Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware is reinstalled by itself


  • This topic is locked This topic is locked
10 replies to this topic

#1 sephrasu

sephrasu

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 28 August 2015 - 03:56 PM

Hello,
 
I'm constantly having an installation wizard pop up and start installing malware and it has no cancel button.
Some of the malware it installs are: mystartsearch, pcregcleaner (or something like that).
I always remove them but they keep on reinstalling themselves.
 
This are my logs.
FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-08-2015
Ran by sephr (administrator) on LILITH (28-08-2015 13:49:08)
Running from D:\Users\sephr\Downloads
Loaded Profiles: sephr (Available Profiles: sephr)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
() C:\ProgramData\ExtTag\ExtTag.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe
() C:\Program Files\schk32\schk32.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Apache Software Foundation) C:\Program Files\ASUS\HomeCloud\Tomcat\Tomcat_OmniStore\bin\tomcat6.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
() C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUS HomeCloud.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFile\WiFileTransfer.exe
(Realtek) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\S5WOW_App\RtlS5Wake\RtlS5Wake.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.820.12440.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
() C:\Program Files\schk32\packages\f48ed78d-aeb7-4b44-aa70-a058686b328f\NixHost.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8483032 2015-05-28] (Realtek Semiconductor)
HKLM-x32\...\Run: [ASUS Media Streamer ShareEdit] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe [1252152 2014-11-27] ()
HKLM-x32\...\Run: [ASUS Media Streamer DMS] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe [1252664 2014-11-27] ()
HKLM-x32\...\Run: [ASUS Media Streamer WSAgent] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe [83256 2014-11-27] ()
HKLM-x32\...\Run: [AO Link Server] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ALRun.exe -start
HKLM-x32\...\Run: [ASUS WiFi GO! FileTransfer Execute] => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFile\WiFileTransfer.exe [1392952 2014-01-22] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [RtlS5Wake Execute] => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\S5WOW_App\RtlS5Wake\RtlS5Wake.exe [1642496 2014-02-13] (Realtek)
HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2013-01-28] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HomeCloud Drive] => C:\Program Files (x86)\ASUS\LocalDrive\LocalDrive.exe [2317608 2014-11-21] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597552 2015-08-04] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\...\Run: [OneDrive] => C:\Users\sephr\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-19] (Microsoft Corporation)
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4468056 2015-06-18] (Disc Soft Ltd)
AppInit_DLLs: C:\ProgramData\ExtTag\5bnc1nqe.dll => C:\ProgramData\ExtTag\5bnc1nqe.dll [146944 2015-08-11] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\x1zky5lx.dll => C:\ProgramData\ExtTag\x1zky5lx.dll [120320 2015-08-11] ()
SSODL: EldosMountNotificator-cbfs5 - {22897995-0F27-40B3-BB0E-5EBEF3A3E031} - C:\WINDOWS\system32\cbfsMntNtf5.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs5 - {22897995-0F27-40B3-BB0E-5EBEF3A3E031} - C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs5] -> {6884D4DE-19E9-4B7D-A7EF-E411A95F35D2} => C:\WINDOWS\system32\cbfsMntNtf5.dll [2014-03-06] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs5] -> {6884D4DE-19E9-4B7D-A7EF-E411A95F35D2} => C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll [2014-03-06] (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVJwkGmHq0uf_4qhC0JA8JqZcHbmxbIEM6i5yu0pvgqFw-h7vPFIXRuQ6IpF-0p8TByFPNQfBNNzR1uU35ZmGSuGw0FwMZkbC0XV6yUeT0RO2KBJchQ9q0uYI2iaOKXCfXDtjq0jn0IKeXiSvTD0Z4dchy4z&q={searchTerms}
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=MSE1
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVJwkGmHq0uf_4qhC0JA8JqZcHbmxbIEM6i5yu0pvgqFw-h7vPFIXRuQ6IpF-0p8TByFPNQfBNNzR1uU35ZmGSuGw0FwMZkbC0XV6yUeT0RO2KBJchQ9q0uYI2iaOKXCfXDtjq0jn0IKeXiSvTD0Z4dchy4z&q={searchTerms}
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVJwkGmHq0uf_4qhC0JA8JqZcHbmxbIEM6i5yu0pvgqFw-h7vPFIXRuQ6IpF-0p8TByFPNQfBNNzR1uU35ZmGSuGw0FwMZkbC0XV6yUeT0RO2KBJchQ9q0uYI2iaOKXCfXDtjq0jn0IKeXiSvTD0Z4dchy4z&q={searchTerms}
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1439053804&z=fce1a77635abe200f30942eg6z9c2t5eew6c5mac5c&from=cmi&uid=SamsungXSSDX850XEVOX250GB_S21NNSBFC39916W
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-US&Src=WD8&Tid=0003446E&OHP=http%3A%2F%2Fwww.mystartsearch.com%2F%3Ftype%3Dhp%26ts%3D1439053804%26z%3Dfce1a77635abe200f30942eg6z9c2t5eew6c5mac5c%26from%3Dcmi%26uid%3DSamsungXSSDX850XEVOX250GB%5FS21NNSBFC39916W&OSP=http%3A%2F%2Fwww.mystartsearch.com%2Fweb%2F%3Futm%5Fsource%3Db%26utm%5Fmedium%3Dcmi%26utm%5Fcampaign%3Dinstall%5Fie%26utm%5Fcontent%3Dds%26from%3Dcmi%26uid%3DSamsungXSSDX850XEVOX250GB%5FS21NNSBFC39916W%26ts%3D1439053841%26type%3Ddefault%26q%3D%7BsearchTerms%7D
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_BzVJwkGmHq0uf_4qhC0JA8JqZcHbmxbIEM6i5yu0pvgqFw-h7vPFIXRuQ6IpF-0p8TByFPNQfBNNzR1uU35ZmGSuGw0FwMZkbC0XV6yUeT0RO2KBJchQ9q0uYI2iaOKXCfXDtjq0jn0IKeXiSvTD0Z4dchy4z&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SamsungXSSDX850XEVOX250GB_S21NNSBFC39916W&ts=1439053841&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SamsungXSSDX850XEVOX250GB_S21NNSBFC39916W&ts=1439053841&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SamsungXSSDX850XEVOX250GB_S21NNSBFC39916W&ts=1439053841&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001 -> {ielnksrch} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cmi&utm_campaign=install_ie&utm_content=ds&from=cmi&uid=SamsungXSSDX850XEVOX250GB_S21NNSBFC39916W&ts=1439053841&type=default&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2013-10-21] (Microsoft Corporation)
BHO-x32: GoodTab Class -> {1F91A9A1-01BA-4c81-863D-3BA0751E1419} -> C:\Program Files (x86)\MiuiTab\SupTab.dll No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-08-27] (Oracle Corporation)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} ->  No File
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2013-10-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-08-27] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 186.177.67.145 186.177.67.138
Tcpip\..\Interfaces\{d74dbfb4-53a8-4262-9541-1abc943094f2}: [DhcpNameServer] 186.177.67.145 186.177.67.138
Tcpip\..\Interfaces\{ede76395-ad94-4b97-b441-cf3ea71e1fac}: [DhcpNameServer] 186.177.67.145 186.177.67.138
 
FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-08-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-08-05] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-02-10] (Microsoft Corporation)
 
Chrome:
=======
CHR Profile: C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-05]
CHR Extension: (Google Docs) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-05]
CHR Extension: (Google Drive) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-08-05]
CHR Extension: (YouTube) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-08-05]
CHR Extension: (Firebug Lite for Google Chrome™) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench [2015-08-16]
CHR Extension: (Bouncy Mouse) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgdllcbmneiklcmbeclfegccdjholomb [2015-08-16]
CHR Extension: (Google Search) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-08-05]
CHR Extension: (Google Play Music) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-08-16]
CHR Extension: (Google Sheets) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-05]
CHR Extension: (Cisco WebEx Extension) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-08-16]
CHR Extension: (Hangouts) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2015-08-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-05]
CHR Extension: (AntiGameOrigin) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ldbahlcmhmlpomdepooifmhnalokdhgm [2015-08-16]
CHR Extension: (BrowserStack Local) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfiddfehmfdojjfdpfngagldgaaafcfo [2015-08-16]
CHR Extension: (Plants vs Zombies) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina [2015-08-16]
CHR Extension: (Hangouts) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-08-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-05]
CHR Extension: (Gmail) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-05]
CHR Extension: (Canvas Rider) - C:\Users\sephr\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-08-16]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2015-07-31] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2015-07-31] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-04-24] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.11\AsusFanControlService.exe [394040 2014-07-17] (ASUSTeK Computer Inc.)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-07-31] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-07-31] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1268568 2015-06-18] (Disc Soft Ltd)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-11] (Microsoft Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-18] (Intel Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
R2 MSSQL$ASUSHOMECLOUD; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [996352 2015-08-11] (Microsoft Corporation)
R2 schk32; C:\Program Files\schk32\schk32.exe [379392 2015-08-04] () [File not signed]
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-07-31] (Microsoft Corporation)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S4 SQLAgent$ASUSHOMECLOUD; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
R3 tomcat6; C:\Program Files\ASUS\HomeCloud\Tomcat\Tomcat_OmniStore\bin\tomcat6.exe [80896 2013-04-28] (Apache Software Foundation) [File not signed]
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-07-31] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-07-31] (Microsoft Corporation)
R3 UnistoreSvc_Session2; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
R3 UserDataSvc_Session2; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session2; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)
S2 comyninu; C:\Program Files (x86)\7799A1C0-1438750750-11DD-8C32-086266456FEC\hnsy626D.tmp [X]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag [X]
S2 fycepoku; C:\Program Files (x86)\7799A1C0-1438750750-11DD-8C32-086266456FEC\knsaCACB.tmp [X]
S2 hyverumu; C:\Program Files (x86)\7799A1C0-1438750750-11DD-8C32-086266456FEC\jnsz4B2A.tmp [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R3 ASMTFilter; C:\Windows\SysWow64\drivers\asmtufdriver.sys [24792 2014-06-13] (http://www.asmedia.com.tw)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-02-24] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7570136 2015-07-31] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [237568 2015-07-10] (Microsoft Corporation)
R1 cbfs5; C:\WINDOWS\system32\drivers\cbfs5.sys [416960 2014-03-06] (EldoS Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-08-12] (Disc Soft Ltd)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
R4 IOMap; C:\WINDOWS\system32\drivers\IOMap64.sys [24824 2014-07-02] (ASUSTeK Computer Inc.)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
S3 MbswMailbox; C:\Program Files (x86)\ASUS\AI Suite III\690b33e1-0462-4e84-9bea-c7552b45432a.sys [17208 2015-08-01] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-09-30] (Intel Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
R1 tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [307352 2015-05-29] (Trend Micro Inc.)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-07-31] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 13:49 - 2015-08-28 13:49 - 00000000 ____D C:\FRST
2015-08-28 13:45 - 2015-05-29 01:43 - 00307352 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2015-08-28 13:44 - 2015-08-28 13:44 - 00000036 _____ C:\Users\sephr\AppData\Local\housecall.guid.cache
2015-08-28 13:33 - 2015-08-28 13:33 - 00004088 _____ C:\WINDOWS\System32\Tasks\LaunchPreSignup
2015-08-28 13:31 - 2015-08-28 13:31 - 00016148 _____ C:\WINDOWS\system32\LILITH_sephr_HistoryPrediction.bin
2015-08-27 21:10 - 2015-08-27 21:10 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Sun
2015-08-27 21:10 - 2015-08-27 21:10 - 00000000 ____D C:\Users\sephr\.oracle_jre_usage
2015-08-20 08:10 - 2015-08-20 08:10 - 00000000 ____D C:\Users\sephr\Tracing
2015-08-20 08:08 - 2015-08-22 10:07 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Skype
2015-08-20 08:08 - 2015-08-20 08:08 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
2015-08-20 08:08 - 2015-08-20 08:08 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-08-20 08:08 - 2015-08-20 08:08 - 00000000 ____D C:\Users\sephr\AppData\Local\Skype
2015-08-20 08:08 - 2015-08-20 08:08 - 00000000 ____D C:\ProgramData\Skype
2015-08-20 08:08 - 2015-08-20 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-18 19:48 - 2015-08-12 22:33 - 24593408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-18 19:48 - 2015-08-12 22:23 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-18 19:48 - 2015-08-12 22:22 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-18 19:48 - 2015-08-12 22:20 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-18 19:48 - 2015-08-12 22:17 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-18 19:48 - 2015-08-12 22:07 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-18 19:48 - 2015-08-12 21:53 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-18 19:48 - 2015-08-11 04:04 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-18 19:48 - 2015-08-11 04:04 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-18 19:48 - 2015-08-11 04:04 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-18 19:48 - 2015-08-11 04:03 - 08021840 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-18 19:48 - 2015-08-11 04:03 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-18 19:48 - 2015-08-11 04:02 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-18 19:48 - 2015-08-11 04:02 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-18 19:48 - 2015-08-11 04:02 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-18 19:48 - 2015-08-11 03:57 - 03622256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-18 19:48 - 2015-08-11 03:52 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-18 19:48 - 2015-08-11 03:50 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-18 19:48 - 2015-08-11 03:40 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-18 19:48 - 2015-08-11 03:40 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-18 19:48 - 2015-08-11 03:40 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-18 19:48 - 2015-08-11 03:38 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-18 19:48 - 2015-08-11 03:37 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-18 19:48 - 2015-08-11 03:31 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-18 19:48 - 2015-08-11 03:26 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-18 19:48 - 2015-08-11 03:23 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-18 19:48 - 2015-08-11 03:22 - 21875200 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-18 19:48 - 2015-08-11 03:21 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-18 19:48 - 2015-08-11 03:21 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-18 19:48 - 2015-08-11 03:20 - 02224640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-18 19:48 - 2015-08-11 03:20 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-18 19:48 - 2015-08-11 03:19 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-18 19:48 - 2015-08-11 03:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-18 19:48 - 2015-08-11 03:16 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-18 19:48 - 2015-08-11 03:14 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-18 19:48 - 2015-08-11 03:13 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-18 19:48 - 2015-08-11 03:11 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-18 19:48 - 2015-08-11 03:11 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-18 19:48 - 2015-08-11 03:10 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-18 19:48 - 2015-08-11 03:10 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 19:48 - 2015-08-11 03:10 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-18 19:48 - 2015-08-11 03:09 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-18 19:48 - 2015-08-11 03:08 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-18 19:48 - 2015-08-11 03:08 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-18 19:48 - 2015-08-11 03:07 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-18 19:48 - 2015-08-11 03:07 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-18 19:48 - 2015-08-11 03:07 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-18 19:48 - 2015-08-11 03:06 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-18 19:48 - 2015-08-11 03:06 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-18 19:48 - 2015-08-11 03:05 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-18 19:48 - 2015-08-11 03:05 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-18 19:48 - 2015-08-11 03:05 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-18 19:48 - 2015-08-11 03:05 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-18 19:48 - 2015-08-11 03:05 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-18 19:48 - 2015-08-11 03:05 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-18 19:48 - 2015-08-11 03:03 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-18 19:48 - 2015-08-11 03:02 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-18 19:48 - 2015-08-11 03:02 - 01890304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-18 19:48 - 2015-08-11 03:02 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-18 19:48 - 2015-08-11 03:02 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-18 19:48 - 2015-08-11 03:01 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-18 19:48 - 2015-08-11 03:00 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-18 19:48 - 2015-08-11 03:00 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-18 19:48 - 2015-08-11 02:59 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-18 19:48 - 2015-08-11 02:59 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-18 19:48 - 2015-08-11 02:59 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-18 19:48 - 2015-08-11 02:59 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-18 19:48 - 2015-08-11 02:58 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-18 19:48 - 2015-08-11 02:57 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-18 19:48 - 2015-08-11 02:57 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-18 19:48 - 2015-08-11 02:51 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-18 19:48 - 2015-08-11 02:51 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-18 19:48 - 2015-08-11 02:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-18 19:48 - 2015-08-11 02:50 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-18 19:48 - 2015-08-11 02:50 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-18 19:48 - 2015-08-11 02:49 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-18 19:48 - 2015-08-11 02:49 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-18 19:48 - 2015-08-11 02:48 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-18 19:48 - 2015-08-11 02:47 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-18 19:48 - 2015-08-11 02:45 - 18805760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-18 19:48 - 2015-08-11 02:45 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-18 19:48 - 2015-08-11 02:43 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-18 19:48 - 2015-08-11 02:42 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-18 19:48 - 2015-08-11 02:40 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-18 19:48 - 2015-08-11 02:40 - 01593856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-18 19:48 - 2015-08-11 02:40 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-18 19:48 - 2015-08-11 02:39 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-18 19:48 - 2015-08-11 02:38 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-18 19:15 - 2015-08-28 13:31 - 00000000 ____D C:\Users\sephr\AppData\Roaming\OpenCandy
2015-08-16 21:50 - 2015-08-16 21:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-14 19:09 - 2015-08-14 19:10 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-14 19:09 - 2015-07-28 10:59 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-14 18:54 - 2015-08-08 01:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-14 18:54 - 2015-08-08 01:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-14 18:54 - 2015-08-08 01:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-14 18:54 - 2015-08-08 00:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-14 18:54 - 2015-08-08 00:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-14 18:54 - 2015-08-08 00:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-14 18:54 - 2015-08-08 00:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-14 18:54 - 2015-08-08 00:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-14 18:54 - 2015-08-08 00:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-14 18:54 - 2015-08-05 21:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-14 18:54 - 2015-08-05 21:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-14 18:54 - 2015-08-05 20:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-14 18:54 - 2015-08-04 22:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-14 18:54 - 2015-08-04 22:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-14 18:54 - 2015-08-04 22:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-14 18:54 - 2015-08-04 21:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-14 18:54 - 2015-08-04 21:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-14 18:54 - 2015-08-04 21:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-14 18:54 - 2015-08-03 22:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-14 18:54 - 2015-08-03 22:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-14 18:54 - 2015-08-03 22:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-14 18:54 - 2015-08-03 21:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-14 18:54 - 2015-08-03 20:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-14 18:54 - 2015-08-03 20:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-14 18:54 - 2015-08-02 20:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-14 18:54 - 2015-08-02 20:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-14 18:54 - 2015-08-02 20:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-14 18:54 - 2015-08-02 20:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-14 18:54 - 2015-08-02 20:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-14 18:54 - 2015-08-02 20:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-14 18:54 - 2015-08-02 20:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-14 18:54 - 2015-08-02 20:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-14 18:54 - 2015-08-02 20:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-14 18:54 - 2015-08-02 20:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-14 18:54 - 2015-08-02 20:13 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-14 18:54 - 2015-08-02 20:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-14 18:54 - 2015-08-02 19:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-14 18:54 - 2015-08-02 19:50 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-14 18:54 - 2015-08-02 19:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-14 18:54 - 2015-08-02 19:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-14 18:54 - 2015-08-02 19:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-14 18:54 - 2015-08-02 19:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-14 18:54 - 2015-08-02 19:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-14 18:54 - 2015-08-02 19:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-14 18:54 - 2015-08-02 19:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-14 18:54 - 2015-08-02 19:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-14 18:54 - 2015-08-02 19:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-14 18:54 - 2015-08-02 19:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-14 18:54 - 2015-08-02 19:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-14 18:54 - 2015-08-02 19:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-14 18:54 - 2015-08-02 19:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-14 18:54 - 2015-08-02 19:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-14 18:54 - 2015-08-02 19:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-14 18:54 - 2015-08-02 19:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-14 18:54 - 2015-08-02 19:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-14 18:54 - 2015-08-02 19:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-14 18:54 - 2015-08-02 19:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-14 18:54 - 2015-08-02 19:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-14 18:54 - 2015-08-02 19:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-14 18:54 - 2015-08-02 19:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-14 18:54 - 2015-08-02 19:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-14 18:54 - 2015-08-02 19:14 - 00247808 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-14 18:54 - 2015-08-02 19:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-14 18:54 - 2015-08-02 19:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-14 18:54 - 2015-08-02 19:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-14 18:54 - 2015-08-02 19:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-14 18:54 - 2015-08-02 19:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-14 18:54 - 2015-08-02 19:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-14 18:54 - 2015-08-02 19:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-14 18:54 - 2015-08-02 19:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-14 18:54 - 2015-08-02 19:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-14 18:54 - 2015-08-02 18:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-14 18:54 - 2015-07-30 00:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-14 18:54 - 2015-07-30 00:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-14 18:54 - 2015-07-30 00:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-14 18:54 - 2015-07-30 00:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-14 18:54 - 2015-07-30 00:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-14 18:54 - 2015-07-30 00:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-14 18:54 - 2015-07-30 00:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-14 18:54 - 2015-07-30 00:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-14 18:54 - 2015-07-30 00:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-14 18:54 - 2015-07-30 00:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-14 18:54 - 2015-07-30 00:05 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-14 18:54 - 2015-07-30 00:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-14 18:54 - 2015-07-30 00:04 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-14 18:54 - 2015-07-30 00:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-14 18:54 - 2015-07-29 23:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-14 18:54 - 2015-07-29 22:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-14 18:54 - 2015-07-29 22:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-14 18:54 - 2015-07-29 22:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-14 18:54 - 2015-07-29 22:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-14 18:54 - 2015-07-29 22:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-14 18:54 - 2015-07-29 22:24 - 01769056 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-14 18:54 - 2015-07-29 22:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-14 18:54 - 2015-07-29 22:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-14 18:54 - 2015-07-29 22:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-14 18:54 - 2015-07-29 22:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-14 18:54 - 2015-07-29 22:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-14 18:54 - 2015-07-29 22:21 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-14 18:54 - 2015-07-29 22:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-14 18:54 - 2015-07-29 22:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-14 18:54 - 2015-07-29 22:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-14 18:54 - 2015-07-29 22:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-14 18:54 - 2015-07-29 22:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-14 18:54 - 2015-07-29 22:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-14 18:54 - 2015-07-29 21:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-14 18:54 - 2015-07-29 21:52 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-14 18:54 - 2015-07-29 21:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-14 18:54 - 2015-07-29 21:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-14 18:54 - 2015-07-29 21:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-14 18:54 - 2015-07-29 21:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-14 18:54 - 2015-07-29 21:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-14 18:54 - 2015-07-29 21:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-14 18:54 - 2015-07-29 21:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-14 18:54 - 2015-07-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-14 18:54 - 2015-07-29 21:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-14 18:54 - 2015-07-29 21:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-14 18:54 - 2015-07-29 21:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-14 18:54 - 2015-07-29 21:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-14 18:54 - 2015-07-29 21:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-14 18:54 - 2015-07-29 21:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-14 18:54 - 2015-07-29 21:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-14 18:54 - 2015-07-29 21:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-14 18:54 - 2015-07-29 21:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-14 18:54 - 2015-07-29 21:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-14 18:54 - 2015-07-29 21:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-14 18:54 - 2015-07-29 21:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-14 18:54 - 2015-07-29 21:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-14 18:54 - 2015-07-29 21:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-14 18:54 - 2015-07-29 21:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-14 18:54 - 2015-07-29 21:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-14 18:54 - 2015-07-29 21:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-14 18:54 - 2015-07-29 21:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-14 18:54 - 2015-07-29 21:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-14 18:54 - 2015-07-29 21:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-14 18:54 - 2015-07-29 20:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-14 18:54 - 2015-07-29 20:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-12 23:23 - 2015-08-12 23:23 - 00002260 _____ C:\Users\sephr\Desktop\SkyrimLauncher - Shortcut.lnk
2015-08-12 23:14 - 2015-08-12 23:14 - 00000000 ____D C:\Users\sephr\AppData\Local\Skyrim
2015-08-12 23:14 - 2015-08-12 23:14 - 00000000 ____D C:\ProgramData\Steam
2015-08-12 23:00 - 2015-08-12 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda Softworks
2015-08-12 22:34 - 2015-08-12 22:34 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2015-08-12 22:32 - 2015-08-12 22:32 - 00000000 ____D C:\Program Files (x86)\Disc Soft
2015-08-12 22:31 - 2015-08-12 22:34 - 00000000 ____D C:\Users\sephr\AppData\Roaming\DAEMON Tools Lite
2015-08-12 22:31 - 2015-08-12 22:33 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2015-08-12 22:31 - 2015-08-12 22:32 - 00000000 ____D C:\Program Files\DAEMON Tools Lite
2015-08-12 22:31 - 2015-08-12 22:31 - 00001814 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2015-08-12 22:31 - 2015-08-12 22:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2015-08-12 22:31 - 2015-08-12 22:31 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-08-12 22:12 - 2015-08-12 22:12 - 00000000 ____D C:\ProgramData\DAEMON Tools Pro
2015-08-12 22:06 - 2015-08-12 22:06 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-12 22:06 - 2015-08-12 22:06 - 00000000 ____D C:\Program Files\MSBuild
2015-08-12 22:06 - 2015-08-12 22:06 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-12 22:06 - 2015-08-12 22:06 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-12 22:06 - 2015-06-17 18:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-12 22:06 - 2015-06-17 18:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:06 - 2015-06-17 18:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-12 22:06 - 2015-05-29 21:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-12 22:06 - 2015-05-29 21:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 22:06 - 2015-05-29 21:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-11 06:55 - 2015-08-11 06:55 - 00000000 ____D C:\Users\sephr\AppData\Local\TeamViewer
2015-08-11 06:54 - 2015-08-27 23:06 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-08-11 06:54 - 2015-08-20 15:16 - 00000000 ____D C:\Users\sephr\AppData\Roaming\TeamViewer
2015-08-11 06:54 - 2015-08-11 06:54 - 00001116 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-08-11 06:54 - 2015-08-11 06:54 - 00001104 _____ C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-08-10 21:10 - 2015-08-10 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-10 21:07 - 2015-08-10 21:07 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-10 21:07 - 2015-08-10 21:07 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-09 16:40 - 2015-08-09 16:40 - 00000000 ____D C:\Users\sephr\AppData\Roaming\RenPy
2015-08-09 14:48 - 2015-08-18 20:44 - 00000000 ____D C:\Users\sephr\AppData\Roaming\uTorrent
2015-08-08 11:53 - 2015-08-08 11:53 - 00000045 _____ C:\WINDOWS\SysWOW64\initdebug.nfo
2015-08-08 11:47 - 2015-08-28 13:36 - 00000000 ____D C:\Program Files\Core Temp
2015-08-08 11:42 - 2015-08-08 11:42 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Rainmeter
2015-08-08 11:13 - 2015-08-11 11:13 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP3.job
2015-08-08 11:13 - 2015-08-09 14:15 - 00000376 _____ C:\WINDOWS\Tasks\APSnotifierPP2.job
2015-08-08 11:13 - 2015-08-08 11:33 - 00000378 _____ C:\WINDOWS\Tasks\APSnotifierPP1.job
2015-08-08 11:13 - 2015-08-08 11:13 - 00003388 _____ C:\WINDOWS\System32\Tasks\{C3B07C2B-5EE2-4D0F-B435-09EAFB071681}
2015-08-08 11:13 - 2015-08-08 11:13 - 00002872 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP1
2015-08-08 11:13 - 2015-08-08 11:13 - 00002870 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP3
2015-08-08 11:13 - 2015-08-08 11:13 - 00002870 _____ C:\WINDOWS\System32\Tasks\APSnotifierPP2
2015-08-08 11:12 - 2015-08-08 11:12 - 00613255 _____ (CMI Limited) C:\Users\sephr\AppData\Local\nsbCF4C.tmp
2015-08-08 11:12 - 2015-08-08 11:12 - 00000000 __SHD C:\Users\sephr\AppData\Roaming\AnyProtectEx
2015-08-08 11:10 - 2015-08-26 20:51 - 00000000 ____D C:\Users\sephr\AppData\Roaming\cpuminer
2015-08-08 11:10 - 2015-08-18 19:25 - 00000000 ____D C:\ProgramData\XWinManProX
2015-08-08 11:10 - 2015-08-08 11:10 - 00000000 ____D C:\ProgramData\IHProtectUpDate
2015-08-08 11:10 - 2015-08-08 11:10 - 00000000 _____ C:\WINDOWS\prleth.sys
2015-08-08 11:10 - 2015-08-08 11:10 - 00000000 _____ C:\WINDOWS\hgfs.sys
2015-08-07 17:26 - 2015-08-28 08:25 - 00005268 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for LILITH-sephr Lilith
2015-08-07 17:16 - 2015-08-27 21:05 - 00000000 ____D C:\ProgramData\ExtTag
2015-08-07 17:16 - 2015-08-07 17:16 - 00003518 _____ C:\WINDOWS\System32\Tasks\snp
2015-08-07 17:16 - 2015-08-07 17:16 - 00003156 _____ C:\WINDOWS\System32\Tasks\snf
2015-08-07 17:16 - 2015-08-07 17:16 - 00002377 _____ C:\WINDOWS\SysWOW64\findit.xml
2015-08-07 17:16 - 2015-08-07 17:16 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Mozilla
2015-08-07 17:16 - 2015-08-07 17:16 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-05 00:43 - 2015-08-22 10:46 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-05 00:40 - 2015-08-28 13:45 - 00000910 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 00:40 - 2015-08-28 08:14 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 00:40 - 2015-08-05 00:43 - 00000000 ____D C:\Users\sephr\AppData\Local\Google
2015-08-05 00:40 - 2015-08-05 00:42 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-05 00:40 - 2015-08-05 00:40 - 00003968 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-05 00:40 - 2015-08-05 00:40 - 00003736 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-04 23:29 - 2015-08-04 23:29 - 00003798 _____ C:\WINDOWS\System32\Tasks\AutoPico Daily Restart
2015-08-04 23:29 - 2015-08-04 23:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-08-04 23:29 - 2015-08-04 23:29 - 00000000 ____D C:\Program Files\KMSpico
2015-08-04 23:23 - 2015-08-10 21:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-04 23:23 - 2015-08-04 23:23 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2015-08-04 23:20 - 2015-08-10 21:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-04 23:20 - 2015-08-04 23:23 - 00000000 ____D C:\Program Files\Microsoft Office
2015-08-04 23:20 - 2015-08-04 23:20 - 00000000 ____D C:\Users\sephr\AppData\Local\Microsoft Help
2015-08-04 23:20 - 2015-08-04 23:20 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2015-08-04 23:20 - 2015-08-04 23:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-08-04 23:20 - 2015-08-04 23:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-08-04 23:13 - 2015-08-04 23:13 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-04 23:00 - 2015-08-07 17:16 - 00000000 ____D C:\Program Files\schk32
2015-08-04 22:59 - 2015-08-04 23:14 - 00000000 ____D C:\ProgramData\EroBisis
2015-08-04 22:59 - 2015-08-04 23:05 - 00000000 ____D C:\Users\sephr\AppData\Local\7799A1C0-1438729193-11DD-8C32-086266456FEC
2015-08-04 22:59 - 2015-07-10 05:02 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak
2015-08-04 22:58 - 2015-08-08 11:17 - 00000000 ____D C:\Program Files (x86)\globalUpdate
2015-08-04 22:58 - 2015-08-08 11:12 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-04 22:58 - 2015-08-04 23:01 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Opera Software
2015-08-04 22:58 - 2015-08-04 23:01 - 00000000 ____D C:\Users\sephr\AppData\Local\Opera Software
2015-08-04 22:58 - 2015-08-04 22:58 - 00000000 ____D C:\Users\sephr\AppData\Local\globalUpdate
2015-08-04 22:55 - 2015-08-28 08:17 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4527DB7E-F8BF-4669-815D-1C9F4765C1C0}
2015-08-04 22:52 - 2015-08-04 22:52 - 00000000 ____D C:\Program Files (x86)\KMSPico
2015-08-02 23:55 - 2015-08-02 23:55 - 00000000 ____D C:\Users\sephr\.thumbnails
2015-08-02 23:25 - 2015-08-02 23:25 - 00000000 ____D C:\Users\sephr\AppData\Local\gegl-0.3
2015-08-02 22:51 - 2015-08-02 22:58 - 00000000 ____D C:\Users\sephr\AppData\Roaming\MAXON
2015-08-02 22:22 - 2015-08-02 22:22 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-08-02 18:55 - 2015-08-02 18:55 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-02 18:47 - 2015-08-02 18:47 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-08-02 18:46 - 2015-08-02 18:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-08-02 18:35 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-08-02 18:35 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-08-02 18:35 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-08-02 18:35 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2015-08-02 18:35 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2015-08-02 18:35 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2015-08-02 18:35 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2015-08-02 18:35 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2015-08-02 18:35 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2015-08-02 18:35 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2015-08-02 18:35 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2015-08-02 18:35 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2015-08-02 18:35 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2015-08-02 18:35 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2015-08-02 18:35 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2015-08-02 18:35 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2015-08-02 18:35 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2015-08-02 18:35 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2015-08-02 18:35 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2015-08-01 12:48 - 2015-07-05 04:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-08-01 12:45 - 2015-08-01 12:45 - 00003294 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-08-01 12:45 - 2015-08-01 12:45 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-08-01 12:45 - 2015-08-01 12:45 - 00003238 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-08-01 12:45 - 2015-08-01 12:45 - 00003210 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-08-01 12:45 - 2015-08-01 12:45 - 00003206 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-08-01 12:45 - 2015-08-01 12:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-01 12:45 - 2015-08-01 12:45 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2015-08-01 10:56 - 2015-08-01 10:56 - 00000000 ____D C:\Users\sephr\AppData\Local\NetworkTiles
2015-07-31 23:48 - 2015-08-20 17:41 - 00000000 ____D C:\Users\sephr\AppData\Local\SR22.1.24
2015-07-31 23:07 - 2015-07-31 22:13 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-31 23:06 - 2015-07-31 23:06 - 00000000 ____D C:\Users\sephr\AppData\Roaming\WinRAR
2015-07-31 23:06 - 2015-07-31 23:06 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-31 23:06 - 2015-07-31 23:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-31 23:06 - 2015-07-31 23:06 - 00000000 ____D C:\Program Files\WinRAR
2015-07-31 22:54 - 2015-07-31 22:54 - 00016896 _____ (ASUS) C:\WINDOWS\AsTaskSched.dll
2015-07-31 22:41 - 2015-08-28 08:20 - 00000000 _____ C:\WINDOWS\Path.idx
2015-07-31 22:41 - 2015-07-31 22:41 - 00000000 _____ C:\WINDOWS\SysWOW64\Drivers\1043_ASUSTeK_MAXIMUS VII FORMULA.alu
2015-07-31 22:40 - 2015-07-31 22:40 - 00000000 ____D C:\Users\sephr\AppData\Local\Steam
2015-07-31 22:40 - 2015-07-31 22:40 - 00000000 ____D C:\Users\sephr\AppData\Local\CEF
2015-07-31 22:36 - 2015-08-28 08:15 - 01048576 _____ C:\WINDOWS\PE_Rom.dll
2015-07-31 22:36 - 2015-08-26 20:47 - 00000000 ____D C:\Program Files (x86)\Steam
2015-07-31 22:36 - 2015-07-31 22:36 - 00001036 _____ C:\Users\Public\Desktop\Steam.lnk
2015-07-31 22:36 - 2015-07-31 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-07-31 22:36 - 2014-07-02 17:41 - 00024824 ____N (ASUSTeK Computer Inc.) C:\WINDOWS\system32\Drivers\IOMap64.sys
2015-07-31 22:35 - 2015-07-31 21:44 - 00000000 ___DC C:\WINDOWS\Panther
2015-07-31 22:34 - 2015-08-08 11:14 - 00000000 ____D C:\Program Files (x86)\ASM104xUSB3
2015-07-31 22:34 - 2015-08-03 00:14 - 00000000 ____D C:\Windows.old
2015-07-31 22:34 - 2015-07-31 22:34 - 00007776 _____ C:\WINDOWS\DPINST.LOG
2015-07-31 22:34 - 2011-09-20 12:25 - 00046152 _____ (MCCI Corporation) C:\WINDOWS\SysWOW64\Drivers\ASUSFILTER.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-07-31 22:33 - 2015-07-31 22:33 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-07-31 22:33 - 2015-07-31 22:33 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-07-31 22:33 - 2015-07-31 22:33 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00607008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-07-31 22:33 - 2015-07-31 22:33 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-07-31 22:33 - 2015-07-31 22:33 - 00000000 ____D C:\Program Files (x86)\Intel
2015-07-31 22:33 - 2014-06-13 11:25 - 00024792 _____ (http://www.asmedia.com.tw) C:\WINDOWS\SysWOW64\Drivers\asmtufdriver.sys
2015-07-31 22:33 - 2014-02-24 17:49 - 00014464 _____ C:\WINDOWS\SysWOW64\Drivers\AsUpIO.sys
2015-07-31 22:33 - 2013-01-28 15:58 - 00014848 _____ (ASUSTek Computer Inc.) C:\WINDOWS\SysWOW64\Drivers\AiChargerPlus.sys
2015-07-31 22:32 - 2015-07-09 22:37 - 09565696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll
2015-07-31 22:32 - 2015-07-09 22:36 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll
2015-07-31 22:32 - 2015-07-09 22:26 - 09687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll
2015-07-31 22:32 - 2015-07-09 22:25 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll
2015-07-31 22:31 - 2015-07-31 22:36 - 00000000 ____D C:\ProgramData\ASUS
2015-07-31 22:31 - 2015-07-31 22:31 - 00000000 _____ C:\WINDOWS\SysWOW64\IntelWakeInfo.ini
2015-07-31 22:31 - 2014-03-06 07:05 - 00120616 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsNetRdr5.dll
2015-07-31 22:31 - 2014-03-06 07:05 - 00009000 _____ (EldoS Corporation) C:\WINDOWS\system32\elevtmsg.dll
2015-07-31 22:31 - 2014-03-06 07:04 - 00220456 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsNetRdr5.dll
2015-07-31 22:31 - 2014-03-06 07:02 - 00183592 _____ (EldoS Corporation) C:\WINDOWS\system32\cbfsMntNtf5.dll
2015-07-31 22:31 - 2014-03-06 07:00 - 00157992 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\cbfsMntNtf5.dll
2015-07-31 22:31 - 2014-03-06 06:37 - 00416960 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs5.sys
2015-07-31 22:30 - 2015-07-31 22:30 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-DMNGS8P_sephr_HistoryPrediction.bin
2015-07-31 22:30 - 2015-07-31 22:30 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-07-31 22:29 - 2015-08-27 21:42 - 00000000 ____D C:\ProgramData\Oracle
2015-07-31 22:29 - 2015-08-27 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-31 22:22 - 2015-08-28 08:15 - 00004603 _____ C:\WINDOWS\SysWOW64\IntelRemoteWakeAgent.ini
2015-07-31 22:22 - 2015-08-28 08:15 - 00000000 ____D C:\Users\sephr\AppData\Local\asushomecloud
2015-07-31 22:22 - 2015-08-12 23:03 - 00000000 ____D C:\Users\sephr\AppData\Local\AO DMS
2015-07-31 22:22 - 2015-07-31 22:45 - 00000000 ____D C:\ProgramData\asushomecloud
2015-07-31 22:22 - 2015-07-31 22:31 - 00000000 ____D C:\Users\sephr\AppData\Roaming\localdrive
2015-07-31 22:22 - 2015-07-31 22:22 - 00000000 ____D C:\MyFavorite
2015-07-31 22:21 - 2015-07-31 22:21 - 00001243 _____ C:\Users\Public\Desktop\AsusHomeCloud.lnk
2015-07-31 22:20 - 2015-07-31 23:05 - 00001163 _____ C:\Users\Public\Desktop\ASUS HomeCloudServer.lnk
2015-07-31 22:20 - 2015-07-31 22:21 - 00000163 _____ C:\WINDOWS\setup.log
2015-07-31 22:20 - 2015-07-31 22:20 - 00003250 _____ C:\WINDOWS\System32\Tasks\AsushomeCloudStart
2015-07-31 22:20 - 2015-07-31 22:20 - 00001769 _____ C:\WINDOWS\Language_trs.ini
2015-07-31 22:20 - 2015-07-31 22:20 - 00000135 _____ C:\Program Files\IntelRemoteWakeAgent.ini
2015-07-31 22:20 - 2015-07-31 22:20 - 00000000 ____D C:\Users\sephr\AppData\Local\PeerDistRepub
2015-07-31 22:20 - 2015-07-31 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS CLOUD
2015-07-31 22:19 - 2015-07-31 22:19 - 01963248 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-07-31 22:19 - 2012-06-29 01:22 - 00082888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL$ASUSHOMECLOUD-sqlctr10.52.4000.0.dll
2015-07-31 22:19 - 2012-06-29 01:22 - 00057288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf-MSSQL10_50.ASUSHOMECLOUD-sqlagtctr.dll
2015-07-31 22:18 - 2015-08-04 23:23 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2015-07-31 22:18 - 2015-07-31 22:18 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2015-07-31 22:18 - 2015-07-31 22:18 - 00000000 ____D C:\WINDOWS\system32\1033
2015-07-31 22:18 - 2015-07-31 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008
2015-07-31 22:18 - 2015-07-31 22:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 9.0
2015-07-31 22:17 - 2015-08-27 21:11 - 00000000 ____D C:\Program Files (x86)\Java
2015-07-31 22:17 - 2015-08-27 21:10 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-07-31 22:17 - 2015-08-04 23:23 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2015-07-31 22:17 - 2015-07-31 22:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-07-31 22:17 - 2015-07-31 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2
2015-07-31 22:17 - 2015-07-31 22:17 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-07-31 22:17 - 2015-07-31 22:17 - 00000000 ____D C:\ProgramData\Sun
2015-07-31 22:16 - 2015-08-09 15:34 - 00000000 ____D C:\Users\sephr\AppData\Local\AO Link
2015-07-31 22:16 - 2015-07-31 22:34 - 00000000 ____D C:\WINDOWS\System32\Tasks\ASUS
2015-07-31 22:16 - 2014-01-22 10:33 - 00011832 ____N C:\WINDOWS\SysWOW64\Drivers\AsInsHelp64.sys
2015-07-31 22:16 - 2014-01-22 10:33 - 00010216 ____N C:\WINDOWS\SysWOW64\Drivers\AsInsHelp32.sys
2015-07-31 22:13 - 2015-07-31 22:13 - 00001252 _____ C:\Users\Public\Desktop\Sonic Radar II.lnk
2015-07-31 22:13 - 2015-07-31 22:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Radar II
2015-07-31 22:13 - 2015-07-31 22:13 - 00000000 ____D C:\Program Files\Realtek
2015-07-31 22:13 - 2015-07-31 22:13 - 00000000 ____D C:\Program Files\ASUSTeKcomputer.Inc
2015-07-31 22:13 - 2014-04-14 03:52 - 00003008 ____N C:\WINDOWS\system32\Drivers\DTSU2P.DAT
2015-07-31 22:12 - 2015-07-31 22:35 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-31 22:12 - 2015-06-02 04:48 - 04477656 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-07-31 22:12 - 2015-06-02 04:15 - 02088737 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-07-31 22:12 - 2015-06-02 03:15 - 01747160 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-07-31 22:12 - 2015-06-02 00:57 - 02847960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-07-31 22:12 - 2015-05-27 03:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2015-07-31 22:12 - 2015-05-25 21:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-07-31 22:12 - 2015-05-20 02:14 - 03234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-07-31 22:12 - 2015-05-18 00:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-07-31 22:12 - 2015-05-15 05:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-07-31 22:12 - 2015-05-15 02:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-07-31 22:12 - 2015-01-19 04:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-07-31 22:12 - 2014-11-10 23:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-07-31 22:12 - 2014-10-23 20:12 - 05234952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2015-07-31 22:12 - 2014-10-23 20:12 - 00995120 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2015-07-31 22:12 - 2014-05-22 02:24 - 00096568 _____ C:\WINDOWS\system32\audioLibVc.dll
2015-07-31 22:12 - 2013-06-20 21:01 - 00109848 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2015-07-31 22:12 - 2011-12-20 01:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-07-31 22:12 - 2011-11-22 02:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-07-31 22:11 - 2015-07-31 22:11 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-07-31 21:53 - 2015-07-31 21:53 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Macromedia
2015-07-31 21:51 - 2015-07-31 21:52 - 00000000 ____D C:\Users\sephr\AppData\Local\MicrosoftEdge
2015-07-31 21:50 - 2015-08-26 23:46 - 00000000 ____D C:\Users\sephr\OneDrive
2015-07-31 21:50 - 2015-08-19 22:38 - 00002338 _____ C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-07-31 21:50 - 2015-07-31 21:52 - 00000000 ____D C:\Users\sephr\AppData\Local\Comms
2015-07-31 21:49 - 2015-07-31 21:49 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-31 21:48 - 2015-08-12 22:11 - 00000000 ____D C:\Users\sephr\AppData\Local\Packages
2015-07-31 21:48 - 2015-07-31 21:48 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-DMNGS8P_defaultuser0_HistoryPrediction.bin
2015-07-31 21:48 - 2015-07-31 21:48 - 00001051 _____ C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-07-31 21:48 - 2015-07-31 21:48 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Adobe
2015-07-31 21:48 - 2015-07-31 21:48 - 00000000 ____D C:\Users\sephr\AppData\Local\VirtualStore
2015-07-31 21:48 - 2015-07-31 21:48 - 00000000 ____D C:\Users\sephr\AppData\Local\TileDataLayer
2015-07-31 21:48 - 2015-07-31 21:48 - 00000000 ____D C:\Users\sephr\AppData\Local\Publishers
2015-07-31 21:48 - 2015-07-31 21:48 - 00000000 ____D C:\Users\sephr\AppData\Local\PackageStaging
2015-07-31 21:45 - 2015-08-27 21:10 - 00000000 ____D C:\Users\sephr
2015-07-31 21:45 - 2015-07-31 21:48 - 00000000 ___RD C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-31 21:45 - 2015-07-31 21:45 - 00000020 ___SH C:\Users\sephr\ntuser.ini
2015-07-31 21:45 - 2015-07-10 05:04 - 00000000 __RSD C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-07-31 21:45 - 2015-07-10 05:04 - 00000000 ___RD C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-07-31 21:45 - 2015-07-10 05:04 - 00000000 ___RD C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-07-31 21:45 - 2015-07-10 05:04 - 00000000 ____D C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-31 21:42 - 2015-08-27 21:11 - 00967214 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-07-31 21:39 - 2015-07-10 04:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-07-31 21:37 - 2015-07-31 21:37 - 00000000 __SHD C:\Recovery
2015-07-31 21:37 - 2015-07-31 21:37 - 00000000 ____D C:\WINDOWS\CSC
2015-07-31 21:36 - 2015-08-28 08:14 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-07-31 21:36 - 2015-07-31 23:05 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-07-31 21:36 - 2015-07-31 22:34 - 00000000 ____D C:\Program Files\ASUS
2015-07-31 21:36 - 2015-07-31 22:13 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-07-31 21:36 - 2015-07-31 21:36 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-07-31 21:36 - 2015-07-31 21:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2015-07-31 21:36 - 2015-07-17 23:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-07-31 21:36 - 2015-07-17 23:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-07-31 21:36 - 2013-07-04 03:32 - 00028672 _____ (ASUSTek Computer Inc.) C:\WINDOWS\SysWOW64\AsIO.dll
2015-07-31 21:36 - 2013-07-04 03:32 - 00015232 _____ C:\WINDOWS\SysWOW64\Drivers\AsIO.sys
2015-07-31 21:35 - 2015-08-23 21:04 - 00050482 _____ C:\WINDOWS\PFRO.log
2015-07-31 21:35 - 2015-07-31 23:07 - 00000000 ____D C:\Program Files\Intel
2015-07-31 21:35 - 2015-07-31 21:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-07-31 16:49 - 2015-07-31 16:49 - 00000000 ___HD C:\$Windows.~WS
2015-07-31 09:41 - 2015-07-31 09:41 - 07570136 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\BCMWL63a.SYS
2015-07-31 09:41 - 2015-07-31 09:41 - 04136960 _____ (Broadcom Corporation) C:\WINDOWS\system32\bcmihvsrv64.dll
2015-07-31 09:41 - 2015-07-31 09:41 - 03781632 _____ (Broadcom Corporation) C:\WINDOWS\system32\bcmihvui64.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-08-28 13:18 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-28 10:44 - 2015-07-10 04:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-27 21:14 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-27 21:04 - 2015-07-10 06:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-27 21:04 - 2015-07-10 06:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-22 11:56 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-20 10:18 - 2015-07-10 03:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-08-20 10:17 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-20 10:17 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-18 19:13 - 2015-07-10 06:20 - 00346328 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-18 19:13 - 2015-07-10 05:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 19:13 - 2015-07-10 05:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-18 19:13 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-18 19:13 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-10 21:12 - 2015-07-10 05:04 - 00000167 _____ C:\WINDOWS\win.ini
2015-08-10 21:10 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-08 13:54 - 2015-07-10 06:20 - 00015152 _____ C:\WINDOWS\setupact.log
2015-08-08 09:38 - 2015-07-10 05:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 09:38 - 2015-07-10 05:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 17:57 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-07 17:28 - 2015-07-10 07:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-08-07 17:28 - 2015-07-10 07:11 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\Com
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\IME
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\Help
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files\Windows Defender
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files\Common Files\System
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-08-07 17:28 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-08-07 17:28 - 2015-07-10 03:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-07 17:28 - 2015-07-10 03:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-07 17:28 - 2015-07-10 03:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-07 17:28 - 2015-07-10 03:05 - 00000000 ____D C:\WINDOWS\servicing
2015-08-04 23:23 - 2015-07-10 07:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-01 07:52 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-07-31 22:35 - 2015-07-10 05:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-07-31 22:34 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-07-31 22:17 - 2015-07-26 15:17 - 00000168 _____ C:\setup.log
2015-07-31 22:12 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-07-31 21:49 - 2015-07-10 07:12 - 00000000 ____D C:\WINDOWS\OCR
2015-07-31 21:48 - 2015-07-10 05:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-07-31 21:48 - 2015-07-10 05:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-07-31 21:45 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-07-31 21:39 - 2015-07-10 05:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-07-31 21:36 - 2015-07-10 05:05 - 00002133 _____ C:\WINDOWS\DtcInstall.log
2015-07-31 21:35 - 2015-07-10 03:05 - 00000000 __RHD C:\Users\Default
 
==================== Files in the root of some directories =======
 
2015-07-31 22:20 - 2015-07-31 22:20 - 0000135 _____ () C:\Program Files\IntelRemoteWakeAgent.ini
2015-08-28 13:44 - 2015-08-28 13:44 - 0000036 _____ () C:\Users\sephr\AppData\Local\housecall.guid.cache
2015-08-08 11:12 - 2015-08-08 11:12 - 0613255 _____ (CMI Limited) C:\Users\sephr\AppData\Local\nsbCF4C.tmp
 
Some files in TEMP:
====================
C:\Users\sephr\AppData\Local\Temp\2149.exe
C:\Users\sephr\AppData\Local\Temp\9807.exe
C:\Users\sephr\AppData\Local\Temp\9836.exe
C:\Users\sephr\AppData\Local\Temp\bedjbedded.exe
C:\Users\sephr\AppData\Local\Temp\bitool.dll
C:\Users\sephr\AppData\Local\Temp\jre-8u51-windows-au.exe
C:\Users\sephr\AppData\Local\Temp\jre-8u60-windows-au.exe
C:\Users\sephr\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\sephr\AppData\Local\Temp\mytmpinstaller.exe
C:\Users\sephr\AppData\Local\Temp\nsa33.exe
C:\Users\sephr\AppData\Local\Temp\nsi62CA.exe
C:\Users\sephr\AppData\Local\Temp\nsi62CB.exe
C:\Users\sephr\AppData\Local\Temp\nsj3999.exe
C:\Users\sephr\AppData\Local\Temp\nsj399A.exe
C:\Users\sephr\AppData\Local\Temp\nskFDDA.exe
C:\Users\sephr\AppData\Local\Temp\nskFDDB.exe
C:\Users\sephr\AppData\Local\Temp\nsq8748.exe
C:\Users\sephr\AppData\Local\Temp\nsq8749.exe
C:\Users\sephr\AppData\Local\Temp\nst49EB.exe
C:\Users\sephr\AppData\Local\Temp\nst49EC.exe
C:\Users\sephr\AppData\Local\Temp\nszD9DB.exe
C:\Users\sephr\AppData\Local\Temp\nszD9DC.exe
C:\Users\sephr\AppData\Local\Temp\sfextra.dll
C:\Users\sephr\AppData\Local\Temp\Uninstall.exe
C:\Users\sephr\AppData\Local\Temp\{146AC2D7-769A-468D-9876-DFAFA0038ADF}.dll
C:\Users\sephr\AppData\Local\Temp\{484AAD89-774E-495A-B020-6558CFD7B591}.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-08-26 19:53
 
==================== End of FRST.txt ============================

 

 
 
 
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by sephr (2015-08-28 13:50:51)
Running from D:\Users\sephr\Downloads
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-1688417143-2985529939-1315570496-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1688417143-2985529939-1315570496-503 - Limited - Disabled)
Guest (S-1-5-21-1688417143-2985529939-1315570496-501 - Limited - Disabled)
sephr (S-1-5-21-1688417143-2985529939-1315570496-1001 - Administrator - Enabled) => C:\Users\sephr
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.83 - ASUSTeK Computer Inc.)
AKIBA'S TRIP: Undead & Undressed (HKLM-x32\...\Steam App 333980) (Version:  - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.15.0 - Asmedia Technology)
ASUS HomeCloud Launcher (HKLM-x32\...\4ff11ffb-5880-4338-90e0-1502e835b184) (Version: 1.01.04 - ASUSTeK Computer Inc.)
ASUS HomeCloud Server 1.0.19.071 (HKLM\...\ASUS HomeCloudServer) (Version: 1.0.19.071 - ASUS Cloud Corporation)
Asus Sonic Suite Plugins (x32 Version: 2.1.2401 - ASUSTeKcomputer.Inc) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.1.0.0074 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HomeCloud Drive 1.0.0.085 (HKLM-x32\...\HomeCloud Drive) (Version: 1.0.0.085 - ASUS Cloud Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Media Streamer (HKLM-x32\...\{B457E718-00CA-45C8-9F75-45D66F8DAFF6}) (Version: 3.00.08 - ASUSTeK Computer Inc.)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
NahimicSettingsConfigurator (Version: 2.1.2401 - ASUSTeKcomputer.Inc) Hidden
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7525 - Realtek Semiconductor Corp.)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Roommates (HKLM-x32\...\Steam App 317300) (Version:  - Winter Wolves)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - Firaxis Games)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Sonic Radar II (HKLM\...\{1C06B38D-C6E3-4FD0-8B06-8ADA5AFB6942}) (Version: 2.1.2401 - ASUSTeKcomputer.Inc)
Sonic Studio Plugin (Version: 2.1.2401 - ASUSTeKcomputer.Inc) Hidden
SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
The Elder Scrolls V Skyrim - Legendary Edition (HKLM-x32\...\The Elder Scrolls V Skyrim - Legendary Edition_is1) (Version:  - )
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Update for Skype for Business 2015 (KB2889853) 64-Bit Edition (HKLM\...\{90150000-012B-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{DAFCD7DE-1531-4483-9F53-170766074E85}) (Version:  - Microsoft)
Wi-Fi GO! (HKLM-x32\...\{F5A3E41B-64E8-45BC-806C-57C81DED4409}) (Version: 5.00.14 - ASUSTeK Computer Inc.)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1688417143-2985529939-1315570496-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\sephr\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points =========================
 
12-08-2015 22:04:32 Windows Modules Installer
18-08-2015 19:16:07 Uniblue PC Mechanic installation
19-08-2015 22:39:15 Uniblue PC Mechanic installation
23-08-2015 09:20:45 Uniblue PC Mechanic installation
28-08-2015 10:43:51 Windows Update
28-08-2015 10:44:01 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2015-07-10 05:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {06FFF63D-98C7-4901-ABF0-DD81C3BAE31C} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-06-25] (ASUSTeK Computer Inc.)
Task: {0C4EB3B9-1F69-47B2-A9F6-BA14978EBCC6} - System32\Tasks\ASUS\ASUS WiFi GO! Server Execute => C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server Launcher.exe [2014-01-22] (ASUSTeK Computer Inc.)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0E06DDBC-1D68-4230-8566-E411C470191C} - System32\Tasks\LaunchPreSignup => C:\Program Files (x86)\OLBPre\OLBPre.exe <==== ATTENTION
Task: {19820782-7B23-401B-9D9F-26ABB3955F58} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1B636771-8342-4F4D-AAF0-CA6BDB11E86A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {2B7E1047-A19C-4E09-A888-9F04C65D93E3} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {3180640D-5D44-4758-BE6C-7D1FE6DDF8F0} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-07-02] (TODO: <Company name>)
Task: {3316B7C5-7B55-485D-8A33-95B23C9CE362} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LILITH-sephr Lilith => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {35172AAB-13CA-497C-8345-97E0F069E437} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {38BDBB22-9EDC-42FA-BA13-C7D5406EE4CE} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-28] (Microsoft Corporation)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4B29FD25-BE4C-4F63-BF44-6F40842E446E} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5F5DA8AD-8F01-4A54-BF81-21474E180659} - System32\Tasks\snf => C:\ProgramData\ExtTag\5ih34kut.exe [2015-08-07] ()
Task: {63156468-9615-4771-B86D-9FBD45D31373} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {66F8D422-8A13-43E7-A9F1-9CA57B4165CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-05] (Google Inc.)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {852BC4F7-5D41-47E5-BEBC-B31574F5A5A7} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-07-02] ()
Task: {8605E3DF-CD01-41C4-AE87-3095341044BA} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-31] (Microsoft Corporation)
Task: {8EEC4A06-D0B2-4AAF-A2C9-DB240155367E} - System32\Tasks\snp => C:\ProgramData\ExtTag\5ih34kut.exe [2015-08-07] ()
Task: {95EC6825-EED4-4289-8ECF-37783AC11717} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2014-10-09] ()
Task: {9DB2940F-5714-4477-B413-33DA1AFDAB00} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {ACD040A5-F5F8-4AB3-B15F-598CA1404A1F} - System32\Tasks\AsushomeCloudStart => C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUS HomeCloud.exe [2014-12-10] ()
Task: {C442FB69-37CE-407E-8F7E-DCB2D13A8A07} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CAADC780-2C17-410D-A9F5-920174CEE321} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {CB86C4DD-1469-45F2-B21A-0123253CC596} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-05-28] (ASUSTeK Computer Inc.)
Task: {D1D2A72B-4C8F-4BAE-B56E-26E78D2B21E9} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {D73A286F-4EB5-4697-8328-7D61F631AC10} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {DE44ECC0-644D-462F-9A4D-653564A67BEE} - System32\Tasks\{C3B07C2B-5EE2-4D0F-B435-09EAFB071681} => pcalua.exe -a "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\39.6.2171.95\Installer\setup.exe" -c --uninstall --system-level
Task: {E69D4E7A-7F7B-42D3-938D-A9DA076C5455} - System32\Tasks\ASUS\ASUS Media Streamer DMR => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe [2014-11-27] ()
Task: {E8086FB2-FFAB-4C96-9FFD-F829A6E31DFE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {F7BCD099-C762-4289-B609-AB742BAEBBF7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 05:00 - 2015-07-10 05:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-07-31 22:33 - 2015-07-31 22:33 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-31 22:10 - 2014-04-24 00:29 - 01360016 _____ () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2015-08-18 19:48 - 2015-08-11 03:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-08-04 05:45 - 2015-08-04 05:45 - 00035840 _____ () C:\ProgramData\ExtTag\ExtTag.exe
2015-07-31 22:10 - 2015-07-31 22:10 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2015-08-04 07:01 - 2015-08-04 07:01 - 00379392 _____ () C:\Program Files\schk32\schk32.exe
2015-08-14 18:54 - 2015-07-30 00:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 01270584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2015-07-31 22:33 - 2014-10-09 09:30 - 01430328 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2015-07-31 22:17 - 2014-11-27 14:26 - 00304952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
2015-08-14 18:54 - 2015-07-30 00:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-18 00:35 - 2015-07-18 00:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-07-10 04:59 - 2015-07-10 04:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-31 22:34 - 2014-08-01 14:58 - 01065272 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2015-07-31 22:34 - 2014-07-25 16:32 - 00036152 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2015-07-31 22:21 - 2014-05-23 09:44 - 00039736 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\ASUSRelayWS.exe
2014-12-10 03:43 - 2014-12-10 03:43 - 02154280 _____ () C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUS HomeCloud.exe
2015-07-31 22:12 - 2013-06-20 21:01 - 00109848 _____ () C:\WINDOWS\SYSTEM32\AcpiServiceVnA64.dll
2015-07-31 22:12 - 2014-05-22 02:24 - 00096568 _____ () C:\WINDOWS\SYSTEM32\audioLibVc.dll
2015-07-31 22:17 - 2014-11-27 14:26 - 01252152 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
2015-07-31 22:17 - 2014-11-27 14:26 - 01252664 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
2015-07-31 22:17 - 2014-11-27 14:25 - 00083256 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
2015-07-31 22:33 - 2014-05-14 05:58 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2015-08-26 20:58 - 2015-08-26 21:00 - 00007168 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.820.12440.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-08-26 20:58 - 2015-08-26 21:00 - 11603456 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.820.12440.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-07-10 07:17 - 2015-07-10 07:17 - 07897088 _____ () C:\Program Files\WindowsApps\Microsoft.NET.Native.Framework.1.0_1.0.22929.0_x64__8wekyb3d8bbwe\SharedLibrary.dll
2015-08-28 13:14 - 2015-08-28 13:14 - 00855040 _____ () C:\Program Files\schk32\packages\f48ed78d-aeb7-4b44-aa70-a058686b328f\NixHost.exe
2015-08-14 18:54 - 2015-08-02 19:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 05:00 - 2015-07-10 07:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-18 19:48 - 2015-08-11 02:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-14 18:54 - 2015-08-02 19:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 05:00 - 2015-07-10 07:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-31 22:10 - 2015-08-27 21:04 - 00046736 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2015-07-31 22:10 - 2015-05-08 00:26 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2015-07-31 22:33 - 2014-04-25 06:03 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2015-07-31 22:33 - 2014-04-25 06:03 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2015-07-31 22:33 - 2014-07-02 12:10 - 00872960 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AI Charger+\AIChargerPlus.dll
2015-07-31 22:33 - 2014-07-17 11:42 - 04095488 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2015-07-31 22:33 - 2014-10-30 15:36 - 01139712 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2015-07-31 22:33 - 2014-04-25 06:03 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00053248 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Exeio.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00278528 _____ () C:\Program Files (x86)\ASUS\VGA COM\1.00.20\Vender.dll
2015-07-31 22:16 - 2014-01-22 10:33 - 00662016 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2015-07-31 22:34 - 2012-01-19 09:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2015-07-31 22:33 - 2014-04-25 06:03 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2015-07-31 22:33 - 2014-04-25 06:03 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2015-07-31 22:35 - 2014-07-03 16:05 - 00063488 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Wi-Fi Engine\IsSupported.dll
2015-07-31 22:34 - 2010-09-23 11:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll
2015-07-31 22:34 - 2010-02-25 14:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2015-07-31 22:33 - 2014-07-09 11:05 - 00711680 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00851456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00801792 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00807936 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00875008 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\AppTuneDll.dll
2015-07-31 22:33 - 2014-10-09 09:31 - 00237568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2015-07-31 22:33 - 2014-02-24 17:49 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2015-07-31 22:21 - 2014-01-22 10:36 - 00475136 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFiGO_HookKey.dll
2015-07-31 22:21 - 2013-10-10 03:10 - 00176128 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\DLCapPP.dll
2015-07-31 22:21 - 2014-07-04 17:26 - 00339968 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\AudioProjection.dll
2015-07-31 22:21 - 2010-12-14 17:46 - 00067584 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\CoreAudioCap.dll
2015-07-31 22:21 - 2013-06-11 12:06 - 00425984 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\awiscale.DLL
2015-07-31 22:21 - 2013-09-12 14:07 - 00221184 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\JpegCD.DLL
2015-07-31 22:21 - 2013-12-18 19:53 - 02502656 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\xH264E.DLL
2015-07-31 22:21 - 2014-08-28 11:06 - 00195584 _____ () C:\Program Files (x86)\InstallShield Installation Information\{F5A3E41B-64E8-45BC-806C-57C81DED4409}\CloudAPI\CloudAPI.dll
2015-07-31 22:21 - 2014-01-22 10:36 - 00753664 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiMoveHelp.dll
2015-07-31 22:21 - 2014-01-22 10:35 - 00684032 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\PhoneCtrlAPI.dll
2015-07-31 22:34 - 2013-11-20 10:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2015-07-31 22:34 - 2013-07-02 10:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2014-03-10 19:51 - 2014-03-10 19:51 - 00065024 _____ () C:\Program Files\ASUS\HomeCloud\ServerConsole\AsWoWDLL.dll
2015-07-31 22:17 - 2014-11-27 14:25 - 00253952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\pngio.dll
2015-07-31 22:21 - 2014-01-22 10:35 - 00253952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFile\pngio.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2015-07-31 22:33 - 2014-07-02 17:41 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll
2015-07-31 22:34 - 2014-04-10 15:23 - 00643584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMiniMsg.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\sephr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 186.177.67.145 - 186.177.67.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "gpuminer"
HKLM\...\StartupApproved\Run32: => "AO Link Server"
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1688417143-2985529939-1315570496-1001\...\StartupApproved\Run: => "Steam"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{57312EFF-701D-4B7B-816D-98E4168B5F7B}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
FirewallRules: [{757A99A1-D63E-49D9-B2E4-E0B7ACDDBF22}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
FirewallRules: [{9262DEF7-739C-4F4C-B617-D61B2FB0B9A7}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
FirewallRules: [{B878D502-69E8-4866-9CCE-345E6B3E2AC2}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
FirewallRules: [{DD8FD154-32D4-41F0-A9DD-287740514F6B}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AORelayDMS.exe
FirewallRules: [{6E4CAE4B-AD4D-4518-9FF9-2066347F369C}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AORelayDMS.exe
FirewallRules: [{6D8C8CC7-CA76-482F-AB22-B798257999C0}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\AMSRelayHelpAgent.exe
FirewallRules: [{D9F2B4B3-1BA2-4E6B-B0E4-6C2CCCEA9AA8}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\AMSRelayHelpAgent.exe
FirewallRules: [{DB1D346B-3660-4367-A7C8-6B2735F365D0}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\MediaStreamer.exe
FirewallRules: [{2C3375BC-8658-426E-A845-E0FDC43AB046}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\MediaStreamer.exe
FirewallRules: [{A499CD43-371E-4DA4-AE8D-8EDCDEAC8554}] => (Allow) C:\Program Files\ASUS\HomeCloud\Tomcat\Tomcat_OmniStore\bin\tomcat6.exe
FirewallRules: [{AA93712E-961F-40CF-A8A1-0D2BE6B9F021}] => (Allow) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
FirewallRules: [{5AACE407-812C-4D85-A19C-E348E5223D6B}] => (Allow) C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUS HomeCloud.exe
FirewallRules: [{738666B3-B325-4A6F-BFD7-F2800FCEFD1B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1F0BF731-8D4C-43C9-A284-030B2AB2F630}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{1ADF156B-A656-4089-BDA3-1F5FEB6E07E9}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{6355528A-E5D6-4B7E-9FEE-044CFA2F4417}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{EC8E6C52-B172-4073-A2E1-7EB6E3724FC3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{BA1312D0-8DAD-4C8B-9D4A-8ABD26F71047}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\dota 2 beta\dota.exe
FirewallRules: [{16CB3C7E-60C6-4405-B23E-84A0E6F65C46}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{ACB55F2D-16AB-4F95-8FFD-4F47E1147178}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Sid Meier's Civilization V\Launcher.exe
FirewallRules: [{9A850941-E092-4ADB-8E3D-94AE3A4FE400}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{488DD1AF-F849-4C77-90C3-55832B4EEC2B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{17CA90A7-C7A7-412E-845D-7A3A0442F63C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AKIBA'S TRIP Undead & Undressed\AkibaUU.exe
FirewallRules: [{C6BC6CB3-58A8-408A-B3D4-BFDD84404AE6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\AKIBA'S TRIP Undead & Undressed\AkibaUU.exe
FirewallRules: [{0013A5A8-FA34-4C6D-B517-3C5E23921B41}] => (Allow) C:\ProgramData\EroBisis\onuaci.exe
FirewallRules: [{D1DFE173-6AED-4C83-B009-8E8764187C44}] => (Allow) C:\ProgramData\EroBisis\onuaci.exe
FirewallRules: [{61AC5E03-5B8E-4708-B0DD-DC4B1C011F64}] => (Allow) C:\ProgramData\EroBisis\onuaci.exe
FirewallRules: [{960D753A-5A91-4140-A991-EA1782172FDB}] => (Allow) C:\ProgramData\EroBisis\onuaci.exe
FirewallRules: [{A1420972-064F-451A-9416-D2E15BC086BD}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{7125B222-8474-49DF-A53B-BB54BD4618B6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{2F6D147E-CC43-4BBA-B5FE-0A3D2E31C97F}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{86148DC4-B952-4205-A872-F382D9A8FEBF}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{C9302E1D-E32D-4342-8CB4-8F44227C1BB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roommates\Roommates.exe
FirewallRules: [{8864317B-C5B5-4A26-A2B3-73557BB79C3E}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Roommates\Roommates.exe
FirewallRules: [{01001E80-60FC-4E39-BF0F-598E4AD9E240}] => (Allow) C:\Users\sephr\AppData\Local\Temp\Rar$EXa0.629\KMSpico.v9.1.3.20131211\KMSpico Portable\AutoPico.exe
FirewallRules: [{E8FD6D18-4A18-490E-8455-CAE47CD59B06}] => (Allow) C:\Users\sephr\AppData\Local\Temp\Rar$EXa0.629\KMSpico.v9.1.3.20131211\KMSpico Portable\AutoPico.exe
FirewallRules: [{F508DA3C-64D6-4D1C-866E-CC67F2E9A530}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{6BCC8FE4-209C-44FD-B7BB-CD38FEAF08F2}] => (Allow) C:\Program Files\KMSpico\KMSELDI.exe
FirewallRules: [{DB234B6E-E765-49F7-8484-0E6E8CABA935}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{B7F1EAF9-42AE-4BD7-8EF3-EFB204B3752A}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{F528FEBD-CE1A-456B-901A-E09363C6BC53}] => (Allow) C:\Users\sephr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F3F034EB-A384-4DDA-96F2-47AB1EE005F1}] => (Allow) C:\Users\sephr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{43BB2ECA-DCDE-47A5-8712-C5F2B8235F35}] => (Allow) C:\Users\sephr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{716E7F19-F350-4B2A-9620-54173414C427}] => (Allow) C:\Users\sephr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9458468-9DF9-433D-8B76-134D80845085}] => (Allow) C:\Users\sephr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{BBE6998C-05AE-4515-9B9F-8D4B58A84A5F}] => (Allow) C:\Users\sephr\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{7531BB53-34FE-434F-BAF0-12B2DD388367}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [UDP Query User{F73389E3-5864-402F-936F-1F2558CB6492}C:\program files (x86)\asus\ai suite iii\aisuite3.exe] => (Block) C:\program files (x86)\asus\ai suite iii\aisuite3.exe
FirewallRules: [{DEF6CFF5-9A82-4229-B629-73AB9E2A23CD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FE9911AA-0E04-4F2B-A149-CC0EAFE764EF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2A6C958E-8E9A-4DF3-8A73-71E0F91DA990}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{5D0CF18A-08FB-4F54-B665-65487456BD04}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E27161D6-3F6E-49DC-9795-4787DD641E34}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{8A320710-326E-4A44-89E3-96475C04D838}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{E8DA9116-7C52-4945-A55E-A3C777A51F04}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{A18170B7-F62D-43AE-851D-3B50D01A2839}] => (Allow) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
FirewallRules: [{9AC4D4D5-F75C-47FC-AE69-4121FC91C909}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server.exe
FirewallRules: [{29922A6C-6CA2-452A-AE16-AF771F734193}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO! AssistTool\WiFi GO! Server.exe
FirewallRules: [{B9384744-BC7F-4B6B-A98F-CCB417C6024C}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO!\ASUSDMS.exe
FirewallRules: [{9877E97D-468E-4FB9-8321-7C71DE6657BE}] => (Allow) C:\Program Files (x86)\ASUS\HomeCloud\Wi-Fi GO!\ASUSDMS.exe
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/28/2015 01:36:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10240.16431, time stamp: 0x55c9bd9e
Faulting module name: eModel.dll, version: 11.0.10240.16431, time stamp: 0x55c9ba28
Exception code: 0xc0000409
Fault offset: 0x0000000000112bc3
Faulting process id: 0x22ac
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
 
Error: (08/28/2015 10:44:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/28/2015 10:43:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (08/28/2015 08:16:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6121.2376, time stamp: 0x55d7a527
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x22e4
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5
 
Error: (08/28/2015 08:14:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000409
Fault offset: 0x000b3e28
Faulting process id: 0x1754
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5
 
Error: (08/28/2015 12:07:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LILITH)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/27/2015 09:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6106.2350, time stamp: 0x55c40ea1
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x568
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5
 
Error: (08/27/2015 09:04:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xc0000409
Fault offset: 0x000b3e28
Faulting process id: 0x127c
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5
 
Error: (08/27/2015 09:04:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffcf5be0668
Faulting process id: 0x838
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5
 
Error: (08/26/2015 08:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6106.2350, time stamp: 0x55c40ea1
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x2544
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5
 

System errors:
=============
Error: (08/28/2015 08:14:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2
 
Error: (08/28/2015 12:07:47 AM) (Source: DCOM) (EventID: 10010) (User: LILITH)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (08/28/2015 12:07:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2015 12:07:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2015 12:07:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/28/2015 12:07:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/27/2015 09:07:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (08/27/2015 09:06:35 PM) (Source: DCOM) (EventID: 10016) (User: LILITH)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}LILITHsephrS-1-5-21-1688417143-2985529939-1315570496-1001LocalHost (Using LRPC)Microsoft.WindowsStore_2015.8.12.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
 
Error: (08/27/2015 09:04:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The BCM42RLY service failed to start due to the following error:
%%2
 
Error: (08/27/2015 09:04:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).
 

Microsoft Office:
=========================
Error: (08/28/2015 01:36:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: MicrosoftEdge.exe11.0.10240.1643155c9bd9eeModel.dll11.0.10240.1643155c9ba28c00004090000000000112bc322ac01d0e1aac48cdcefC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exeC:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\eModel.dllffc77b6c-4125-443e-8e1c-b8c174ccb3a5Microsoft.MicrosoftEdge_20.10240.16384.0_neutral__8wekyb3d8bbweMicrosoftEdge
 
Error: (08/28/2015 10:44:03 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (08/28/2015 10:43:52 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
 
Error: (08/28/2015 08:16:44 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OHub.exe16.0.6121.237655d7a527ntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28c22e401d0e19c2a297716C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbwe\OHub.exeC:\WINDOWS\SYSTEM32\ntdll.dll805796a6-d67d-4b68-818b-8b5bb6d929ebMicrosoft.MicrosoftOfficeHub_17.6121.23761.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub
 
Error: (08/28/2015 08:14:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll10.0.10240.16384559f3b2ac0000409000b3e28175401d0e19be230954bC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll74629371-8c8b-4ec9-a3c9-4c0cd66d21db
 
Error: (08/28/2015 12:07:47 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LILITH)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141
 
Error: (08/27/2015 09:06:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OHub.exe16.0.6106.235055c40ea1ntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28c56801d0e13e8ae186f2C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\OHub.exeC:\WINDOWS\SYSTEM32\ntdll.dll225de057-76bf-4ef5-b478-232522052440Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub
 
Error: (08/27/2015 09:04:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll10.0.10240.16384559f3b2ac0000409000b3e28127c01d0e13e451e0b46C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dlle337800e-3bfd-4fb6-8116-f8bbc2c467e1
 
Error: (08/27/2015 09:04:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffcf5be066883801d0e13e40969f0aC:\Program Files\KMSpico\Service_KMS.exeunknown30d00166-d9e2-4f89-893d-02b180e70d2c
 
Error: (08/26/2015 08:49:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OHub.exe16.0.6106.235055c40ea1ntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28c254401d0e072feffb479C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\OHub.exeC:\WINDOWS\SYSTEM32\ntdll.dll567cd877-49d0-4529-a4bc-2431485762afMicrosoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub
 

CodeIntegrity:
===================================
  Date: 2015-08-27 21:52:03.038
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-26 19:53:53.422
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-23 21:50:59.717
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-22 10:52:29.613
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-20 06:48:21.094
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-18 19:31:16.044
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-14 19:08:48.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-12 23:38:53.810
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-11 07:02:37.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-08-10 21:06:16.426
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Core™ i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 26%
Total physical RAM: 16067.02 MB
Available physical RAM: 11739.56 MB
Total Virtual: 18499.02 MB
Available Virtual: 13037.95 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:231.93 GB) (Free:126.6 GB) NTFS
Drive d: () (Fixed) (Total:111.78 GB) (Free:75.47 GB) NTFS
Drive e: () (Fixed) (Total:232.88 GB) (Free:232.76 GB) NTFS
Drive f: (Skyrim LE) (CDROM) (Total:23.93 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 111.8 GB) (Disk ID: 00090D83)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 1FC828E7)
Partition 1: (Active) - (Size=232.9 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
aswMBR.txt
 
aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2015-08-28 13:50:56
-----------------------------
13:50:56.763    OS Version: Windows x64 6.2.9200
13:50:56.764    Number of processors: 8 586 0x3C03
13:50:56.764    ComputerName: LILITH  UserName: sephr
13:50:56.989    Initialize success
13:50:59.036    VM: initialized successfully
13:50:59.036    VM: Intel CPU BiosDisabled
13:58:09.952    AVAST engine defs: 15082800
13:58:29.765    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000037
13:58:29.765    Disk 0 Vendor: Samsung_SSD_850_EVO_250GB EMT01B6Q Size: 238475MB BusType: 11
13:58:29.765    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000038
13:58:29.765    Disk 1 Vendor: ST3120827AS 3.42 Size: 114473MB BusType: 11
13:58:29.781    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000003a
13:58:29.781    Disk 2 Vendor: WDC_WD2500BEVT-00A23T0 01.01A01 Size: 238475MB BusType: 11
13:58:29.781    Disk 0 MBR read successfully
13:58:29.781    Disk 0 MBR scan
13:58:29.933    Disk 0 Windows 7 default MBR code
13:58:29.936    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
13:58:30.223    Disk 0 scanning C:\WINDOWS\system32\drivers
13:59:32.624    Service scanning
14:00:23.965    Modules scanning
14:00:23.979    Disk 0 trace - called modules:
14:00:23.998    ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
14:00:24.010    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0015b3c9060]
14:00:24.020    3 CLASSPNP.SYS[fffff800972946c5] -> nt!IofCallDriver -> \Device\00000037[0xffffe0015b140060]
14:00:24.291    AVAST engine scan C:\WINDOWS
14:00:26.900    AVAST engine scan C:\WINDOWS\system32
14:14:09.228    AVAST engine scan C:\WINDOWS\system32\drivers
14:14:34.770    AVAST engine scan C:\Users\sephr
14:14:42.430    File: C:\Users\sephr\AppData\Local\7799A1C0-1438729193-11DD-8C32-086266456FEC\onshB8BD.tmp  **INFECTED** Win32:Adware-gen [Adw]
14:35:26.982    File: C:\Users\sephr\AppData\Local\Temp\nsa33.exe  **INFECTED** Win32:Dropper-gen [Drp]
14:35:29.846    File: C:\Users\sephr\AppData\Local\Temp\nsaE0B0.tmp  **INFECTED** Win32:Adware-gen [Adw]
14:35:35.654    File: C:\Users\sephr\AppData\Local\Temp\nsd2594.tmp  **INFECTED** Win32:Adware-gen [Adw]
14:35:43.400    File: C:\Users\sephr\AppData\Local\Temp\nsi62CB.exe  **INFECTED** Win32:Adware-gen [Adw]
14:35:58.238    File: C:\Users\sephr\AppData\Local\Temp\nsj399A.exe  **INFECTED** Win32:Adware-gen [Adw]
14:36:03.653    File: C:\Users\sephr\AppData\Local\Temp\nskFDDB.exe  **INFECTED** Win32:Adware-gen [Adw]
14:36:05.646    File: C:\Users\sephr\AppData\Local\Temp\nsnA657.tmp  **INFECTED** Win32:Adware-gen [Adw]
14:36:11.043    File: C:\Users\sephr\AppData\Local\Temp\nsq8749.exe  **INFECTED** Win32:Adware-gen [Adw]
14:36:16.582    File: C:\Users\sephr\AppData\Local\Temp\nst49EC.exe  **INFECTED** Win32:Adware-gen [Adw]
14:36:23.468    File: C:\Users\sephr\AppData\Local\Temp\nsuEB59.tmp  **INFECTED** Win32:Adware-gen [Adw]
14:36:23.754    File: C:\Users\sephr\AppData\Local\Temp\nsvEC93.tmp  **INFECTED** Win32:Dropper-gen [Drp]
14:36:29.677    File: C:\Users\sephr\AppData\Local\Temp\nszD9DC.exe  **INFECTED** Win32:Adware-gen [Adw]
14:41:58.639    AVAST engine scan C:\ProgramData
14:42:50.836    File: C:\ProgramData\EroBisis\onu6ci.dll  **INFECTED** Win32:Adware-gen [Adw]
14:42:51.426    File: C:\ProgramData\ExtTag\5bnc1nqe.dll  **INFECTED** Win32:Adware-gen [Adw]
14:42:52.775    File: C:\ProgramData\ExtTag\5bzhrxtz.dll  **INFECTED** Win32:Adware-gen [Adw]
14:42:54.374    File: C:\ProgramData\ExtTag\jagzcrox.dll  **INFECTED** Win32:Adware-gen [Adw]
14:43:00.384    File: C:\ProgramData\ExtTag\wry3syph.dll  **INFECTED** Win32:Adware-gen [Adw]
14:43:00.425    File: C:\ProgramData\ExtTag\x1zky5lx.dll  **INFECTED** Win32:Adware-gen [Adw]
14:50:44.724    Disk 0 statistics 3595066/0/0 @ 71.56 MB/s
14:50:44.728    Scan finished successfully
14:54:42.152    Disk 0 MBR has been saved successfully to "D:\Users\sephr\Downloads\MBR.dat"
14:54:42.171    The log file has been saved successfully to "D:\Users\sephr\Downloads\aswMBR.txt"
 
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 29 August 2015 - 09:30 AM

Hello sephrasu

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

.

.

uninstall some programs

First thing we are going to do is to uninstall some programs that I see listed, you can do this from the control panel - For (XP) it is called "Add/Remove" and in (Vista and later) it is called "Program and Features"* or you can use a program called Revo uninstaller to uninstall them
  • Programs to remove

    • µTorrent
      KMSpico v9.1.3



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Programs listed above one at a time
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

.

Clean Out Temp Files
  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here CCleaner
    • Run the installer to install the application.
    • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
    • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
    • Click Run Cleaner.
    • Close CCleaner.
.

: Malwarebytes' Anti-Malware :

Install Malwarebytes Antimalware

1.Download Malwarebytes Anti-Malware at Malwarebytes
2.After downloading, double-click the downloaded file to get started.
3.Choose Yes if the User Account Control dialog appears.
4.The installation wizard will now appear to guide you through the upgrade process.
5.Click on Next.
6.Review and accept the license agreement, then click Next.
7.Review the latest changes made to Malwarebytes Anti-Malware, then click Next.
8.Choose where to install Malwarebytes Anti-Malware, then click Next.
9.Choose whether or not to have a Start Menu entry and its name, then click Next.
10.Choose if you want a desktop icon, then click Next.
11.Review your installation choices, then click Install.
12.The wizard will begin to install the files.
13.After upgrading, you will have the option to enable a free trial of Malwarebytes Anti-Malware Premium.

To see a video on how to do this - https://helpdesk.malwarebytes.org/entries/44648553

Now lets run a scan

1.On the Dashboard, click the 'Update Now >>' link
2.After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
3.If an update is available, click the Update Now button.
4.A Threat Scan will begin.
5.When the scan is complete, if there have been detections,verify that everything has been selected (All boxes on left have a check mark)
**Note** If they are to many to check then you can put a check mark in the very top box and this will select them all
6.click "Remove Selected" to allow MBAM to clean what was detected.
6.In most cases, a restart will be required.
7.Wait for the prompt to restart the computer to appear, then click on Yes.

Get the report

1.After the restart once you are back at your desktop, open MBAM once more.
2.Click on the History tab at the top
3. Click on the Application Logs at the left
4.Double click on the scan log which shows the Date and time of the scan just performed.
5.Click 'Export'.
6.Click 'Text file (*.txt)'
7.In the Save File dialog box which appears, click on Desktop.
8.In the File name: box type a name for your scan log.
9.A message box named 'File Saved' should appear stating "Your file has been successfully exported".
10.Click Ok
11. Attach that saved log to your next reply.

.

Gringo

Edited by gringo_pr, 29 August 2015 - 09:30 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 sephrasu

sephrasu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 29 August 2015 - 10:15 PM

Hello,

 

 

And first of all thanks for the help.

 

Here is my log.

 

The program deleted a lot of files and I haven't seen any of the symptoms since the restart (have been only about 10 minutes or so but let's hope they don't appear again)

 

 

 

Thanks again.

Attached Files



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 30 August 2015 - 05:41 AM




Hello sephrasu

.
At this point I would like you to check out the computer and give me an update to how it is doing.

This feedback will let me know if we need to keep digging deeper and will also let me know if we need to go into a different direction.

I also need you to rerun FRST for me and I would also like to have the Addition.txt with it so please run it this way
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • When the tool opens click "Yes" for the disclaimer in order to continue using "FRST".
  • Under the section called "Whitelist" make sure all boxes are checked
  • Under the section called "Optional Scan" I would like you to have a check mark next to "Addition.txt"
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
Note** If you cannot find where you saved "FRST" the first time then here are the links again for you.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Please attach both reports to your Next reply

.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 sephrasu

sephrasu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 30 August 2015 - 02:42 PM

Hello Gringo.

 

Attaching my FRST.txt and Addition.txt files.

 

 

 

 

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 30 August 2015 - 03:21 PM

Hello sephrasu

.

.
At this point I would like you to check out the computer and give me an update to how it is doing.

This feedback will let me know if we need to keep digging deeper and will also let me know if we need to go into a different direction.


.

Gringo

Edited by gringo_pr, 30 August 2015 - 03:21 PM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 sephrasu

sephrasu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 30 August 2015 - 10:49 PM

I have been running it for about a day now and I don't see any of the symtomps that I had.

 

Seems like it's ok now.

 

 

 

Thanks for all the help.



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 31 August 2015 - 06:02 AM



Hello sephrasu

Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.

:Why we need to remove some of our tools:
  • Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight.
    They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

    The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
.

Please download DelFix and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click DelFix.exe.
  • select all options avalible
  • Click the Run button.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
:The programs you can keep:

Some of the programs that we have used would be a good idea to keep and used often in helping to keep the computer clean. I use these programs on my computer.
  • Revo Uninstaller Free - this is the uninstaller that I had you download and works allot better than add/remove in windows and has saved me more than once from corrupted installs and uninstalls

    CCleaner - This is a good program to clean out temp files, I would use this once a week or before any malware scan to remove unwanted temp files - It has a built in registry cleaner but I would leave that alone and not use any registry cleaner

    Malwarebytes' Anti-Malware The Gold standerd today in antimalware scanners

:Security awareness:

It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them Then consider a password keeper to keep all your passwords safe. KeePass is a small utility that allows you to manage all your passwords.

As Java seems to get exploited on a daily basis I advise to disable java in your web browsers - How to disable java in your web browsers - Disable Java

Always have an Anti-virus installed - whats-the-best-antivirus-and-how-do-i-choose-one
Also use an Antimalware program - Malwarebytes Antimalware is a good choice :)
I also use an Anti-exploit program - Malwarebytes Anti-Exploit (I would at least use the free version)

.

The other question I am asked all the time is "How can I prevent this from happening again." and the short answer to that is to be aware of what is out there and how to start spotting dangers.

Here are some articles that are must reads and should be read by everybody in your household that uses the internetHere is some more reading for you from some of my collegesquoted from Tech Support Forum

Conclusion

There is no such thing as ‘perfect security’. This applies to many things, not just computer systems. Using the above guide you should be able to take all the reasonable steps you can to prevent infection. However, the most important part of all this is you, the user. Surf sensibly and think before you download a file or click on a link. Take a few moments to assess the possible risks and you should be able to enjoy all the internet has to offer.


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 sephrasu

sephrasu
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:45 PM

Posted 31 August 2015 - 07:37 PM

Thanks for all the help and I think that's all.

 

 

Thanks Again.



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 01 September 2015 - 11:55 AM

You are more than welcome


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:06:45 PM

Posted 05 September 2015 - 09:53 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users