE-A80D-2AF37F7804C3} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MICHAEL-PC-Michael Michael-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-06-26] (Microsoft Corporation)
Task: {AF88E129-8F74-4807-9BD4-EC107F104286} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {B31C95DD-8F28-4BC0-9D27-13395E9B37E5} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2015-01-31] (@ByELDI)
Task: {B9775F8F-C5EC-4190-8D26-270AA8DDF6B5} - System32\Tasks\WINshell Event Notification => C:\Users\Michael\AppData\Local\Temp\SBCint2.exe <==== ATTENTION
Task: {BC0232A9-4660-494D-A34C-1312C0B347EF} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {DBDAED90-9F41-4DCE-AB13-12819A71FE17} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {F5D5ACCD-6D4C-4EC7-B9F1-E57546DAF5B2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_232_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-07-29 17:01 - 2015-07-29 17:01 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-18 12:50 - 2015-04-18 12:49 - 00055296 ____N () C:\Program Files\Belkin\USB Control Center\Bkapcs.exe
2009-09-17 18:40 - 2009-09-17 18:40 - 00075048 _____ () C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
2015-08-19 06:40 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-06 03:37 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-06 03:37 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-11 16:04 - 2015-08-02 21:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-11 16:04 - 2015-08-02 21:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-19 06:40 - 2015-08-11 04:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-11 16:04 - 2015-08-02 21:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-08-11 16:04 - 2015-08-02 21:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-03-18 14:08 - 2015-03-18 14:08 - 08898720 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-19 06:45 - 2015-08-19 04:25 - 58600568 _____ () C:\Program Files (x86)\Opera\31.0.1889.174\opera.dll
2015-08-19 06:45 - 2015-08-19 04:25 - 01781368 _____ () C:\Program Files (x86)\Opera\31.0.1889.174\libglesv2.dll
2015-08-19 06:45 - 2015-08-19 04:25 - 00081528 _____ () C:\Program Files (x86)\Opera\31.0.1889.174\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:94A19129
AlternateDataStreams: C:\Users\Michael\OneDrive:ms-properties
AlternateDataStreams: C:\Users\TEMP\OneDrive:ms-properties
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1146172741-2665381763-399532911-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "PMBVolumeWatcher"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKU\S-1-5-21-1146172741-2665381763-399532911-1000\...\StartupApproved\Run: => "RoboForm"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{EC4A0E5D-F0A8-424E-A8FE-2B5DDB51CC60}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{54A8B479-3C9C-4BCF-A202-D0343044B3FC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A3A756D6-C362-40F4-9ABB-E9D3E9B0F16D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A9EE6C2D-8540-4446-B1BB-7A231811CA19}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9CAB1421-F503-4CA4-98CA-31C129D9FDCC}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{EF9EE151-2FBB-43F3-B389-DF9657DB258D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{ADD9E4D4-A400-449C-BF0E-228D939EE57C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{445CFFB3-9C8F-4121-B381-C7A3CDEB4A15}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{390A7CFA-A8C2-413B-A814-3627E6CE8118}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{60B1EF43-3C53-4788-9B9B-4EF65FE216AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{F9FE874D-089D-43FF-9CE7-8A11F46A611B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{04E76609-3049-4A9B-9BDA-D46EC038415B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BA2B445A-C9F4-440C-B2B3-D658CB97795A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{CE9514D9-A611-4D58-9642-4DC328287DE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{205315EF-F39E-46E8-A373-C938EC98AD7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{B59967A5-12BD-443D-A8F9-600557E1C01D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{88C4E60F-7708-4C21-BE74-19B68BC02C61}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{82626690-107F-4CEF-8165-9F0BBC0D20FF}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CDE59F7F-281C-4BB5-9863-3118D213DF95}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{27CBECE1-F84F-40E0-B3B1-4F91CC51EAF7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{E9E3A923-29D9-4A25-9137-F175D2F731AB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2F41C33B-D57F-4342-AFE2-A5FE89A78D54}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{448DD0B4-E486-4CBE-979D-22FA533CCCCA}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{B1E1D01E-B469-4AAC-B240-BD37F0AC4D18}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS56A2\setup\hpznui40.exe
FirewallRules: [{0AE60B39-5201-42D4-816F-6E614246D3F8}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS3FE1\hppiw.exe
FirewallRules: [{6CF85321-126F-4747-9085-72FAEAF597EA}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS3FE1\hppiw.exe
FirewallRules: [{31D4D929-82EE-442F-9F5F-B0128DB85B41}] => (Allow) %ProgramFiles% (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{73842894-7679-4652-8BBE-49C7608950AB}] => (Allow) %ProgramFiles% (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
FirewallRules: [{D81EE123-4A49-4623-B49D-61F4D060B8D8}] => (Allow) LPort=19540
FirewallRules: [{0E315116-4A5E-4935-B65D-9C61D55297BA}] => (Allow) C:\Program Files\Belkin\USB Control Center\Connect.exe
FirewallRules: [{75883568-F7DB-4C30-B4F7-DBA93E7A8CDB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{24047A09-20F6-4A6A-8691-7F5E3670572C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{9CBC9390-E914-4EEC-800F-D32ADFD152FF}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{7DC5526E-F031-4B40-B068-A2AF79F22CC2}] => (Allow) C:\Users\Michael\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{469CE50A-E5C9-48CC-BBFB-1B001E4E636B}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{B8DAD488-72D8-4A15-ABCB-46F2BF403157}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{A6D08379-2B21-441C-BCF4-4412BB140ED2}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{004DAD7E-8D02-49F4-9E8D-D75EA5C7BF06}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{8EF55CF9-9D15-43A8-A74A-6ED8A8DF411A}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{B8D081ED-D56D-48BE-A2DA-194E1A953176}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{3DD2B488-A4E7-4735-BBF5-2A2DF7A82425}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{A16AC681-3E23-4E16-BEA6-950B97AF3344}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS7761\hppiw.exe
FirewallRules: [{2DB3BC77-3058-48ED-A685-291A075C00CD}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS7761\hppiw.exe
FirewallRules: [{509C7A0B-4E76-4635-A94A-91BC27E8C597}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS06BD\hppiw.exe
FirewallRules: [{70897098-793C-4F9F-9E29-D51CA9EAC3D9}] => (Allow) C:\Users\Michael\AppData\Local\Temp\7zS06BD\hppiw.exe
FirewallRules: [{E39582A8-6BF6-4A46-AF5B-532CCB4EFEE1}] => (Allow) %APPDATA%\uTorrent\uTorrent.exe
FirewallRules: [{0DDF0C18-468E-4F6F-9999-D646BAFB9C40}] => (Allow) %APPDATA%\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{84B66294-37B1-4378-9743-8247EDF8BA2C}\\michael\c\search ip camera\search ip camera.exe] => (Allow) \\michael\c\search ip camera\search ip camera.exe
FirewallRules: [UDP Query User{C6B2E018-FED2-4CDF-BEAD-F08637D9CF6A}\\michael\c\search ip camera\search ip camera.exe] => (Allow) \\michael\c\search ip camera\search ip camera.exe
FirewallRules: [{E82CF10F-3FA0-4DD2-A97B-6AAC90224C5A}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\DIRECTV2PC™.exe
FirewallRules: [{C3C2D82D-1D71-4E2C-8A86-5AE4707D0F1A}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\VDTV.exe
FirewallRules: [{428B18A9-159E-408E-9103-12DC7AF81707}] => (Allow) C:\Program Files (x86)\DirecTV\DirecTV\Kernel\CLML\VDTVRec.exe
FirewallRules: [{87D403EE-EB9B-4FEE-8F2D-9EEDDAB15D48}] => (Allow) C:\Program Files\iTunes\iTunes.exe
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/27/2015 12:31:11 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MICHAEL-PC)
Description: Application or service 'Windows Explorer' could not be shut down.
 
Error: (08/27/2015 12:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Michael-PC.local already in use; will try Michael-PC-2.local instead
 
Error: (08/27/2015 12:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 Michael-PC.local. AAAA FE80:0000:0000:0000:8D83:6B0E:4BEB:85DC
 
Error: (08/27/2015 12:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:8D83:6B0E:4BEB:85DC:5353    4 Michael-PC.local. Addr 192.168.2.5
 
Error: (08/27/2015 12:19:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1780) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU004F9.log.
 
Error: (08/27/2015 12:00:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (08/27/2015 11:58:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/27/2015 11:43:10 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (08/27/2015 11:42:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
Error: (08/27/2015 11:42:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - Unspecified error
 
 
System errors:
=============
Error: (08/27/2015 01:23:44 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 01:22:04 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 01:22:02 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 01:21:59 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 01:16:42 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 01:13:36 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 12:28:22 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 12:28:17 PM) (Source: DCOM) (EventID: 10000) (User: NT AUTHORITY)
Description: C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -Embedding193{10DA4F3C-CC99-4190-BE4D-58330754E882}
 
Error: (08/27/2015 12:24:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/27/2015 12:24:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
 
Microsoft Office:
=========================
Error: (08/27/2015 12:31:11 PM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: MICHAEL-PC)
Description: 1C:\Windows\explorer.exeWindows Explorer0411748960
 
Error: (08/27/2015 12:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Michael-PC.local already in use; will try Michael-PC-2.local instead
 
Error: (08/27/2015 12:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister   16 Michael-PC.local. AAAA FE80:0000:0000:0000:8D83:6B0E:4BEB:85DC
 
Error: (08/27/2015 12:19:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from FE80:0000:0000:0000:8D83:6B0E:4BEB:85DC:5353    4 Michael-PC.local. Addr 192.168.2.5
 
Error: (08/27/2015 12:19:26 PM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost1780SRUJet: C:\WINDOWS\system32\SRU\SRU004F9.log-1811 (0xfffff8ed)
 
Error: (08/27/2015 12:00:23 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (08/27/2015 11:58:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (08/27/2015 11:43:10 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (08/27/2015 11:42:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
Error: (08/27/2015 11:42:57 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Unspecified error
 
 
CodeIntegrity:
===================================
  Date: 2015-08-27 13:34:37.233
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 13:34:37.199
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.647
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.503
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.457
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.412
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.386
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.221
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-27 12:55:52.194
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B970 @ 2.30GHz
Percentage of memory in use: 49%
Total physical RAM: 8084.8 MB
Available physical RAM: 4087.46 MB
Total Virtual: 9364.8 MB
Available Virtual: 5207.57 MB
 
==================== Drives ================================
 
Drive c: (TI106401W0D) (Fixed) (Total:580.61 GB) (Free:382.66 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: () (Removable) (Total:29.71 GB) (Free:29.68 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 1E6EE12D)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=580.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=825 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.3 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 29.7 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 

Edited by quasarn01, 27 August 2015 - 05:37 PM.

  • 0

Advertisements

#2
BrianDrab
Posted 27 August 2015 - 07:01 PM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Hi and welcome to G2G.

 

I'm sorry to say it appears you have an illegal copy of Microsoft Office and/or Microsoft Windows. Per our Terms of Use that I need to abide by, we cannot assist you unless all illegal software is removed and or registered with valid keys. Thank you for your understanding.

 

The posting of links or references to warez or any other type of illegal software is strictly forbidden. By doing so you risk having your user account terminated without warning. We will NOT help anyone we suspect of having obtained their software or services illegally.

 

 


  • 0

#3
BrianDrab
Posted 01 September 2015 - 11:12 AM

BrianDrab

    Trusted Helper

  • Malware Removal
  • 3,591 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics


Also tagged with one or more of these keywords: rootkit

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP