Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AV found DOWNLOADADMIN-K pup. Am I still infected?


  • This topic is locked This topic is locked
10 replies to this topic

#1 janefs

janefs

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:24 PM

Posted 02 January 2016 - 05:43 AM

Routine deep scan found vlcmediaplayer-setup.exe was infected by DOWNLOADADMIN-K pup.

 

.exe was quarantined and deleted.

 

Am I still infected (registry or service) by the PUP / virus?

 

FRST copied below, and addition.txt is attached.

 

Thanks, Jane

 

-------------

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by jiane (administrator) on JIANE-ASUSN56 (02-01-2016 11:27:48)
Running from C:\Users\jiane\Documents\Housekeeping Programmes
Loaded Profiles: UpdatusUser & jiane (Available Profiles: UpdatusUser & jiane & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(VoipConnect) C:\Program1\voipconnect.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-10-28] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-17] (Alcor Micro Corp.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5207272 2015-07-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2011-12-30] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-27] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-03-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-03-24] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-04-06] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\Run: [Facebook Update] => C:\Users\jiane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\Run: [VoipConnect] => C:\Program1\voipconnect.exe [32417376 2015-07-23] (VoipConnect)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\RunOnce: [Uninstall C:\Users\jiane\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jiane\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-06-18]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-07-18]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-10-11]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32326d9b-d1ab-420c-928c-4669dbc09acf}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-774148936-2429103290-1943999915-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-774148936-2429103290-1943999915-1002 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-774148936-2429103290-1943999915-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-02] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-28] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jiane\AppData\Roaming\Mozilla\Firefox\Profiles\wq3vuo55.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774148936-2429103290-1943999915-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\jiane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\jiane\AppData\Roaming\Mozilla\Firefox\Profiles\wq3vuo55.default\searchplugins\google-avast.xml [2015-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.dalani.it/014-oldengland-house/?&utm_source=evening-newsletter&utm_medium=da-newsletter&utm_content=old_england&utm_campaign=evening-nl-20140408&utm_term=no-special-tg
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps://mail.google.com/mail/u/0/?pli=1#inbox","hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Skype Web Plugin) - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\jiane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Profile: C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (ADTelly PRO Watch BBC iPlayer & ITV abroad) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijiggndnopldglgelamfhfhicjbfdam [2014-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (BBC iPlayer Proxy) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2015-07-04]
CHR Extension: (Gmail) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-27] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-06] (Dropbox, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [9059848 2015-12-28] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-09] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-04] (The OpenVPN Project)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5207272 2015-07-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-03-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros) [File not signed]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-27] ()
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4334232 2015-10-09] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-02] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo_0125.sys [40704 2015-07-18] (SoftEther Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-27] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-02 11:27 - 2016-01-02 11:27 - 00000000 ____D C:\FRST
2016-01-01 13:06 - 2016-01-01 13:06 - 00033856 _____ C:\Users\jiane\Downloads\WrapAccountSummary-100130912.pdf
2016-01-01 13:06 - 2016-01-01 13:06 - 00017239 _____ C:\Users\jiane\Downloads\WrapSummary-100130912 (1).pdf
2016-01-01 12:56 - 2016-01-01 12:56 - 00017239 _____ C:\Users\jiane\Downloads\WrapSummary-100130911 (2).pdf
2016-01-01 11:22 - 2016-01-01 11:22 - 00000000 ___HD C:\OneDriveTemp
2015-12-31 14:04 - 2015-12-31 14:04 - 00064270 _____ C:\Users\jiane\Downloads\Statement_18Dec2015.pdf
2015-12-31 14:03 - 2015-12-31 14:03 - 00069442 _____ C:\Users\jiane\Downloads\Statement_18Feb2015.pdf
2015-12-31 14:02 - 2015-12-31 14:02 - 00299278 _____ C:\Users\jiane\Downloads\Statement_18Jan2015.pdf
2015-12-29 16:05 - 2015-12-29 16:08 - 55480708 _____ C:\Users\jiane\Downloads\wdhxnc-01.02.14.img
2015-12-29 15:23 - 2015-12-29 15:25 - 24465560 _____ (Siber Systems) C:\Users\jiane\Downloads\GoodSync-Setup-cnetg.exe
2015-12-29 10:11 - 2015-12-29 10:11 - 00002231 _____ C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodSync.lnk
2015-12-28 15:08 - 2015-12-28 15:08 - 00000000 ____D C:\Users\jiane\AppData\Local\{C412057A-C772-496B-B64A-FA10A7DC537F}
2015-12-28 13:15 - 2015-12-28 13:15 - 00608600 _____ C:\Users\jiane\Downloads\JCF_relazione.pdf
2015-12-24 10:41 - 2015-12-24 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-23 16:48 - 2015-12-23 16:48 - 00297907 _____ C:\Users\jiane\Documents\Baby poncho.pdf
2015-12-23 12:57 - 2015-12-23 12:57 - 00050197 _____ C:\Users\jiane\Downloads\Beauclerc AR 2015.pdf
2015-12-22 08:01 - 2015-12-22 08:01 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-12-19 11:07 - 2015-12-19 11:07 - 00002059 _____ C:\Users\Public\Desktop\Contact Wolf.lnk
2015-12-19 11:07 - 2015-12-19 11:07 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Lone Wolf Software
2015-12-19 11:07 - 2015-12-19 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contact Wolf
2015-12-19 11:07 - 2015-12-19 11:07 - 00000000 ____D C:\Program Files (x86)\Contact Wolf
2015-12-19 11:02 - 2015-12-19 11:06 - 20802720 _____ (Lone Wolf Software ) C:\Users\jiane\Downloads\CWsetup.exe
2015-12-18 16:20 - 2015-12-18 16:59 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Handy Address Book
2015-12-18 16:20 - 2015-12-18 16:20 - 00000000 ____D C:\ProgramData\GrebleSoft
2015-12-18 11:25 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 11:25 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 11:25 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 11:25 - 2015-12-07 05:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 11:25 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 11:25 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 11:25 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 11:25 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 11:25 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 11:25 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 11:25 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 11:25 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 11:25 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 11:25 - 2015-12-07 05:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 11:25 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 11:25 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 11:25 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 11:25 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 11:25 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 11:25 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 11:25 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 11:25 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 11:25 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 11:25 - 2015-12-07 05:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 11:25 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 11:25 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 11:25 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 11:25 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 11:25 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 11:25 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 11:25 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 11:25 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 11:25 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 11:25 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 11:25 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 11:25 - 2015-12-07 04:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 11:25 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 11:25 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 11:25 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 11:25 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 11:25 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 11:25 - 2015-12-07 04:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 11:25 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 11:25 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 11:25 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 11:25 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 11:25 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 11:25 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 11:25 - 2015-12-07 04:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 11:25 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 11:25 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 11:25 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 11:25 - 2015-12-07 04:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 11:25 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 11:25 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 11:25 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 11:25 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 11:25 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 11:25 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 11:25 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 11:25 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 11:25 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 11:25 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 16:19 - 2015-12-17 16:19 - 01232638 _____ C:\Users\jiane\Downloads\ContabileF24.pdf
2015-12-17 09:40 - 2015-12-17 09:40 - 00000787 _____ C:\Users\jiane\Documents\Desktop - Shortcut.lnk
2015-12-16 16:46 - 2015-12-16 16:46 - 00017244 _____ C:\Users\jiane\Downloads\WrapSummary-100130912.pdf
2015-12-16 16:36 - 2015-12-16 16:36 - 00017244 _____ C:\Users\jiane\Downloads\WrapSummary-100130911 (1).pdf
2015-12-16 16:26 - 2015-12-16 16:26 - 00033867 _____ C:\Users\jiane\Downloads\WrapAccountSummary-100130911.pdf
2015-12-16 16:26 - 2015-12-16 16:26 - 00017244 _____ C:\Users\jiane\Downloads\WrapSummary-100130911.pdf
2015-12-16 15:51 - 2015-12-16 15:51 - 00389067 _____ C:\Users\jiane\Downloads\merged.pdf
2015-12-16 15:44 - 2015-12-16 15:44 - 00022057 _____ C:\Users\jiane\Downloads\selection (38).pdf
2015-12-16 15:39 - 2015-12-16 15:39 - 00022072 _____ C:\Users\jiane\Downloads\selection (36).pdf
2015-12-16 15:39 - 2015-12-16 15:39 - 00022057 _____ C:\Users\jiane\Downloads\selection (37).pdf
2015-12-16 11:21 - 2015-12-16 11:21 - 00088730 _____ C:\Users\jiane\Downloads\Computershare passwords.pdf
2015-12-16 11:07 - 2015-12-16 11:07 - 00025356 _____ C:\Users\jiane\Downloads\selection (35).pdf
2015-12-16 11:06 - 2015-12-16 11:06 - 00025107 _____ C:\Users\jiane\Downloads\selection (34).pdf
2015-12-16 11:06 - 2015-12-16 11:06 - 00025107 _____ C:\Users\jiane\Downloads\selection (33).pdf
2015-12-16 11:05 - 2015-12-16 11:05 - 00022080 _____ C:\Users\jiane\Downloads\selection (32).pdf
2015-12-16 11:04 - 2015-12-16 11:04 - 00029743 _____ C:\Users\jiane\Downloads\selection (30).pdf
2015-12-16 11:04 - 2015-12-16 11:04 - 00025003 _____ C:\Users\jiane\Downloads\selection (31).pdf
2015-12-16 11:03 - 2015-12-16 11:03 - 00022080 _____ C:\Users\jiane\Downloads\selection (29).pdf
2015-12-16 11:02 - 2015-12-16 11:02 - 00030934 _____ C:\Users\jiane\Downloads\selection (28).pdf
2015-12-16 11:00 - 2015-12-16 11:00 - 00022082 _____ C:\Users\jiane\Downloads\selection (27).pdf
2015-12-16 10:59 - 2015-12-16 10:59 - 00028019 _____ C:\Users\jiane\Downloads\selection (26).pdf
2015-12-16 10:58 - 2015-12-16 10:58 - 00028037 _____ C:\Users\jiane\Downloads\selection (25).pdf
2015-12-16 10:57 - 2015-12-16 10:57 - 00022078 _____ C:\Users\jiane\Downloads\selection (24).pdf
2015-12-16 10:56 - 2015-12-16 10:56 - 00031405 _____ C:\Users\jiane\Downloads\selection (23).pdf
2015-12-16 10:55 - 2015-12-16 10:55 - 00029595 _____ C:\Users\jiane\Downloads\selection (22).pdf
2015-12-16 10:54 - 2015-12-16 10:54 - 00022806 _____ C:\Users\jiane\Downloads\selection (21).pdf
2015-12-16 10:53 - 2015-12-16 10:53 - 00027790 _____ C:\Users\jiane\Downloads\selection (20).pdf
2015-12-16 10:51 - 2015-12-16 10:51 - 00024993 _____ C:\Users\jiane\Downloads\selection (19).pdf
2015-12-16 10:50 - 2015-12-16 10:50 - 00022806 _____ C:\Users\jiane\Downloads\selection (18).pdf
2015-12-16 10:49 - 2015-12-16 10:49 - 00022818 _____ C:\Users\jiane\Downloads\selection (17).pdf
2015-12-16 10:48 - 2015-12-16 10:48 - 00022058 _____ C:\Users\jiane\Downloads\selection (16).pdf
2015-12-16 10:47 - 2015-12-16 10:47 - 00022462 _____ C:\Users\jiane\Downloads\selection (14).pdf
2015-12-16 10:47 - 2015-12-16 10:47 - 00022055 _____ C:\Users\jiane\Downloads\selection (15).pdf
2015-12-16 10:45 - 2015-12-16 10:45 - 00033652 _____ C:\Users\jiane\Downloads\selection (13).pdf
2015-12-16 10:44 - 2015-12-16 10:44 - 00025005 _____ C:\Users\jiane\Downloads\selection (11).pdf
2015-12-16 10:44 - 2015-12-16 10:44 - 00022068 _____ C:\Users\jiane\Downloads\selection (12).pdf
2015-12-16 10:43 - 2015-12-16 10:43 - 00025002 _____ C:\Users\jiane\Downloads\selection (10).pdf
2015-12-16 10:42 - 2015-12-16 10:42 - 00025082 _____ C:\Users\jiane\Downloads\selection (9).pdf
2015-12-16 10:41 - 2015-12-16 10:41 - 00022080 _____ C:\Users\jiane\Downloads\selection (8).pdf
2015-12-16 10:41 - 2015-12-16 10:41 - 00022080 _____ C:\Users\jiane\Downloads\selection (7).pdf
2015-12-16 10:40 - 2015-12-16 10:40 - 00025728 _____ C:\Users\jiane\Downloads\selection (6).pdf
2015-12-16 10:39 - 2015-12-16 10:39 - 00022078 _____ C:\Users\jiane\Downloads\selection (5).pdf
2015-12-16 10:38 - 2015-12-16 10:38 - 00025106 _____ C:\Users\jiane\Downloads\selection (4).pdf
2015-12-16 10:37 - 2015-12-16 10:37 - 00022056 _____ C:\Users\jiane\Downloads\selection (3).pdf
2015-12-16 10:36 - 2015-12-16 10:36 - 00025000 _____ C:\Users\jiane\Downloads\selection (2).pdf
2015-12-16 10:35 - 2015-12-16 10:35 - 00022071 _____ C:\Users\jiane\Downloads\selection (1).pdf
2015-12-16 10:34 - 2015-12-16 10:34 - 00022071 _____ C:\Users\jiane\Downloads\selection.pdf
2015-12-16 10:07 - 2015-12-16 10:07 - 00045254 _____ C:\Users\jiane\Documents\Statement 07-aug-14 ac 00472085.PDF
2015-12-13 23:36 - 2015-12-13 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-13 12:32 - 2015-12-13 12:32 - 00862720 _____ (Smilebox, Inc.) C:\Users\jiane\Downloads\SmileboxInstaller.exe
2015-12-13 12:32 - 2015-12-13 12:32 - 00000416 _____ C:\Users\jiane\Downloads\tmp.htm
2015-12-13 12:00 - 2015-12-13 12:00 - 00000000 ____D C:\Users\jiane\AppData\Local\Brice_Lambson
2015-12-13 11:59 - 2015-12-13 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2015-12-13 11:59 - 2015-12-13 11:59 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2015-12-13 11:59 - 2015-12-13 11:59 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2015-12-13 11:58 - 2015-12-13 11:58 - 00922057 _____ (Brice Lambson) C:\Users\jiane\Downloads\ImageResizerSetup.exe
2015-12-13 11:28 - 2015-12-28 15:07 - 00000000 ____D C:\Users\jiane\AppData\Local\Windows Live
2015-12-13 11:27 - 2015-12-13 11:28 - 00000000 ____D C:\Users\jiane\AppData\Local\{0354FDB6-3834-432D-BA4B-CCD307BF2CCB}
2015-12-13 11:23 - 2015-12-19 11:06 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-13 10:08 - 2015-12-13 10:08 - 00000000 ____D C:\Users\jiane\AppData\Local\ActiveSync
2015-12-13 10:06 - 2015-12-13 10:06 - 00000020 ___SH C:\Users\jiane\ntuser.ini
2015-12-13 08:59 - 2015-12-13 06:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-13 08:51 - 2015-12-13 08:51 - 00000000 ____D C:\Windows.old
2015-12-13 08:49 - 2015-12-13 08:49 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-13 08:49 - 2015-12-13 08:49 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-13 08:49 - 2015-12-13 08:49 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-13 08:49 - 2015-12-13 08:49 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-13 08:49 - 2015-12-13 08:49 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-13 08:49 - 2015-12-13 08:49 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-13 08:49 - 2015-12-13 08:49 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-13 08:46 - 2015-12-13 08:46 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files\MSBuild
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\inetpub
2015-12-13 08:41 - 2015-10-24 02:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-13 08:41 - 2015-10-24 02:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-13 08:41 - 2015-10-24 02:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-13 08:41 - 2015-10-24 02:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-13 08:41 - 2015-10-24 02:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-13 08:41 - 2015-10-24 02:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-13 03:02 - 2015-12-13 03:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-13 00:33 - 2015-12-30 11:32 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-13 00:29 - 2015-12-13 00:29 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-12-13 00:21 - 2015-12-13 00:21 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\ASUS
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\ASUS
2015-12-13 00:15 - 2015-12-13 00:15 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-13 00:15 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-13 00:12 - 2015-12-23 22:47 - 00000000 ____D C:\Users\jiane
2015-12-13 00:12 - 2015-12-22 08:01 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-13 00:12 - 2015-12-13 00:32 - 00000000 ____D C:\Users\UpdatusUser
2015-12-13 00:12 - 2015-12-13 00:30 - 00000000 ____D C:\Users\Guest
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\Documents\My Music
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-12-13 00:11 - 2015-12-27 11:33 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 00:11 - 2015-12-13 00:11 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-13 00:07 - 2016-01-01 17:07 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
2015-12-13 00:07 - 2015-12-13 00:07 - 00000000 ____D C:\ProgramData\Brother
2015-12-13 00:07 - 2015-12-13 00:07 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-12-13 00:06 - 2015-12-30 11:32 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-13 00:06 - 2015-12-13 00:23 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-12-13 00:06 - 2015-12-13 00:23 - 00000000 ____D C:\WINDOWS\system32\NV
2015-12-13 00:06 - 2015-12-13 00:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-13 00:06 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-13 00:06 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files\Intel
2015-12-13 00:06 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-13 00:06 - 2015-10-09 12:36 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-13 00:06 - 2015-10-09 12:36 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-13 00:06 - 2015-07-13 18:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-13 00:06 - 2015-07-13 18:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-13 00:06 - 2015-07-13 17:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-13 00:05 - 2015-12-13 00:05 - 00009653 _____ C:\WINDOWS\system32\Drivers\RTWAVES30.dat
2015-12-13 00:05 - 2015-12-13 00:05 - 00001263 _____ C:\Users\Public\Desktop\Waves MAXXAudio.lnk
2015-12-13 00:05 - 2015-12-13 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-13 00:05 - 2015-12-13 00:05 - 00000000 ____D C:\Program Files\Realtek
2015-12-13 00:05 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-13 00:01 - 2015-12-15 03:31 - 00362608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 13:50 - 2015-12-12 13:50 - 00000000 ____D C:\Users\jiane\Documents\Fax
2015-12-10 22:21 - 2015-12-10 22:22 - 00006585 _____ C:\Users\jiane\Documents\noname
2015-12-09 15:29 - 2015-12-09 15:29 - 00933848 _____ C:\Users\jiane\Documents\RRV1ReturningResidenceAppsDecidedbyFY.zip
2015-12-07 12:11 - 2015-12-19 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-06 16:44 - 2016-01-01 12:53 - 00000000 ____D C:\Users\jiane\Documents\Personal Investments
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-02 11:27 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-02 11:27 - 2015-07-20 12:44 - 00000000 ____D C:\Users\jiane\Documents\Housekeeping Programmes
2016-01-02 11:24 - 2012-06-14 07:25 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Skype
2016-01-02 11:15 - 2012-06-29 16:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-02 10:56 - 2013-11-02 18:21 - 00000000 ____D C:\ProgramData\Oracle
2016-01-02 10:53 - 2015-10-09 13:51 - 00000000 ____D C:\Users\jiane\.oracle_jre_usage
2016-01-02 10:53 - 2015-04-12 19:32 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-02 10:53 - 2015-04-12 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-02 10:53 - 2015-04-12 19:32 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-02 10:52 - 2015-07-18 15:51 - 00000000 ____D C:\Users\jiane\Documents\MS Money
2016-01-02 10:52 - 2012-04-30 17:32 - 00000000 ____D C:\ProgramData\Temp
2016-01-02 10:46 - 2012-02-24 03:29 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-02 10:31 - 2015-08-06 10:26 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-02 09:52 - 2015-04-07 09:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-02 08:38 - 2012-07-04 17:28 - 00000926 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002UA.job
2016-01-02 06:46 - 2012-02-24 03:29 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-01 14:38 - 2012-07-04 17:28 - 00000904 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002Core.job
2016-01-01 13:13 - 2012-04-30 17:12 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-01-01 11:31 - 2015-08-06 10:26 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-01 11:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-01 11:22 - 2015-10-09 12:22 - 00000000 ___RD C:\Users\jiane\OneDrive
2016-01-01 11:21 - 2015-10-09 13:37 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-01-01 11:21 - 2015-10-09 12:17 - 00000000 __SHD C:\Users\jiane\IntelGraphicsProfiles
2016-01-01 11:21 - 2012-04-30 17:12 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2015-12-31 11:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-31 10:00 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 17:27 - 2015-07-20 15:22 - 00000000 ___HD C:\Users\jiane\Documents\_gsdata_
2015-12-30 12:46 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-30 12:14 - 2015-07-20 14:49 - 00000000 ____D C:\Users\jiane\AppData\Roaming\GoodSync
2015-12-30 11:33 - 2015-10-09 11:53 - 00142832 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2015-12-30 11:33 - 2015-07-18 14:28 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2015-12-30 10:07 - 2015-07-20 12:38 - 00000000 ____D C:\Users\jiane\Documents\General
2015-12-30 07:19 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-12-29 15:27 - 2015-09-02 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2015-12-29 10:11 - 2015-09-02 11:08 - 00001987 _____ C:\Users\jiane\Desktop\GoodSync.lnk
2015-12-29 08:15 - 2012-06-29 16:02 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 22:10 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-27 22:10 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-27 12:51 - 2014-05-13 20:25 - 00000000 ____D C:\Users\jiane\AppData\Roaming\vlc
2015-12-27 11:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-24 10:41 - 2014-03-24 10:13 - 00000000 ____D C:\Users\jiane\AppData\Local\Skype
2015-12-24 10:41 - 2013-02-05 08:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-24 10:41 - 2012-06-14 07:24 - 00000000 ____D C:\ProgramData\Skype
2015-12-23 16:49 - 2015-07-20 12:45 - 00000000 ____D C:\Users\jiane\Documents\Knitting
2015-12-20 10:54 - 2015-10-09 12:19 - 00000000 ____D C:\Users\jiane\AppData\Local\Comms
2015-12-19 03:32 - 2013-02-26 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-19 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-19 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-19 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-16 16:06 - 2015-07-20 12:52 - 00000000 ____D C:\Users\jiane\Documents\Scanned Documents
2015-12-16 11:19 - 2015-07-20 12:51 - 00000000 ____D C:\Users\jiane\Documents\samsung
2015-12-16 10:15 - 2015-07-20 12:38 - 00000000 ____D C:\Users\jiane\Documents\GSE Accounts
2015-12-16 10:01 - 2015-07-20 12:49 - 00000000 ____D C:\Users\jiane\Documents\Personal Bank Statments
2015-12-15 03:33 - 2015-09-04 15:25 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-14 10:12 - 2015-10-09 12:22 - 00002410 _____ C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-13 23:36 - 2015-08-06 10:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-13 11:59 - 2014-07-31 17:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-13 10:26 - 2015-10-09 12:17 - 00000000 ____D C:\Users\jiane\AppData\Local\Packages
2015-12-13 10:25 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-13 10:08 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-13 10:08 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-13 10:07 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-13 10:06 - 2015-10-09 12:17 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-13 10:06 - 2015-09-10 06:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-13 08:59 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-13 08:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-13 08:49 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-13 08:49 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-13 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-13 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-13 08:42 - 2015-10-30 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-13 08:42 - 2015-10-30 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-12-13 08:42 - 2015-10-30 08:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-12-13 08:42 - 2015-10-30 08:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-12-13 08:42 - 2015-10-30 08:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-12-13 08:42 - 2015-10-30 08:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-13 08:42 - 2015-10-30 08:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-12-13 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-13 00:39 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-13 00:39 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-13 00:37 - 2015-10-09 10:54 - 00041821 _____ C:\WINDOWS\diagwrn.xml
2015-12-13 00:37 - 2015-10-09 10:54 - 00041528 _____ C:\WINDOWS\diagerr.xml
2015-12-13 00:35 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-13 00:33 - 2015-10-09 12:28 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-12-13 00:33 - 2015-10-09 11:59 - 00027280 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-13 00:33 - 2015-08-06 10:26 - 00003442 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-12-13 00:33 - 2015-08-06 10:26 - 00003214 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-12-13 00:33 - 2015-04-04 08:30 - 00003188 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-12-13 00:33 - 2015-03-28 20:42 - 00002246 _____ C:\WINDOWS\System32\Tasks\{F0840030-7652-496E-966E-3D1A5D88BABD}
2015-12-13 00:33 - 2015-03-28 20:02 - 00003348 _____ C:\WINDOWS\System32\Tasks\LaunchSignup
2015-12-13 00:33 - 2015-03-28 20:00 - 00003566 _____ C:\WINDOWS\System32\Tasks\Installer_cr
2015-12-13 00:33 - 2015-03-25 17:44 - 00002556 _____ C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-774148936-2429103290-1943999915-1002
2015-12-13 00:33 - 2014-12-24 01:19 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-13 00:33 - 2014-10-29 21:09 - 00002222 _____ C:\WINDOWS\System32\Tasks\{A6C26D81-D29C-43A3-B3FA-078D40E417F3}
2015-12-13 00:33 - 2014-10-28 19:52 - 00002222 _____ C:\WINDOWS\System32\Tasks\{B1200678-12DF-4857-BE63-E27288B2E1C7}
2015-12-13 00:33 - 2014-10-28 19:52 - 00002222 _____ C:\WINDOWS\System32\Tasks\{7315B3F8-5725-4D48-B982-F166D4B5F6B9}
2015-12-13 00:33 - 2014-10-28 19:52 - 00002222 _____ C:\WINDOWS\System32\Tasks\{6DAF37C9-DC4E-4154-A3FF-92D518BA08E4}
2015-12-13 00:33 - 2014-07-05 14:36 - 00002124 _____ C:\WINDOWS\System32\Tasks\{49D301AD-9631-435F-B07E-8EA684F5AC41}
2015-12-13 00:33 - 2012-11-11 16:46 - 00002246 _____ C:\WINDOWS\System32\Tasks\ATKOSD2
2015-12-13 00:33 - 2012-11-11 13:15 - 00002502 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update
2015-12-13 00:33 - 2012-07-04 17:28 - 00003630 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002UA
2015-12-13 00:33 - 2012-07-04 17:28 - 00003388 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002Core
2015-12-13 00:33 - 2012-06-14 07:22 - 00002306 _____ C:\WINDOWS\System32\Tasks\{E54C788A-E688-46EF-B86E-F677FB9409F9}
2015-12-13 00:33 - 2012-04-30 17:30 - 00002456 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2015-12-13 00:33 - 2012-04-30 17:30 - 00002372 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-12-13 00:33 - 2012-04-30 17:30 - 00002330 _____ C:\WINDOWS\System32\Tasks\ASUS SmartLogon Console Sensor
2015-12-13 00:33 - 2012-04-30 17:30 - 00002078 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2015-12-13 00:33 - 2012-04-30 17:26 - 00002722 _____ C:\WINDOWS\System32\Tasks\ASUS Quick Gesture (x64)
2015-12-13 00:33 - 2012-04-30 17:26 - 00002706 _____ C:\WINDOWS\System32\Tasks\ASUS Quick Gesture
2015-12-13 00:33 - 2012-04-30 17:12 - 00003044 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2015-12-13 00:33 - 2012-04-30 17:12 - 00002702 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2015-12-13 00:33 - 2012-02-24 03:29 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-13 00:33 - 2012-02-24 03:29 - 00003222 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-13 00:32 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-13 00:32 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-13 00:23 - 2015-11-20 15:37 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2015-10-30 10:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-13 00:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-13 00:23 - 2015-10-08 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-13 00:23 - 2015-09-12 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2015-12-13 00:23 - 2015-09-08 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-12-13 00:23 - 2015-09-04 08:14 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-12-13 00:23 - 2015-08-10 15:13 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2015-12-13 00:23 - 2015-07-18 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2015-12-13 00:23 - 2015-04-07 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 00:23 - 2015-03-23 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-13 00:23 - 2015-03-10 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-12-13 00:23 - 2015-02-22 12:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2014-12-04 18:14 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-12-13 00:23 - 2014-12-04 18:14 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-12-13 00:23 - 2014-07-31 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adtelly Browser 3
2015-12-13 00:23 - 2013-12-29 22:59 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-13 00:23 - 2013-11-10 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-13 00:23 - 2013-06-24 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-13 00:23 - 2013-02-13 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-12-13 00:23 - 2013-01-27 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-13 00:23 - 2012-12-30 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Money Plus
2015-12-13 00:23 - 2012-09-08 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2015-12-13 00:23 - 2012-06-13 17:13 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2012-04-30 17:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2012-04-30 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Music Maker
2015-12-13 00:23 - 2012-04-30 17:21 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-12-13 00:23 - 2012-02-24 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Park
2015-12-13 00:23 - 2012-02-24 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-12-13 00:23 - 2012-02-24 03:41 - 00000000 ____D C:\WINDOWS\en
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\ru
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\nl
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\it
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\he
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\fr
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\es
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\de
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\ar
2015-12-13 00:23 - 2012-02-24 03:37 - 00000000 ____D C:\WINDOWS\el
2015-12-13 00:23 - 2012-02-24 03:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-13 00:23 - 2012-02-24 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-13 00:23 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-13 00:21 - 2015-07-10 10:47 - 00000000 ____D C:\Users\Default.migrated
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-13 00:17 - 2011-02-18 21:08 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-12-13 00:17 - 2011-02-18 20:48 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-12-13 00:16 - 2015-10-30 10:03 - 00000000 ____D C:\WINDOWS\OCR
2015-12-13 00:16 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\schemas
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Resources
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-13 00:16 - 2015-07-20 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-12-13 00:16 - 2015-03-10 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-12-13 00:16 - 2012-04-30 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-13 00:15 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-13 00:15 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-13 00:15 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-13 00:15 - 2012-04-30 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:15 - 2012-04-30 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-13 00:15 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-13 00:15 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-12-13 00:14 - 2013-12-04 15:08 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-12-13 00:09 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-13 00:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-13 00:01 - 2015-10-30 10:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-13 00:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\tracing
2015-12-12 23:18 - 2015-10-30 10:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-10 15:19 - 2015-07-20 12:36 - 00000000 ____D C:\Users\jiane\Documents\B&B Guest Info
2015-12-10 03:03 - 2015-03-23 18:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 03:03 - 2015-03-23 18:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 09:15 - 2013-01-27 12:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 09:14 - 2013-07-13 22:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 09:03 - 2012-06-23 17:58 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 17:23 - 2015-07-20 12:55 - 00000000 ____D C:\Users\jiane\Documents\Wind Complaint
2015-12-08 11:15 - 2015-07-20 13:17 - 00000000 ___RD C:\Cantinone2015
2015-12-08 10:00 - 2015-07-20 12:37 - 00000000 ____D C:\Users\jiane\Documents\Beauclerc Road 34
2015-12-07 20:36 - 2015-08-06 10:35 - 00000000 ___RD C:\Users\jiane\Dropbox
2015-12-06 10:14 - 2015-07-20 12:45 - 00000000 ____D C:\Users\jiane\Documents\IVC Utilities
2015-12-05 14:59 - 2015-07-20 12:36 - 00000000 ____D C:\Users\jiane\Documents\Beauclerc Road Ltd
 
==================== Files in the root of some directories =======
 
2015-09-23 07:35 - 2015-09-23 07:35 - 6420480 _____ () C:\Program Files (x86)\GUT360E.tmp
2012-06-13 17:15 - 2015-03-05 19:22 - 0000387 _____ () C:\Users\jiane\AppData\Roaming\sp_data.sys
2015-09-08 13:27 - 2015-09-08 13:31 - 0005120 _____ () C:\Users\jiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-14 15:17 - 2015-06-14 15:17 - 0007601 _____ () C:\Users\jiane\AppData\Local\Resmon.ResmonCfg
2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-04-30 17:36 - 2012-04-30 17:40 - 0000110 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-04-30 17:39 - 2012-04-30 17:40 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-04-30 17:39 - 2012-04-30 17:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-04-30 17:33 - 2012-04-30 17:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2012-04-30 17:35 - 2012-04-30 17:36 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2012-04-30 17:32 - 2012-04-30 17:33 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
 
Some files in TEMP:
====================
C:\Users\jiane\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzzg9q4.dll
C:\Users\jiane\AppData\Local\Temp\jre-8u66-windows-au.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signedAttached File  Addition.txt   55.38KB   4 downloads
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-12-25 09:53
 
==================== End of FRST.txt ============================

~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:24 PM

Posted 03 January 2016 - 05:55 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 janefs

janefs
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:24 PM

Posted 04 January 2016 - 03:55 AM

Hello Jurgen

 

Thank you for your help. 

 

Following are the logs from adwCleaner,  Malwarebytes and FRST.txt and Addition.txt

 

Please advise if you see any threats?

 

Regards

Jane

 

 

# AdwCleaner v4.106 - Report created 03/01/2016 at 13:12:22
# Updated 21/12/2014 by Xplode
# Database : 2015-12-30.1 [Live]
# Operating System : Windows 10 Home  (64 bits)
# Username : jiane - JIANE-ASUSN56
# Running from : C:\Users\jiane\Documents\Housekeeping Programmes\adwcleaner_4.106.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\TVWizard
Folder Deleted : C:\ProgramData\31539858000061fe
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\speed browser
Folder Deleted : C:\Users\jiane\AppData\Local\TVWizard
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsfreak.com_0.localstorage-journal
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.lyricsmode.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : LaunchSignup
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKCU\Software\Classes\PepperZip
Key Deleted : HKLM\System\CurrentControlSet\Services\Eventlog\Application\registry helper service
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{B33BD6CF-BF4C-4CF0-AC84-B2974BC14ABD}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Wnkey
Key Deleted : HKCU\Software\Browser
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PopcornewUpdate.exe
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.10586.20
 
 
-\\ Mozilla Firefox v41.0 (x86 en-GB)
 
[wq3vuo55.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.alias", "istartsurf");
[wq3vuo55.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.iconURL", "hxxp://www.istartsurf.com/favicon.ico");
[wq3vuo55.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.name", "istartsurf");
[wq3vuo55.default\prefs.js] - Line Deleted : user_pref("browser.search.searchengine.url", "hxxp://www.istartsurf.com/web/?type=ds&ts=1427569068&from=tugs&uid=ST1000LM024XHN-M101MBB_S2TTJ9CC402283&q={searchTerms}");
 
-\\ Google Chrome v47.0.2526.106
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
-\\ Chromium v
 
[C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [12599 octets] - [29/04/2015 10:51:16]
AdwCleaner[R1].txt - [4069 octets] - [03/01/2016 13:07:57]
AdwCleaner[S0].txt - [4109 octets] - [03/01/2016 13:12:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4169 octets] ##########
 
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/01/16
Scan Time: 01:25
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.03.05
Rootkit Database: v2015.12.26.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: jiane
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 495572
Time Elapsed: 20 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by jiane (administrator) on JIANE-ASUSN56 (04-01-2016 09:47:42)
Running from C:\Users\jiane\Documents\Housekeeping Programmes
Loaded Profiles: UpdatusUser & jiane (Available Profiles: UpdatusUser & jiane & Guest & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
() C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnWMI.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(VoipConnect) C:\Program1\voipconnect.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-21] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1158248 2012-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2011-10-28] (Atheros Commnucations)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-17] (Alcor Micro Corp.)
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5207272 2015-07-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3331312 2012-02-24] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-07] (Intel Corporation)
HKLM-x32\...\Run: [ASUS InstantKey] => C:\Program Files (x86)\ASUS\ASUS Instant Key\Ikey_start.exe [20456 2012-02-20] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-19] (ASUS)
HKLM-x32\...\Run: [ASUS Screen Saver Protector] => C:\Windows\AsScrPro.exe
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2011-12-30] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [322208 2012-06-25] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [174752 2012-06-19] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-27] (Avast Software s.r.o.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [24952456 2015-12-08] (Dropbox, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-03-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2015-03-24] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [14688 2015-04-06] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [517632 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\Run: [Facebook Update] => C:\Users\jiane\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-13] (Facebook Inc.)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\Run: [VoipConnect] => C:\Program1\voipconnect.exe [32417376 2015-07-23] (VoipConnect)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\Run: [SoftAuto.exe] => C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe [405504 2008-08-13] (Creative Technology Ltd)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\RunOnce: [Uninstall C:\Users\jiane\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\jiane\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs: , C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177088 2015-07-13] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWOW64\nvinit.dll => C:\WINDOWS\SysWOW64\nvinit.dll [155280 2015-07-13] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-11-04] (Google)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-27] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\ASUSWSShellExt64.dll [2011-05-25] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.28.dll [2015-12-08] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk [2012-06-18]
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (ASUSTeK Computer Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2015-07-18]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)
Startup: C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2015-10-11]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{32326d9b-d1ab-420c-928c-4669dbc09acf}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-774148936-2429103290-1943999915-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-774148936-2429103290-1943999915-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-04] (Avast Software s.r.o.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-02] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2011-10-28] (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-04] (Avast Software s.r.o.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-02] (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\jiane\AppData\Roaming\Mozilla\Firefox\Profiles\wq3vuo55.default
FF DefaultSearchEngine: Google (avast)
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF SearchEngineOrder.1: Google (avast)
FF SelectedSearchEngine: Google (avast)
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll [2013-12-04] (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-01-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-02] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-10-23] (NVIDIA Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll [2013-12-04] (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-04] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-774148936-2429103290-1943999915-1002: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\jiane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\jiane\AppData\Roaming\Mozilla\Firefox\Profiles\wq3vuo55.default\searchplugins\google-avast.xml [2015-03-29]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-10-08]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-10]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.dalani.it/014-oldengland-house/?&utm_source=evening-newsletter&utm_medium=da-newsletter&utm_content=old_england&utm_campaign=evening-nl-20140408&utm_term=no-special-tg
CHR StartupUrls: Default -> "hxxps://www.google.com/?trackid=sp-006","hxxps://mail.google.com/mail/u/0/?pli=1#inbox","hxxp://www.google.com/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.6.758\_platform_specific\win_x86\widevinecdmadapter.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll => No File
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.670.1) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll => No File
CHR Plugin: (Java™ Platform SE 7 U67) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll => No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Skype Web Plugin) - C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\jiane\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll => No File
CHR Profile: C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (Avast Online Security) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-03]
CHR Extension: (ADTelly PRO Watch BBC iPlayer & ITV abroad) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\mijiggndnopldglgelamfhfhicjbfdam [2014-11-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
CHR Extension: (BBC iPlayer Proxy) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\nonjjcnhdfjhfmkpilggjhhkgafmflld [2015-07-04]
CHR Extension: (Gmail) - C:\Users\jiane\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-04]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-10-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\InstantOn for NB\InsOnSrv.exe [277120 2012-02-17] (ASUS)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-27] (Avast Software s.r.o.)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-27] (Avast Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
R2 CTDevice_Srv; C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe [61440 2007-04-02] (Creative Technology Ltd) [File not signed]
S3 CTUPnPSv; C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [64000 2008-05-21] (Creative Technology Ltd) [File not signed]
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-06] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-06] (Dropbox, Inc.)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [9059848 2015-12-28] ()
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-09] (Intel Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [38200 2015-03-04] (The OpenVPN Project)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5207272 2015-07-18] (SoftEther VPN Project at University of Tsukuba, Japan.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [306552 2015-03-22] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-10-28] (Atheros) [File not signed]
S3 WD Backup Drive Helper; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\WINDOWS\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AiCharger; C:\Windows\SysWOW64\DRIVERS\AiCharger.sys [17152 2012-02-29] (ASUSTek Computer Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-27] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-27] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-27] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-27] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-06-26] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-27] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-27] ()
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4334232 2015-10-09] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-09-23] (ASUS Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-04] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo_0125.sys [40704 2015-07-18] (SoftEther Corporation)
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-27] (Avast Software)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-02 11:27 - 2016-01-04 09:47 - 00000000 ____D C:\FRST
2016-01-01 13:06 - 2016-01-01 13:06 - 00033856 _____ C:\Users\jiane\Downloads\WrapAccountSummary-100130912.pdf
2016-01-01 13:06 - 2016-01-01 13:06 - 00017239 _____ C:\Users\jiane\Downloads\WrapSummary-100130912 (1).pdf
2016-01-01 12:56 - 2016-01-01 12:56 - 00017239 _____ C:\Users\jiane\Downloads\WrapSummary-100130911 (2).pdf
2016-01-01 11:22 - 2016-01-01 11:22 - 00000000 ___HD C:\OneDriveTemp
2015-12-31 14:04 - 2015-12-31 14:04 - 00064270 _____ C:\Users\jiane\Downloads\Statement_18Dec2015.pdf
2015-12-31 14:03 - 2015-12-31 14:03 - 00069442 _____ C:\Users\jiane\Downloads\Statement_18Feb2015.pdf
2015-12-31 14:02 - 2015-12-31 14:02 - 00299278 _____ C:\Users\jiane\Downloads\Statement_18Jan2015.pdf
2015-12-29 16:05 - 2015-12-29 16:08 - 55480708 _____ C:\Users\jiane\Downloads\wdhxnc-01.02.14.img
2015-12-29 15:23 - 2015-12-29 15:25 - 24465560 _____ (Siber Systems) C:\Users\jiane\Downloads\GoodSync-Setup-cnetg.exe
2015-12-29 10:11 - 2015-12-29 10:11 - 00002231 _____ C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoodSync.lnk
2015-12-28 15:08 - 2015-12-28 15:08 - 00000000 ____D C:\Users\jiane\AppData\Local\{C412057A-C772-496B-B64A-FA10A7DC537F}
2015-12-28 13:15 - 2015-12-28 13:15 - 00608600 _____ C:\Users\jiane\Downloads\JCF_relazione.pdf
2015-12-24 10:41 - 2015-12-24 10:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-23 16:48 - 2015-12-23 16:48 - 00297907 _____ C:\Users\jiane\Documents\Baby poncho.pdf
2015-12-23 12:57 - 2015-12-23 12:57 - 00050197 _____ C:\Users\jiane\Downloads\Beauclerc AR 2015.pdf
2015-12-22 08:01 - 2015-12-22 08:01 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2015-12-19 11:07 - 2015-12-19 11:07 - 00002059 _____ C:\Users\Public\Desktop\Contact Wolf.lnk
2015-12-19 11:07 - 2015-12-19 11:07 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Lone Wolf Software
2015-12-19 11:07 - 2015-12-19 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Contact Wolf
2015-12-19 11:07 - 2015-12-19 11:07 - 00000000 ____D C:\Program Files (x86)\Contact Wolf
2015-12-19 11:02 - 2015-12-19 11:06 - 20802720 _____ (Lone Wolf Software ) C:\Users\jiane\Downloads\CWsetup.exe
2015-12-18 16:20 - 2015-12-18 16:59 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Handy Address Book
2015-12-18 16:20 - 2015-12-18 16:20 - 00000000 ____D C:\ProgramData\GrebleSoft
2015-12-18 11:25 - 2015-12-07 05:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 11:25 - 2015-12-07 05:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 11:25 - 2015-12-07 05:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 11:25 - 2015-12-07 05:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 11:25 - 2015-12-07 05:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 11:25 - 2015-12-07 05:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 11:25 - 2015-12-07 05:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 11:25 - 2015-12-07 05:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 11:25 - 2015-12-07 05:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 11:25 - 2015-12-07 05:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 11:25 - 2015-12-07 05:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 11:25 - 2015-12-07 05:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 11:25 - 2015-12-07 05:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 11:25 - 2015-12-07 05:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 11:25 - 2015-12-07 05:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 11:25 - 2015-12-07 05:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 11:25 - 2015-12-07 05:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 11:25 - 2015-12-07 05:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 11:25 - 2015-12-07 05:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 11:25 - 2015-12-07 05:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 11:25 - 2015-12-07 05:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 11:25 - 2015-12-07 05:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 11:25 - 2015-12-07 05:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 11:25 - 2015-12-07 05:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 11:25 - 2015-12-07 05:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 11:25 - 2015-12-07 05:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 11:25 - 2015-12-07 05:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 11:25 - 2015-12-07 05:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 11:25 - 2015-12-07 05:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 11:25 - 2015-12-07 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 11:25 - 2015-12-07 05:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 11:25 - 2015-12-07 05:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 11:25 - 2015-12-07 05:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 11:25 - 2015-12-07 05:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 11:25 - 2015-12-07 04:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 11:25 - 2015-12-07 04:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 11:25 - 2015-12-07 04:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 11:25 - 2015-12-07 04:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 11:25 - 2015-12-07 04:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 11:25 - 2015-12-07 04:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 11:25 - 2015-12-07 04:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 11:25 - 2015-12-07 04:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 04:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 11:25 - 2015-12-07 04:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 11:25 - 2015-12-07 04:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 11:25 - 2015-12-07 04:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 11:25 - 2015-12-07 04:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 11:25 - 2015-12-07 04:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 11:25 - 2015-12-07 04:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 11:25 - 2015-12-07 04:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 11:25 - 2015-12-07 04:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 11:25 - 2015-12-07 04:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 11:25 - 2015-12-07 04:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 11:25 - 2015-12-07 04:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 11:25 - 2015-12-07 04:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 11:25 - 2015-12-07 04:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 11:25 - 2015-12-07 04:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 11:25 - 2015-12-07 04:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 11:25 - 2015-12-07 04:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 11:25 - 2015-12-07 04:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 11:25 - 2015-12-07 04:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 11:25 - 2015-12-07 04:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 11:25 - 2015-12-07 04:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 11:25 - 2015-12-07 04:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 11:25 - 2015-12-07 04:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 11:25 - 2015-12-07 04:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 11:25 - 2015-12-07 04:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 11:25 - 2015-12-07 04:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 16:19 - 2015-12-17 16:19 - 01232638 _____ C:\Users\jiane\Downloads\ContabileF24.pdf
2015-12-17 09:40 - 2015-12-17 09:40 - 00000787 _____ C:\Users\jiane\Documents\Desktop - Shortcut.lnk
2015-12-16 16:46 - 2015-12-16 16:46 - 00017244 _____ C:\Users\jiane\Downloads\WrapSummary-100130912.pdf
2015-12-16 16:36 - 2015-12-16 16:36 - 00017244 _____ C:\Users\jiane\Downloads\WrapSummary-100130911 (1).pdf
2015-12-16 16:26 - 2015-12-16 16:26 - 00033867 _____ C:\Users\jiane\Downloads\WrapAccountSummary-100130911.pdf
2015-12-16 16:26 - 2015-12-16 16:26 - 00017244 _____ C:\Users\jiane\Downloads\WrapSummary-100130911.pdf
2015-12-16 15:51 - 2015-12-16 15:51 - 00389067 _____ C:\Users\jiane\Downloads\merged.pdf
2015-12-16 15:44 - 2015-12-16 15:44 - 00022057 _____ C:\Users\jiane\Downloads\selection (38).pdf
2015-12-16 15:39 - 2015-12-16 15:39 - 00022072 _____ C:\Users\jiane\Downloads\selection (36).pdf
2015-12-16 15:39 - 2015-12-16 15:39 - 00022057 _____ C:\Users\jiane\Downloads\selection (37).pdf
2015-12-16 11:21 - 2015-12-16 11:21 - 00088730 _____ C:\Users\jiane\Downloads\Computershare passwords.pdf
2015-12-16 11:07 - 2015-12-16 11:07 - 00025356 _____ C:\Users\jiane\Downloads\selection (35).pdf
2015-12-16 11:06 - 2015-12-16 11:06 - 00025107 _____ C:\Users\jiane\Downloads\selection (34).pdf
2015-12-16 11:06 - 2015-12-16 11:06 - 00025107 _____ C:\Users\jiane\Downloads\selection (33).pdf
2015-12-16 11:05 - 2015-12-16 11:05 - 00022080 _____ C:\Users\jiane\Downloads\selection (32).pdf
2015-12-16 11:04 - 2015-12-16 11:04 - 00029743 _____ C:\Users\jiane\Downloads\selection (30).pdf
2015-12-16 11:04 - 2015-12-16 11:04 - 00025003 _____ C:\Users\jiane\Downloads\selection (31).pdf
2015-12-16 11:03 - 2015-12-16 11:03 - 00022080 _____ C:\Users\jiane\Downloads\selection (29).pdf
2015-12-16 11:02 - 2015-12-16 11:02 - 00030934 _____ C:\Users\jiane\Downloads\selection (28).pdf
2015-12-16 11:00 - 2015-12-16 11:00 - 00022082 _____ C:\Users\jiane\Downloads\selection (27).pdf
2015-12-16 10:59 - 2015-12-16 10:59 - 00028019 _____ C:\Users\jiane\Downloads\selection (26).pdf
2015-12-16 10:58 - 2015-12-16 10:58 - 00028037 _____ C:\Users\jiane\Downloads\selection (25).pdf
2015-12-16 10:57 - 2015-12-16 10:57 - 00022078 _____ C:\Users\jiane\Downloads\selection (24).pdf
2015-12-16 10:56 - 2015-12-16 10:56 - 00031405 _____ C:\Users\jiane\Downloads\selection (23).pdf
2015-12-16 10:55 - 2015-12-16 10:55 - 00029595 _____ C:\Users\jiane\Downloads\selection (22).pdf
2015-12-16 10:54 - 2015-12-16 10:54 - 00022806 _____ C:\Users\jiane\Downloads\selection (21).pdf
2015-12-16 10:53 - 2015-12-16 10:53 - 00027790 _____ C:\Users\jiane\Downloads\selection (20).pdf
2015-12-16 10:51 - 2015-12-16 10:51 - 00024993 _____ C:\Users\jiane\Downloads\selection (19).pdf
2015-12-16 10:50 - 2015-12-16 10:50 - 00022806 _____ C:\Users\jiane\Downloads\selection (18).pdf
2015-12-16 10:49 - 2015-12-16 10:49 - 00022818 _____ C:\Users\jiane\Downloads\selection (17).pdf
2015-12-16 10:48 - 2015-12-16 10:48 - 00022058 _____ C:\Users\jiane\Downloads\selection (16).pdf
2015-12-16 10:47 - 2015-12-16 10:47 - 00022462 _____ C:\Users\jiane\Downloads\selection (14).pdf
2015-12-16 10:47 - 2015-12-16 10:47 - 00022055 _____ C:\Users\jiane\Downloads\selection (15).pdf
2015-12-16 10:45 - 2015-12-16 10:45 - 00033652 _____ C:\Users\jiane\Downloads\selection (13).pdf
2015-12-16 10:44 - 2015-12-16 10:44 - 00025005 _____ C:\Users\jiane\Downloads\selection (11).pdf
2015-12-16 10:44 - 2015-12-16 10:44 - 00022068 _____ C:\Users\jiane\Downloads\selection (12).pdf
2015-12-16 10:43 - 2015-12-16 10:43 - 00025002 _____ C:\Users\jiane\Downloads\selection (10).pdf
2015-12-16 10:42 - 2015-12-16 10:42 - 00025082 _____ C:\Users\jiane\Downloads\selection (9).pdf
2015-12-16 10:41 - 2015-12-16 10:41 - 00022080 _____ C:\Users\jiane\Downloads\selection (8).pdf
2015-12-16 10:41 - 2015-12-16 10:41 - 00022080 _____ C:\Users\jiane\Downloads\selection (7).pdf
2015-12-16 10:40 - 2015-12-16 10:40 - 00025728 _____ C:\Users\jiane\Downloads\selection (6).pdf
2015-12-16 10:39 - 2015-12-16 10:39 - 00022078 _____ C:\Users\jiane\Downloads\selection (5).pdf
2015-12-16 10:38 - 2015-12-16 10:38 - 00025106 _____ C:\Users\jiane\Downloads\selection (4).pdf
2015-12-16 10:37 - 2015-12-16 10:37 - 00022056 _____ C:\Users\jiane\Downloads\selection (3).pdf
2015-12-16 10:36 - 2015-12-16 10:36 - 00025000 _____ C:\Users\jiane\Downloads\selection (2).pdf
2015-12-16 10:35 - 2015-12-16 10:35 - 00022071 _____ C:\Users\jiane\Downloads\selection (1).pdf
2015-12-16 10:34 - 2015-12-16 10:34 - 00022071 _____ C:\Users\jiane\Downloads\selection.pdf
2015-12-16 10:07 - 2015-12-16 10:07 - 00045254 _____ C:\Users\jiane\Documents\Statement 07-aug-14 ac 00472085.PDF
2015-12-13 23:36 - 2015-12-13 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-12-13 12:32 - 2015-12-13 12:32 - 00862720 _____ (Smilebox, Inc.) C:\Users\jiane\Downloads\SmileboxInstaller.exe
2015-12-13 12:32 - 2015-12-13 12:32 - 00000416 _____ C:\Users\jiane\Downloads\tmp.htm
2015-12-13 12:00 - 2015-12-13 12:00 - 00000000 ____D C:\Users\jiane\AppData\Local\Brice_Lambson
2015-12-13 11:59 - 2015-12-13 11:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2015-12-13 11:59 - 2015-12-13 11:59 - 00000000 ____D C:\Program Files\Image Resizer for Windows
2015-12-13 11:59 - 2015-12-13 11:59 - 00000000 ____D C:\Program Files (x86)\Image Resizer for Windows
2015-12-13 11:58 - 2015-12-13 11:58 - 00922057 _____ (Brice Lambson) C:\Users\jiane\Downloads\ImageResizerSetup.exe
2015-12-13 11:28 - 2015-12-28 15:07 - 00000000 ____D C:\Users\jiane\AppData\Local\Windows Live
2015-12-13 11:27 - 2015-12-13 11:28 - 00000000 ____D C:\Users\jiane\AppData\Local\{0354FDB6-3834-432D-BA4B-CCD307BF2CCB}
2015-12-13 11:23 - 2015-12-19 11:06 - 00000000 ____D C:\WINDOWS\Downloaded Installations
2015-12-13 10:08 - 2015-12-13 10:08 - 00000000 ____D C:\Users\jiane\AppData\Local\ActiveSync
2015-12-13 10:06 - 2015-12-13 10:06 - 00000020 ___SH C:\Users\jiane\ntuser.ini
2015-12-13 08:59 - 2015-12-13 06:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-13 08:51 - 2015-12-13 08:51 - 00000000 ____D C:\Windows.old
2015-12-13 08:49 - 2015-12-13 08:49 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-13 08:49 - 2015-12-13 08:49 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-13 08:49 - 2015-12-13 08:49 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-13 08:49 - 2015-12-13 08:49 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-13 08:49 - 2015-12-13 08:49 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-13 08:49 - 2015-12-13 08:49 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-13 08:49 - 2015-12-13 08:49 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-13 08:49 - 2015-12-13 08:49 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-13 08:46 - 2015-12-13 08:46 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files\MSBuild
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-13 08:42 - 2015-12-13 08:42 - 00000000 ____D C:\inetpub
2015-12-13 08:41 - 2015-10-24 02:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-13 08:41 - 2015-10-24 02:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-13 08:41 - 2015-10-24 02:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-13 08:41 - 2015-10-24 02:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-13 08:41 - 2015-10-24 02:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-13 08:41 - 2015-10-24 02:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-13 03:02 - 2015-12-13 03:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-13 00:38 - 2015-12-13 00:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-13 00:33 - 2016-01-03 13:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-13 00:29 - 2015-12-13 00:29 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2015-12-13 00:21 - 2015-12-13 00:21 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default\AppData\Local\ASUS
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-12-13 00:21 - 2015-12-13 00:21 - 00000000 ____D C:\Users\Default User\AppData\Local\ASUS
2015-12-13 00:15 - 2015-12-13 00:15 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-13 00:15 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-12-13 00:12 - 2015-12-23 22:47 - 00000000 ____D C:\Users\jiane
2015-12-13 00:12 - 2015-12-22 08:01 - 00000000 ____D C:\Users\DefaultAppPool
2015-12-13 00:12 - 2015-12-13 00:32 - 00000000 ____D C:\Users\UpdatusUser
2015-12-13 00:12 - 2015-12-13 00:30 - 00000000 ____D C:\Users\Guest
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\UpdatusUser\Documents\My Music
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\jiane\Documents\My Music
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\Guest\Documents\My Music
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2015-12-13 00:12 - 2015-12-13 00:12 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2015-12-13 00:11 - 2015-12-27 11:33 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-13 00:11 - 2015-12-13 00:11 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-13 00:07 - 2016-01-02 15:02 - 00007891 _____ C:\WINDOWS\BRRBCOM.INI
2015-12-13 00:07 - 2015-12-13 00:07 - 00000000 ____D C:\ProgramData\Brother
2015-12-13 00:07 - 2015-12-13 00:07 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-12-13 00:06 - 2016-01-03 13:14 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-13 00:06 - 2015-12-13 00:23 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2015-12-13 00:06 - 2015-12-13 00:23 - 00000000 ____D C:\WINDOWS\system32\NV
2015-12-13 00:06 - 2015-12-13 00:16 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-13 00:06 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-13 00:06 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files\Intel
2015-12-13 00:06 - 2015-12-13 00:15 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-13 00:06 - 2015-10-09 12:36 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-13 00:06 - 2015-10-09 12:36 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-13 00:06 - 2015-07-13 18:37 - 06873744 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 01059984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-12-13 00:06 - 2015-07-13 18:37 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 00075080 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 00062792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-12-13 00:06 - 2015-07-13 17:28 - 05096627 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-12-13 00:05 - 2015-12-13 00:05 - 00009653 _____ C:\WINDOWS\system32\Drivers\RTWAVES30.dat
2015-12-13 00:05 - 2015-12-13 00:05 - 00001263 _____ C:\Users\Public\Desktop\Waves MAXXAudio.lnk
2015-12-13 00:05 - 2015-12-13 00:05 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-13 00:05 - 2015-12-13 00:05 - 00000000 ____D C:\Program Files\Realtek
2015-12-13 00:05 - 2015-10-30 08:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-13 00:01 - 2015-12-15 03:31 - 00362608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 13:50 - 2015-12-12 13:50 - 00000000 ____D C:\Users\jiane\Documents\Fax
2015-12-10 22:21 - 2015-12-10 22:22 - 00006585 _____ C:\Users\jiane\Documents\noname
2015-12-09 15:29 - 2015-12-09 15:29 - 00933848 _____ C:\Users\jiane\Documents\RRV1ReturningResidenceAppsDecidedbyFY.zip
2015-12-07 12:11 - 2015-12-19 03:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-06 16:44 - 2016-01-01 12:53 - 00000000 ____D C:\Users\jiane\Documents\Personal Investments
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-04 09:47 - 2015-07-20 12:44 - 00000000 ____D C:\Users\jiane\Documents\Housekeeping Programmes
2016-01-04 09:46 - 2012-02-24 03:29 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-04 09:31 - 2015-08-06 10:26 - 00000906 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-01-04 09:15 - 2012-06-29 16:02 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-04 08:38 - 2012-07-04 17:28 - 00000926 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002UA.job
2016-01-04 07:50 - 2015-04-07 09:11 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-04 06:46 - 2012-02-24 03:29 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-03 14:38 - 2012-07-04 17:28 - 00000904 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002Core.job
2016-01-03 13:17 - 2015-10-09 12:22 - 00000000 ___RD C:\Users\jiane\OneDrive
2016-01-03 13:16 - 2015-10-09 13:37 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-01-03 13:16 - 2015-10-09 12:17 - 00000000 __SHD C:\Users\jiane\IntelGraphicsProfiles
2016-01-03 13:16 - 2015-08-06 10:26 - 00000902 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-01-03 13:16 - 2012-04-30 17:12 - 00000828 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2016-01-03 13:15 - 2015-07-18 14:28 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-01-03 13:14 - 2015-10-09 11:53 - 00142832 ____N (CyberLink Corp.) C:\WINDOWS\system32\Drivers\rikvm_38F51D56.sys
2016-01-03 13:13 - 2015-10-30 07:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-03 13:13 - 2012-04-30 17:12 - 00000830 _____ C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2016-01-03 13:12 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Registration
2016-01-03 13:12 - 2015-04-29 10:51 - 00000000 ____D C:\AdwCleaner
2016-01-03 13:10 - 2012-04-30 17:32 - 00000000 ____D C:\ProgramData\Temp
2016-01-03 12:50 - 2012-06-14 07:25 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Skype
2016-01-02 14:39 - 2015-07-18 15:51 - 00000000 ____D C:\Users\jiane\Documents\MS Money
2016-01-02 11:31 - 2015-10-30 07:28 - 00000000 ____D C:\Windows
2016-01-02 10:56 - 2013-11-02 18:21 - 00000000 ____D C:\ProgramData\Oracle
2016-01-02 10:53 - 2015-10-09 13:51 - 00000000 ____D C:\Users\jiane\.oracle_jre_usage
2016-01-02 10:53 - 2015-04-12 19:32 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-02 10:53 - 2015-04-12 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-02 10:53 - 2015-04-12 19:32 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-01 11:24 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-31 10:00 - 2015-10-30 08:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 17:27 - 2015-07-20 15:22 - 00000000 ___HD C:\Users\jiane\Documents\_gsdata_
2015-12-30 12:46 - 2015-10-30 08:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-30 12:14 - 2015-07-20 14:49 - 00000000 ____D C:\Users\jiane\AppData\Roaming\GoodSync
2015-12-30 10:07 - 2015-07-20 12:38 - 00000000 ____D C:\Users\jiane\Documents\General
2015-12-29 15:27 - 2015-09-02 11:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoodSync
2015-12-29 10:11 - 2015-09-02 11:08 - 00001987 _____ C:\Users\jiane\Desktop\GoodSync.lnk
2015-12-29 08:15 - 2012-06-29 16:02 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-12-27 22:10 - 2015-10-30 08:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-27 22:10 - 2015-10-30 08:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-27 12:51 - 2014-05-13 20:25 - 00000000 ____D C:\Users\jiane\AppData\Roaming\vlc
2015-12-27 11:33 - 2015-10-30 08:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-24 10:41 - 2014-03-24 10:13 - 00000000 ____D C:\Users\jiane\AppData\Local\Skype
2015-12-24 10:41 - 2013-02-05 08:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-24 10:41 - 2012-06-14 07:24 - 00000000 ____D C:\ProgramData\Skype
2015-12-23 16:49 - 2015-07-20 12:45 - 00000000 ____D C:\Users\jiane\Documents\Knitting
2015-12-20 10:54 - 2015-10-09 12:19 - 00000000 ____D C:\Users\jiane\AppData\Local\Comms
2015-12-19 03:32 - 2013-02-26 14:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-19 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-19 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-19 03:30 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-16 16:06 - 2015-07-20 12:52 - 00000000 ____D C:\Users\jiane\Documents\Scanned Documents
2015-12-16 11:19 - 2015-07-20 12:51 - 00000000 ____D C:\Users\jiane\Documents\samsung
2015-12-16 10:15 - 2015-07-20 12:38 - 00000000 ____D C:\Users\jiane\Documents\GSE Accounts
2015-12-16 10:01 - 2015-07-20 12:49 - 00000000 ____D C:\Users\jiane\Documents\Personal Bank Statments
2015-12-15 03:33 - 2015-09-04 15:25 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-14 10:12 - 2015-10-09 12:22 - 00002410 _____ C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-13 23:36 - 2015-08-06 10:26 - 00000000 ____D C:\Program Files (x86)\Dropbox
2015-12-13 11:59 - 2014-07-31 17:35 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-13 10:26 - 2015-10-09 12:17 - 00000000 ____D C:\Users\jiane\AppData\Local\Packages
2015-12-13 10:25 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-13 10:08 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-13 10:08 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-13 10:07 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-13 10:06 - 2015-10-09 12:17 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-13 10:06 - 2015-09-10 06:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-13 08:59 - 2015-10-30 08:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-13 08:49 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-13 08:49 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-13 08:49 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-13 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-12-13 08:42 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-12-13 08:42 - 2015-10-30 08:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-12-13 08:42 - 2015-10-30 08:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-12-13 08:42 - 2015-10-30 08:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-12-13 08:42 - 2015-10-30 08:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-12-13 08:42 - 2015-10-30 08:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-12-13 08:42 - 2015-10-30 08:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-12-13 08:42 - 2015-10-30 08:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-12-13 08:42 - 2015-10-30 08:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-12-13 08:42 - 2015-10-30 08:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-12-13 08:42 - 2015-10-30 08:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-12-13 08:42 - 2015-10-30 08:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-12-13 04:31 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-13 00:39 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-13 00:39 - 2015-10-30 07:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-13 00:37 - 2015-10-09 10:54 - 00041821 _____ C:\WINDOWS\diagwrn.xml
2015-12-13 00:37 - 2015-10-09 10:54 - 00041528 _____ C:\WINDOWS\diagerr.xml
2015-12-13 00:35 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-13 00:33 - 2015-10-09 12:28 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-12-13 00:33 - 2015-10-09 11:59 - 00027280 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-13 00:33 - 2015-08-06 10:26 - 00003442 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2015-12-13 00:33 - 2015-08-06 10:26 - 00003214 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2015-12-13 00:33 - 2015-04-04 08:30 - 00003188 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-12-13 00:33 - 2015-03-28 20:42 - 00002246 _____ C:\WINDOWS\System32\Tasks\{F0840030-7652-496E-966E-3D1A5D88BABD}
2015-12-13 00:33 - 2015-03-28 20:00 - 00003566 _____ C:\WINDOWS\System32\Tasks\Installer_cr
2015-12-13 00:33 - 2015-03-25 17:44 - 00002556 _____ C:\WINDOWS\System32\Tasks\avastBCLRestartS-1-5-21-774148936-2429103290-1943999915-1002
2015-12-13 00:33 - 2014-12-24 01:19 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-13 00:33 - 2014-10-29 21:09 - 00002222 _____ C:\WINDOWS\System32\Tasks\{A6C26D81-D29C-43A3-B3FA-078D40E417F3}
2015-12-13 00:33 - 2014-10-28 19:52 - 00002222 _____ C:\WINDOWS\System32\Tasks\{B1200678-12DF-4857-BE63-E27288B2E1C7}
2015-12-13 00:33 - 2014-10-28 19:52 - 00002222 _____ C:\WINDOWS\System32\Tasks\{7315B3F8-5725-4D48-B982-F166D4B5F6B9}
2015-12-13 00:33 - 2014-10-28 19:52 - 00002222 _____ C:\WINDOWS\System32\Tasks\{6DAF37C9-DC4E-4154-A3FF-92D518BA08E4}
2015-12-13 00:33 - 2014-07-05 14:36 - 00002124 _____ C:\WINDOWS\System32\Tasks\{49D301AD-9631-435F-B07E-8EA684F5AC41}
2015-12-13 00:33 - 2012-11-11 16:46 - 00002246 _____ C:\WINDOWS\System32\Tasks\ATKOSD2
2015-12-13 00:33 - 2012-11-11 13:15 - 00002502 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update
2015-12-13 00:33 - 2012-07-04 17:28 - 00003630 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002UA
2015-12-13 00:33 - 2012-07-04 17:28 - 00003388 _____ C:\WINDOWS\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002Core
2015-12-13 00:33 - 2012-06-14 07:22 - 00002306 _____ C:\WINDOWS\System32\Tasks\{E54C788A-E688-46EF-B86E-F677FB9409F9}
2015-12-13 00:33 - 2012-04-30 17:30 - 00002456 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2015-12-13 00:33 - 2012-04-30 17:30 - 00002372 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-12-13 00:33 - 2012-04-30 17:30 - 00002330 _____ C:\WINDOWS\System32\Tasks\ASUS SmartLogon Console Sensor
2015-12-13 00:33 - 2012-04-30 17:30 - 00002078 _____ C:\WINDOWS\System32\Tasks\SidebarExecute
2015-12-13 00:33 - 2012-04-30 17:26 - 00002722 _____ C:\WINDOWS\System32\Tasks\ASUS Quick Gesture (x64)
2015-12-13 00:33 - 2012-04-30 17:26 - 00002706 _____ C:\WINDOWS\System32\Tasks\ASUS Quick Gesture
2015-12-13 00:33 - 2012-04-30 17:12 - 00003044 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d
2015-12-13 00:33 - 2012-04-30 17:12 - 00002702 _____ C:\WINDOWS\System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon
2015-12-13 00:33 - 2012-02-24 03:29 - 00003446 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-13 00:33 - 2012-02-24 03:29 - 00003222 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-13 00:32 - 2015-10-30 08:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-13 00:32 - 2015-10-30 08:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-13 00:23 - 2015-11-20 15:37 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2015-10-30 10:07 - 00000000 ____D C:\WINDOWS\ShellNew
2015-12-13 00:23 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-13 00:23 - 2015-10-08 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-12-13 00:23 - 2015-09-12 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Phone
2015-12-13 00:23 - 2015-09-08 13:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-12-13 00:23 - 2015-09-04 08:14 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2015-12-13 00:23 - 2015-08-10 15:13 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BBC iPlayer
2015-12-13 00:23 - 2015-07-18 14:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2015-12-13 00:23 - 2015-04-07 09:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-13 00:23 - 2015-03-23 18:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-12-13 00:23 - 2015-03-10 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
2015-12-13 00:23 - 2015-02-22 12:46 - 00000000 ____D C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2014-12-04 18:14 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2015-12-13 00:23 - 2014-12-04 18:14 - 00000000 ____D C:\WINDOWS\system32\vbox
2015-12-13 00:23 - 2014-07-31 17:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adtelly Browser 3
2015-12-13 00:23 - 2013-12-29 22:59 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-13 00:23 - 2013-11-10 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-12-13 00:23 - 2013-06-24 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-12-13 00:23 - 2013-02-13 08:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
2015-12-13 00:23 - 2013-01-27 12:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-12-13 00:23 - 2012-12-30 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Money Plus
2015-12-13 00:23 - 2012-09-08 13:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2015-12-13 00:23 - 2012-06-13 17:13 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2012-04-30 17:37 - 00000000 ____D C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:23 - 2012-04-30 17:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Music Maker
2015-12-13 00:23 - 2012-04-30 17:21 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-12-13 00:23 - 2012-02-24 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Park
2015-12-13 00:23 - 2012-02-24 03:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-12-13 00:23 - 2012-02-24 03:41 - 00000000 ____D C:\WINDOWS\en
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\ru
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\nl
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\it
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\he
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\fr
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\es
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\de
2015-12-13 00:23 - 2012-02-24 03:38 - 00000000 ____D C:\WINDOWS\ar
2015-12-13 00:23 - 2012-02-24 03:37 - 00000000 ____D C:\WINDOWS\el
2015-12-13 00:23 - 2012-02-24 03:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-12-13 00:23 - 2012-02-24 03:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-13 00:23 - 2009-07-14 06:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-13 00:21 - 2015-07-10 10:47 - 00000000 ____D C:\Users\Default.migrated
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-13 00:17 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-13 00:17 - 2011-02-18 21:08 - 00000000 ____D C:\WINDOWS\system32\SPReview
2015-12-13 00:17 - 2011-02-18 20:48 - 00000000 ____D C:\WINDOWS\system32\EventProviders
2015-12-13 00:16 - 2015-10-30 10:03 - 00000000 ____D C:\WINDOWS\OCR
2015-12-13 00:16 - 2015-10-30 10:02 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\schemas
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Resources
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\IME
2015-12-13 00:16 - 2015-10-30 08:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-13 00:16 - 2015-07-20 11:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-12-13 00:16 - 2015-03-10 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TAP-Windows
2015-12-13 00:16 - 2012-04-30 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-13 00:15 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-12-13 00:15 - 2015-10-30 08:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-12-13 00:15 - 2015-10-30 08:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-13 00:15 - 2012-04-30 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Video Magic
2015-12-13 00:15 - 2012-04-30 17:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-13 00:15 - 2009-07-14 06:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-12-13 00:15 - 2009-07-14 04:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-12-13 00:14 - 2013-12-04 15:08 - 00000000 ____D C:\Users\jiane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2015-12-13 00:09 - 2015-10-30 07:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-13 00:06 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\Help
2015-12-13 00:01 - 2015-10-30 10:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-13 00:01 - 2015-10-30 08:24 - 00000000 ____D C:\WINDOWS\tracing
2015-12-12 23:18 - 2015-10-30 10:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-10 15:19 - 2015-07-20 12:36 - 00000000 ____D C:\Users\jiane\Documents\B&B Guest Info
2015-12-10 03:03 - 2015-03-23 18:54 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-12-10 03:03 - 2015-03-23 18:54 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-12-09 09:15 - 2013-01-27 12:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-09 09:14 - 2013-07-13 22:52 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-09 09:03 - 2012-06-23 17:58 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-08 17:23 - 2015-07-20 12:55 - 00000000 ____D C:\Users\jiane\Documents\Wind Complaint
2015-12-08 11:15 - 2015-07-20 13:17 - 00000000 ___RD C:\Cantinone2015
2015-12-08 10:00 - 2015-07-20 12:37 - 00000000 ____D C:\Users\jiane\Documents\Beauclerc Road 34
2015-12-07 20:36 - 2015-08-06 10:35 - 00000000 ___RD C:\Users\jiane\Dropbox
2015-12-06 10:14 - 2015-07-20 12:45 - 00000000 ____D C:\Users\jiane\Documents\IVC Utilities
2015-12-05 14:59 - 2015-07-20 12:36 - 00000000 ____D C:\Users\jiane\Documents\Beauclerc Road Ltd
 
==================== Files in the root of some directories =======
 
2015-09-23 07:35 - 2015-09-23 07:35 - 6420480 _____ () C:\Program Files (x86)\GUT360E.tmp
2012-06-13 17:15 - 2015-03-05 19:22 - 0000387 _____ () C:\Users\jiane\AppData\Roaming\sp_data.sys
2015-09-08 13:27 - 2015-09-08 13:31 - 0005120 _____ () C:\Users\jiane\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-14 15:17 - 2015-06-14 15:17 - 0007601 _____ () C:\Users\jiane\AppData\Local\Resmon.ResmonCfg
2012-02-24 03:42 - 2010-10-06 18:45 - 0131984 _____ () C:\ProgramData\FullRemove.exe
2012-04-30 17:36 - 2012-04-30 17:40 - 0000110 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2012-04-30 17:39 - 2012-04-30 17:40 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2012-04-30 17:39 - 2012-04-30 17:39 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
2012-04-30 17:33 - 2012-04-30 17:35 - 0000110 _____ () C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
2012-04-30 17:35 - 2012-04-30 17:36 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log
2012-04-30 17:32 - 2012-04-30 17:33 - 0000110 _____ () C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log
 
Some files in TEMP:
====================
C:\Users\jiane\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzzg9q4.dll
C:\Users\jiane\AppData\Local\Temp\jre-8u66-windows-au.exe
C:\Users\jiane\AppData\Local\Temp\Quarantine.exe
C:\Users\jiane\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-01-04 09:52
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by jiane (2016-01-04 09:50:31)
Running from C:\Users\jiane\Documents\Housekeeping Programmes
Windows 10 Home (X64) (2015-12-12 23:46:06)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-774148936-2429103290-1943999915-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-774148936-2429103290-1943999915-503 - Limited - Disabled)
Guest (S-1-5-21-774148936-2429103290-1943999915-501 - Limited - Disabled) => C:\Users\Guest
HomeGroupUser$ (S-1-5-21-774148936-2429103290-1943999915-1003 - Limited - Enabled)
jiane (S-1-5-21-774148936-2429103290-1943999915-1002 - Administrator - Enabled) => C:\Users\jiane
UpdatusUser (S-1-5-21-774148936-2429103290-1943999915-1000 - Limited - Enabled) => C:\Users\UpdatusUser
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adtelly Browser (x32 Version: 3.0.0.3 - Adtelly) Hidden
Adtelly Browser 3 (HKLM-x32\...\{a592e5f3-2986-40d9-82af-9001ec6f5f0a}) (Version: 3.0.0.3 - Adtelly.tv)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0142.68441 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0142.68441 - Alcor Micro Corp.) Hidden
Amazon Kindle (HKU\S-1-5-21-774148936-2429103290-1943999915-1002\...\Amazon Kindle) (Version:  - Amazon)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.23 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS Instant Key (HKLM-x32\...\{D97A1B80-131F-4692-9543-E652956D8B99}) (Version: 1.0.5 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.30 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.7 - ASUS)
ASUS Music Maker (HKLM-x32\...\MAGIX_MSI_mm17_silver_asus) (Version: 17.0.2.22 - MAGIX AG)
ASUS Music Maker (x32 Version: 17.0.2.22 - MAGIX AG) Hidden
ASUS Photo Designer (HKLM-x32\...\MAGIX_{2B962F32-78E6-4585-AF24-073AD36B6590}) (Version: 7.0.1.2 - MAGIX AG)
ASUS Photo Designer (x32 Version: 7.0.1.2 - MAGIX AG) Hidden
ASUS Photo Manager (HKLM-x32\...\MAGIX_{2A3A883D-B2AB-427D-B094-27D6241E0944}) (Version: 8.0.3.217 - MAGIX AG)
ASUS Photo Manager (x32 Version: 8.0.3.217 - MAGIX AG) Hidden
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.2.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0041 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.0.9 - ASUS)
ASUS Video Magic (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.4710 - CyberLink Corp.)
ASUS Video Magic (x32 Version: 6.0.4710 - CyberLink Corp.) Hidden
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.25 - ASUS)
ASUS Virtual Touch (HKLM-x32\...\{938CFBD4-0652-49E5-BB8B-153948865941}) (Version: 1.0.9 - ASUS)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.108.222 - eCareme Technologies, Inc.)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.3622.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.3622.52 - CyberLink Corp.) Hidden
AsusScr_N6 Series_ENG (HKLM-x32\...\AsusScr_N6 Series_ENG) (Version: 1.0.0002 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.10.168 - ASUSTEK)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.103 - Atheros)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.12.13 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0020 - ASUS)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.2.2218 - AVAST Software)
BBC iPlayer Downloads (HKLM-x32\...\{797389EC-980E-423A-AFC1-1C351339DCB6}) (Version: 1.14.1 - BBC)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Contact Wolf (HKLM-x32\...\{1F72155A-75B3-4B0C-B1B8-D915EF35B9A7}) (Version: 2.48.0000 - Lone Wolf Software)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dream Vacation Solitaire (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111249233}) (Version:  - Oberon Media)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.12.5 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ETDWare PS/2-X64 10.5.9.0 (HKLM\...\Elantech) (Version: 10.5.9.0 - ELAN Microelectronic Corp.)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{6C5F8503-55D2-4398-858C-362B7A7AF51C}) (Version: 2.1.31.0 - MAGIX AG)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Game Park Console (HKLM-x32\...\Game Park Console) (Version: 1.2.4.431 - Oberon Media Inc.)
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.9.37.9 - Siber Systems)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Drive (HKLM-x32\...\{1C3D2F92-D25E-4D98-B810-3F3B0857BF26}) (Version: 1.26.0707.2863 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Image Resizer for Windows (64 bit) (Version: 3.0.4802.35565 - Brice Lambson) Hidden
Image Resizer for Windows (HKLM-x32\...\{69d72156-6582-4556-8637-06f40aa7f85b}) (Version: 3.0.4802.35565 - Brice Lambson)
InstantOn for NB (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 2.2.0 - ASUS)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel® OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version:  - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Mahjong Memoirs (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-117948443}) (Version:  - Oberon Media)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Money Plus (HKLM-x32\...\Money2008b) (Version: 17 - Microsoft)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 41.0 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 en-GB)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.0.5738 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NVIDIA 3D Vision Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}) (Version: 9.11.1111 - NVIDIA Corporation)
NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)
OpenVPN 2.3.6-I602  (HKLM\...\OpenVPN) (Version: 2.3.6-I602 - )
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6586 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.17.9566 - SoftEther VPN Project)
TAP-Windows 9.21.1 (HKLM\...\TAP-Windows) (Version: 9.21.1 - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VoipConnect (HKLM-x32\...\VoipConnect_is1) (Version: 4.14 build 760 - Finarea S.A. Switzerland)
WD Backup (HKLM-x32\...\{287f7ebc-dcec-44cf-a26a-f644d74c4743}) (Version: 1.1.5574.21504 - Western Digital Technologies, Inc.)
WD Backup (x32 Version: 1.1.5574.21504 - Western Digital Technologies, Inc) Hidden
WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{163952d1-3ca7-4e98-a686-cc0c227c7447}) (Version: 1.2.0.85 - Western Digital Technologies, Inc.)
WD Drive Utilities (x32 Version: 1.2.0.85 - Western Digital Technologies, Inc.) Hidden
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{b304f1ed-b08a-4d51-882b-fd651777d297}) (Version: 1.2.0.83 - Western Digital Technologies, Inc.)
WD Security (x32 Version: 1.2.0.83 - Western Digital Technologies, Inc.) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (08/01/2015 10.0.0.5) (HKLM\...\B267A462F49A1ACD7A2EC5C262BA0DC7D7B23891) (Version: 08/01/2015 10.0.0.5 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}) (Version: 3.0.25 - ASUS)
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις (HKLM-x32\...\{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Элемент управления Windows Live Mesh ActiveX для удаленных подключений (HKLM-x32\...\{BCB0D6F7-7EAB-4009-A6F2-8E0E7F317773}) (Version: 15.4.5722.2 - Microsoft Corporation)
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
פקד ActiveX של Windows Live Mesh עבור חיבורים מרוחקים (HKLM-x32\...\{9D4C7DFA-CBBB-4F06-BDAC-94D831406DF0}) (Version: 15.4.5722.2 - Microsoft Corporation)
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
عنصر تحكم ActiveX الخاص بـ Windows Live Mesh للاتصالات البعيدة (HKLM-x32\...\{E18B30AA-6E2D-480C-B918-AF61009F4010}) (Version: 15.4.5722.2 - Microsoft Corporation)
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {189186FC-9468-D082-AA16-E0E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\jiane\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5993F050-9468-D082-0660-E2A885889A47} => No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {011292C8-25E1-401B-92B0-777EA9B36E21} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002UA => C:\Users\jiane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {01C995FF-D178-4E7B-AC4A-9E950006A207} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0773BECF-707B-4E0C-9112-9E8C403C0AA4} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-06-25] (ASUSTek Computer Inc.)
Task: {0837D897-84CB-4E30-A8DD-807937A81DFC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {088656AE-DAEA-4171-9FAD-CE869824CB77} - \Inst_Rep -> No File <==== ATTENTION
Task: {0B3022E3-1822-42D2-853B-060D9B16FE85} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {0F1FC558-90E6-41AA-8D37-4FBE69053762} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {10F5C084-EC16-4BE6-AC90-03451B86036B} - System32\Tasks\{A6C26D81-D29C-43A3-B3FA-078D40E417F3} => C:\Program Files (x86)\SRWare Iron\iron.exe
Task: {148318FC-5974-4508-A415-B3AFD16E5DDB} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {1DD88FBA-648E-43B1-BD4C-1A5A8B242EDD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {202C4DDC-1F9B-4475-9F8D-E22253D2A91C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {247F304F-636A-4FC4-BCD7-589FCE6A8B5A} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-06] (Dropbox, Inc.)
Task: {25E0C527-58AD-4516-BC03-1BCD6DAFFD2E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {29308477-8F7E-4D4F-92D5-F1534E61B6F5} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2EF465A4-63A4-4753-A338-F9DFB02F55F4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {348DD3C3-066F-4097-9557-5D30C60CF6D9} - \Installer_iwebar -> No File <==== ATTENTION
Task: {3B791229-F34D-4B15-87CE-85DDD83C58C6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-09] (Microsoft Corporation)
Task: {3C7FD9F6-57BE-4F13-A5AD-D35EE398EC2E} - System32\Tasks\avastBCLRestartS-1-5-21-774148936-2429103290-1943999915-1002 => Chrome.exe 
Task: {3C9616B2-742C-4820-AFAE-F3D2459E9677} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {3C9BEE0C-56FC-4A40-A415-C1D603DF2A5B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3D966D87-5FE5-4FBC-8E90-DB0F48E454DB} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {3E3E65EA-6693-4ACC-947D-206853F50D65} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {3F6AAAB8-BCBE-4D45-AC40-902D5061E320} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {42145BE5-4059-431F-919A-1A381C5966DE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {49CA3FA5-55A4-42C1-B20D-CD56B98720D3} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-02-16] (ASUS)
Task: {4ADFAE1B-77C2-4C6A-80F2-CA1CC50A3923} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {4F3F3738-C3F3-4CC9-987D-FA926C0DD20C} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {52B9C83E-C212-4FB8-8EDB-A7D05EF3B342} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-02-29] (ASUSTek Computer Inc.)
Task: {544C69E2-20D0-4076-BBA3-5796C5CAF849} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5EB0274B-BC4B-41AB-8435-E51B313ACDB7} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-09-23] (AsusTek)
Task: {63B9FED6-1F29-4A2A-8599-402DCCB03B0C} - System32\Tasks\Installer_cr => C:\Users\jiane\AppData\Local\Installer\Installcr_29824\ytdiegut_gutdc_setup.exe <==== ATTENTION
Task: {673B2F5E-E906-4615-86EE-2ACFE8C1B69F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {67A40FDB-F7B5-4143-92B5-4821DF70D0B3} - System32\Tasks\{49D301AD-9631-435F-B07E-8EA684F5AC41} => C:\Users\jiane\Documents\Adtelly\AdtellyBrowserWin7.exe
Task: {6BD093F4-5E64-4F9A-8750-1A9586D6CDB2} - System32\Tasks\{B1200678-12DF-4857-BE63-E27288B2E1C7} => C:\Program Files (x86)\SRWare Iron\iron.exe
Task: {6FECF9BE-AED8-4627-80ED-91FF5361960F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {773492A6-4F08-4DAF-9C1B-778BC17ACAED} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {7809CCFA-EA78-4BEC-AB61-B4F68D8F8341} - System32\Tasks\{E54C788A-E688-46EF-B86E-F677FB9409F9} => Iexplore.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.9.0.123.261&amp;LastError=12002
Task: {78588675-6CF3-4E50-B5B1-1EC34EAA2F6B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {78B8B801-A3C8-46E5-83A7-A550959F6032} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-06-20] (ASUSTeK Computer Inc.)
Task: {7B62A1BD-00F7-4159-9407-B19B3EE4D0E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {7CDE035A-CF34-4C1F-AF01-0A50DD197D60} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-17] (ASUSTek Computer Inc.)
Task: {7DDF9673-8D0B-4652-B795-1BEAD1206B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {87819D0D-45B2-4E95-A1BD-DE8A6A9CF01C} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-06] (Dropbox, Inc.)
Task: {8A0DB2CA-3FEE-4D9D-8B36-AD6CECCD0BDF} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {8BDDB50A-894A-44C8-8F18-AC996B599520} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {9FB7D55D-3CB3-45A3-941B-A54499666C40} - System32\Tasks\{6DAF37C9-DC4E-4154-A3FF-92D518BA08E4} => C:\Program Files (x86)\SRWare Iron\iron.exe
Task: {A06D1677-E5EE-4F06-8F6F-FBCF2A229F9E} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {AA921623-B84A-4EC8-A6DA-5D46323FC6D9} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {B0539B6D-A2BC-4337-9512-DFA54F3C4D9C} - System32\Tasks\ASUS Quick Gesture => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x86\QuickGesture.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {B2EF2157-0E0C-41CB-BA02-2FEDCF6412D1} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-10-08] (Avast Software s.r.o.)
Task: {B874DE28-294A-413A-B439-75BE6329B468} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C51ABC60-6CB6-47E4-96A2-79E8598F1643} - System32\Tasks\ASUS Quick Gesture (x64) => C:\Program Files (x86)\ASUS\ASUS Virtual Touch\QuickGesture\x64\QuickGesture64.exe [2011-12-21] (ASUSTeK Computer Inc.)
Task: {C778374C-94FE-41B0-B705-5FC952201AC0} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {D385DC57-ECC5-47F2-B8A0-12F1554AA8F2} - System32\Tasks\{7315B3F8-5725-4D48-B982-F166D4B5F6B9} => C:\Program Files (x86)\SRWare Iron\iron.exe
Task: {DADA0E39-9CB9-4B80-82A1-21FAF4CDCE65} - System32\Tasks\{F0840030-7652-496E-966E-3D1A5D88BABD} => pcalua.exe -a C:\ProgramData\TVWizard\uninstall.exe -c /kb=y /ic=1 <==== ATTENTION
Task: {DC67B6A8-44BE-4FFC-A80E-D10E5191D854} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002Core => C:\Users\jiane\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-13] (Facebook Inc.)
Task: {DCE71530-F1B9-4445-BC94-60AC1AF439C6} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {DD548504-31EE-43FF-A573-1E9BCB56DC76} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E5945BCB-47FC-42F9-9BFC-83B5F77E79BD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {E959E007-A71C-4952-8EA8-22DE146D6227} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F0496437-71B1-4E96-9E9C-3BC2F52CDE46} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {F8597579-F913-4FED-B3BF-55444083EA8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FACB8164-0888-403B-B4E6-7F59329EA90F} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {FB4AFC1E-386C-4CD7-951C-A8053B7ACB60} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {FBC8485F-A585-489F-8E2C-C65FEABC1BEF} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FFEE4F98-789F-4BC5-9EBF-91D4AC658C46} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002Core.job => C:\Users\jiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-774148936-2429103290-1943999915-1002UA.job => C:\Users\jiane\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\WINDOWS\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 08:18 - 2015-10-30 08:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-13 00:06 - 2015-07-13 18:37 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-04-30 17:12 - 2012-02-21 20:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
2015-12-28 19:39 - 2015-12-28 19:39 - 09059848 _____ () C:\Program Files\Siber Systems\GoodSync\gs-server.exe
2015-12-13 08:49 - 2015-12-13 08:49 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2010-07-15 00:11 - 2010-07-15 00:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-12-13 08:49 - 2015-12-13 08:49 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-18 11:25 - 2015-12-07 05:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 11:25 - 2015-12-07 05:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 11:25 - 2015-12-07 04:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 11:25 - 2015-12-07 04:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 11:25 - 2015-12-07 04:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 11:25 - 2015-12-07 04:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 07:45 - 2015-12-17 07:45 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-10 09:17 - 2015-12-10 09:18 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 09:17 - 2015-12-10 09:18 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 14:07 - 2015-11-20 14:09 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-05-27 09:22 - 2015-05-27 09:22 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-05-27 09:22 - 2015-05-27 09:22 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-01-03 11:36 - 2016-01-03 11:36 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010300\algo.dll
2016-01-03 21:15 - 2016-01-03 21:15 - 02808832 _____ () C:\Program Files\AVAST Software\Avast\defs\16010301\algo.dll
2007-07-12 19:11 - 2007-07-12 19:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2015-04-04 08:29 - 2015-04-04 08:29 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-16 21:09 - 2015-12-11 04:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
2015-12-16 21:09 - 2015-12-11 04:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
2015-12-17 07:45 - 2015-12-17 07:45 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-17 07:45 - 2015-12-17 07:46 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2012-04-30 17:12 - 2012-02-21 20:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:7E9A91C8
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\Control Panel\Desktop\\Wallpaper -> 
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Control Panel\Desktop\\Wallpaper -> D:\Photos2000\2012\120101_Cats\P1020353.JPG
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run: => "SoftEther VPN Client UI Helper"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{56048913-2EE4-4FB6-9B10-B11FD9535645}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A56F99CF-933B-4F79-9B77-D54139039647}] => (Allow) LPort=2869
FirewallRules: [{7200A232-CB9A-4548-89E0-CF072E6C2E3E}] => (Allow) LPort=1900
FirewallRules: [{B47DCE39-BD05-4FD0-BC5F-8FCE7C3FBB7F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{BE0EC94A-88B6-4356-B121-F67FE5BE0F40}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{19E284DE-FE65-45E9-8827-69D5454439A1}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{EDA33C67-02FC-4CBB-B8DE-B369AC2BA16B}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{ADEA85B3-F439-4D44-A8A7-3E6D087306DB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{B0FD8AF9-5B9B-4DF2-A9A8-16DD5E388962}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{BBB94946-33D6-4DBC-B6AF-2CBA4DB853C7}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
FirewallRules: [{18C508BA-C1DC-48A1-9C4A-A6EBFB6847A4}] => (Allow) C:\Program Files (x86)\Cyberlink\PowerDVD10\PowerDVD10.EXE
FirewallRules: [{13FB3B51-A819-4748-9AEA-0E18885DA7C9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{A7649568-5738-4034-9836-6C30DDD28E47}C:\program files (x86)\voipcheapcom\voipcheapcom.exe] => (Allow) C:\program files (x86)\voipcheapcom\voipcheapcom.exe
FirewallRules: [UDP Query User{5E7741C0-11F6-4D44-8469-85060FC852F1}C:\program files (x86)\voipcheapcom\voipcheapcom.exe] => (Allow) C:\program files (x86)\voipcheapcom\voipcheapcom.exe
FirewallRules: [TCP Query User{59E4168E-3D26-4569-A218-16A0CAD3024C}C:\program files (x86)\voipcheapcom\voipcheapcom.exe] => (Allow) C:\program files (x86)\voipcheapcom\voipcheapcom.exe
FirewallRules: [UDP Query User{21AB32FC-F9A2-4382-A8A5-284BF55148AD}C:\program files (x86)\voipcheapcom\voipcheapcom.exe] => (Allow) C:\program files (x86)\voipcheapcom\voipcheapcom.exe
FirewallRules: [TCP Query User{8D47DDE6-EBF0-4023-A412-1526538354BE}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{9CCA4E0C-00B6-432E-9A28-0FF50302644D}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{6233C755-09DC-4BB7-AA89-A29E3085AC7E}] => (Allow) C:\Program Files (x86)\SkypeWebPlugin\SkypeWebPlugin.exe
FirewallRules: [{9B177AAF-90AB-4CE9-9019-3F95E1262AEA}] => (Allow) C:\Users\jiane\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{0456A12E-4F33-45F8-9958-CE2D3F52FE2B}] => (Allow) C:\Program\VoipConnect.exe
FirewallRules: [{1943E46C-AAEF-45B4-8130-E795BF6C3067}] => (Allow) C:\Program\VoipConnect.exe
FirewallRules: [TCP Query User{A6879815-87A1-41F7-B03F-3143A081841B}C:\program\voipconnect.exe] => (Block) C:\program\voipconnect.exe
FirewallRules: [UDP Query User{EBDA820C-FE2F-4BAD-9A9A-E0AE97D68BCC}C:\program\voipconnect.exe] => (Block) C:\program\voipconnect.exe
FirewallRules: [{D36AB2BD-CFDB-4033-8C6C-F4B18D428C05}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{EA089152-4C7F-432D-B700-6AE4E10D91D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{02076534-D805-4559-A727-4CDC79969766}C:\program files (x86)\karafun player 2\karafunplayer.exe] => (Allow) C:\program files (x86)\karafun player 2\karafunplayer.exe
FirewallRules: [UDP Query User{688B0AFF-A666-4843-BCF1-123BCD56F66A}C:\program files (x86)\karafun player 2\karafunplayer.exe] => (Allow) C:\program files (x86)\karafun player 2\karafunplayer.exe
FirewallRules: [{93E9C3C1-A9BB-4A4D-BA27-87761A2D560D}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{36537642-E535-4EBB-8441-F47BE822F434}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{69B7C7B8-4E28-4B42-8241-79FADE291B69}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{0A4480FD-1782-48D6-ABAA-4E524B1410C7}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{A6ECFD65-121B-4D0A-8526-14E03789BFA1}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{A11B19B3-4C06-4291-9ABC-57D3ED486FAE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{1AD95A31-53BA-4B54-8CC6-419F3F72ED40}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{94C0E91B-170A-4DC1-B288-F63D224E5DCE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [TCP Query User{15D679DE-7079-46DD-8CBD-069515B0A80B}C:\program1\voipconnect.exe] => (Allow) C:\program1\voipconnect.exe
FirewallRules: [UDP Query User{38F09BF9-C6FB-4330-AB3C-44A42E281E94}C:\program1\voipconnect.exe] => (Allow) C:\program1\voipconnect.exe
FirewallRules: [{2A70FD5B-84E3-45D1-B970-BFB46464C2C7}] => (Block) C:\program1\voipconnect.exe
FirewallRules: [{845DDC9E-C11F-475C-8B20-359DA95BC170}] => (Block) C:\program1\voipconnect.exe
FirewallRules: [{D39917DB-1843-4260-9AD8-E34C7704F7D0}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{DF266DDA-3DA3-4892-AB34-C1DC7CB89373}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GoodSync.exe
FirewallRules: [{C5240FBD-2E84-428B-951B-174FB05C4D31}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{13EF7677-1FF5-4797-98FB-9214319088B9}] => (Allow) C:\Program Files\Siber Systems\GoodSync\GsExplorer.exe
FirewallRules: [{B792E40A-179A-4EB4-8CDB-9B2B0228F6D9}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{6A518E68-6A9C-4447-9173-1665EF5A26B7}] => (Allow) C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe
FirewallRules: [{07A51020-3437-4DBA-8FB4-8692ED55C981}] => (Allow) LPort=33333
FirewallRules: [{66478FDF-51B0-4878-8E65-117A354F4CB7}] => (Allow) LPort=33338
FirewallRules: [{E3C5758D-42BA-4FBE-B20D-5D25F7BE641E}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{A3317B88-0CDF-4E04-AFA8-93216F45F903}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
FirewallRules: [{016A952C-E1D0-4BD1-BF52-57139D05CD4A}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{6BACF07C-D14D-445D-B2E3-DF785DE3A816}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{2D12CFB6-1969-43D8-9AD7-A19F7985E5C4}] => (Allow) C
FirewallRules: [{BFBEDBD7-F822-4358-AA67-54E66324CFC3}] => (Allow) C
FirewallRules: [{73D6421F-7E2E-46B5-ACA0-DB0440BB5026}] => (Allow) C
FirewallRules: [{491E0724-CEDD-4429-A3AF-F7CD8F3C00DC}] => (Allow) C
FirewallRules: [{86A4DEA3-F01F-4076-B7EE-468687ECF5ED}] => (Allow) C
FirewallRules: [{C485E236-6047-4B06-A71D-9A776FD40232}] => (Allow) C
FirewallRules: [{F9CBAFF8-D681-44E6-B79D-52CECD783672}] => (Allow) LPort=3
 
==================== Restore Points =========================
 
18-12-2015 14:06:11 Windows Update
20-12-2015 00:38:30 Windows Modules Installer
29-12-2015 11:11:57 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/03/2016 08:32:15 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (01/03/2016 01:12:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540c3b
Exception code: 0xc000000d
Fault offset: 0x00000000000f4fa0
Faulting process id: 0x3520
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (01/03/2016 01:12:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.10586.0, time stamp: 0x5632d4c0
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540c3b
Exception code: 0xc000000d
Fault offset: 0x00000000000f4fa0
Faulting process id: 0x3520
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
Faulting package full name: Explorer.EXE4
Faulting package-relative application ID: Explorer.EXE5
 
Error: (01/03/2016 01:08:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.35, time stamp: 0x566503dc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.35, time stamp: 0x566505e8
Exception code: 0xc000027b
Fault offset: 0x0000000000281ab2
Faulting process id: 0xd87c
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5
 
Error: (01/03/2016 11:30:18 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: WmiApRplC:\WINDOWS\system32\wbem\wmiaprpl.dll4
 
Error: (01/03/2016 11:30:18 AM) (Source: Perflib) (EventID: 1023) (User: )
Description: rdyboost4
 
Error: (01/03/2016 11:30:17 AM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (01/03/2016 11:30:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: LsaC:\Windows\System32\Secur32.dll4
 
Error: (01/03/2016 11:30:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: ESENTC:\WINDOWS\system32\esentprf.dll4
 
Error: (01/03/2016 11:30:17 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll4
 
 
System errors:
=============
Error: (01/03/2016 01:20:54 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The NVIDIA Update Service Daemon service hung on starting.
 
Error: (01/03/2016 01:14:35 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058
 
Error: (01/03/2016 01:12:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_467908a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/03/2016 01:12:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_467908a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/03/2016 01:12:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_467908a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/03/2016 01:12:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_467908a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/03/2016 01:12:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Application Virtualization Client service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/03/2016 01:12:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/03/2016 01:12:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/03/2016 01:12:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The COM+ System Application service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2015-12-31 09:53:58.350
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-29 10:09:32.310
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-29 10:09:32.299
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-29 10:09:32.287
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-29 10:09:32.255
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows.old\WINDOWS\WinSxS\x86_microsoft-windows-utilman_31bf3856ad364e35_10.0.10240.16384_none_ae8b861a138d2840\Utilman.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-12-20 03:33:23.913
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-19 03:34:48.331
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-14 14:07:17.892
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-13 01:51:33.402
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-12-13 01:51:33.392
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-3610QM CPU @ 2.30GHz
Percentage of memory in use: 34%
Total physical RAM: 8083.95 MB
Available physical RAM: 5289.88 MB
Total Virtual: 16275.95 MB
Available Virtual: 13111.52 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:372.17 GB) (Free:272.59 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:534.17 GB) (Free:418.44 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:1862.98 GB) (Free:1673.54 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 2902CC6D)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: E862C276)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
 
 

~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:24 PM

Posted 04 January 2016 - 04:38 AM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 janefs

janefs
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:24 PM

Posted 04 January 2016 - 01:50 PM

ESET log.txt file:
 
Thanks
Jane
 
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=507ee591acc7664b922811d627c3d62c
# end=init
# utc_time=2016-01-04 12:04:18
# local_time=2016-01-04 01:04:18 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# osver=6.2.9200 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 27480
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=507ee591acc7664b922811d627c3d62c
# end=updated
# utc_time=2016-01-04 12:13:22
# local_time=2016-01-04 01:13:22 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# osver=6.2.9200 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=507ee591acc7664b922811d627c3d62c
# engine=27480
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-01-04 03:52:04
# local_time=2016-01-04 04:52:04 (+0100, W. Europe Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 7600323 216346814 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 5730561 5736867 0 0
# scanned=689626
# found=17
# cleaned=0
# scan_time=13122
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\jiane\Documents\General\ccsetup502.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\jiane\Documents\General\ccsetup503.exe"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\jiane\Documents\General\ccsetup504.exe"
sh=04AA0A0C151933E94BB4DC4B084F0E3B57E41EC8 ft=1 fh=16923f4a0d44c3bb vn="a variant of Win32/SoftPulse.X potentially unwanted application" ac=I fn="C:\Users\jiane\Documents\General\Adtelly\Setup.exe"
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\jiane\Downloads\spsetup128.exe"
sh=04AA0A0C151933E94BB4DC4B084F0E3B57E41EC8 ft=1 fh=16923f4a0d44c3bb vn="a variant of Win32/SoftPulse.X potentially unwanted application" ac=I fn="F:\$RECYCLE.BIN\S-1-5-21-774148936-2429103290-1943999915-1002\$RF06KTU\Setup.exe"
sh=04AA0A0C151933E94BB4DC4B084F0E3B57E41EC8 ft=1 fh=16923f4a0d44c3bb vn="a variant of Win32/SoftPulse.X potentially unwanted application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\History\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\Adtelly\Setup.exe564b0adb"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\History\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\ccsetup502.exe564b0adb"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\History\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\ccsetup503.exe564b0adb"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\History\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\ccsetup504.exe564b0adb"
sh=04AA0A0C151933E94BB4DC4B084F0E3B57E41EC8 ft=1 fh=16923f4a0d44c3bb vn="a variant of Win32/SoftPulse.X potentially unwanted application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\History\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\Adtelly\Setup.exe56601a58"
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\History\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Downloads\spsetup128.exe564b0adb"
sh=74507D2AD5D69252167B682B5FA7E693E1AE0652 ft=1 fh=c644006b49a165d6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\ccsetup502.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\ccsetup503.exe"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\ccsetup504.exe"
sh=04AA0A0C151933E94BB4DC4B084F0E3B57E41EC8 ft=1 fh=16923f4a0d44c3bb vn="a variant of Win32/SoftPulse.X potentially unwanted application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Documents\General\Adtelly\Setup.exe"
sh=4CEA705682BB790C11ABEF4561B0A3A04C405172 ft=1 fh=b2e2ce7ff5f99577 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="F:\WD Backup.swstor\jiane\YmJmNGI4ZDFlODkyNDI0Ym\Volume{069a8fcb-c6b0-4132-b647-3facee23be88}\Users\jiane\Downloads\spsetup128.exe"

~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:24 PM

Posted 04 January 2016 - 05:48 PM

Hi Jane,
looking good, ESET hasn't found any active malware. :)

Step 1

frst.pngfrstfix.png

Press thew8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    File: C:\Program1\voipconnect.exe [32417376 2015-07-23] (VoipConnect)
    HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
    HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
    SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    SearchScopes: HKU\S-1-5-21-774148936-2429103290-1943999915-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
    FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
    FF Homepage: hxxps://www.google.com/?trackid=sp-006
    FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
    CHR HomePage: Default -> 
    CHR StartupUrls: Default -> 
    CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {189186FC-9468-D082-AA16-E0E985889A47} => No File
    CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5993F050-9468-D082-0660-E2A885889A47} => No File
    Task: {088656AE-DAEA-4171-9FAD-CE869824CB77} - \Inst_Rep -> No File 
    Task: {1DD88FBA-648E-43B1-BD4C-1A5A8B242EDD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File 
    Task: {202C4DDC-1F9B-4475-9F8D-E22253D2A91C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File 
    Task: {25E0C527-58AD-4516-BC03-1BCD6DAFFD2E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File 
    Task: {348DD3C3-066F-4097-9557-5D30C60CF6D9} - \Installer_iwebar -> No File 
    Task: {3C9BEE0C-56FC-4A40-A415-C1D603DF2A5B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File 
    Task: {3F6AAAB8-BCBE-4D45-AC40-902D5061E320} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File 
    Task: {4ADFAE1B-77C2-4C6A-80F2-CA1CC50A3923} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File 
    Task: {544C69E2-20D0-4076-BBA3-5796C5CAF849} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File 
    C:\Users\jiane\AppData\Local\Installer\Installcr_29824
    Task: {63B9FED6-1F29-4A2A-8599-402DCCB03B0C} - System32\Tasks\Installer_cr => C:\Users\jiane\AppData\Local\Installer\Installcr_29824\ytdiegut_gutdc_setup.exe 
    Task: {7B62A1BD-00F7-4159-9407-B19B3EE4D0E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File 
    Task: {B874DE28-294A-413A-B439-75BE6329B468} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File 
    Task: {DADA0E39-9CB9-4B80-82A1-21FAF4CDCE65} - System32\Tasks\{F0840030-7652-496E-966E-3D1A5D88BABD} => pcalua.exe -a 
    Task: {F8597579-F913-4FED-B3BF-55444083EA8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File 
    Task: {FB4AFC1E-386C-4CD7-951C-A8053B7ACB60} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File 
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


lesestoff.png

Can you please tell me which problems still persist now?
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 janefs

janefs
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:24 PM

Posted 05 January 2016 - 10:55 AM

Hello Jurgen,

 

I am not seeing any problems from the adware/malware. I was concerned that I might be infected, but it seems that the diagnostics we have run, show no active malware. 

 

I just wanted to be sure nothing remained after the downloadadmin-k pup.

 

Thank you, Jane

 

 

fixlog.txt follows--------------

 

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by jiane (2016-01-05 16:33:04) Run:1
Running from C:\Users\jiane\Documents\Housekeeping Programmes
Loaded Profiles: UpdatusUser & jiane (Available Profiles: UpdatusUser & jiane & Guest & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
File: C:\Program1\voipconnect.exe [32417376 2015-07-23] (VoipConnect)
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?trackid=sp-006
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxps://www.google.com/?trackid=sp-006
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = hxxps://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-774148936-2429103290-1943999915-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF DefaultSearchUrl: hxxps://www.google.com/search/?trackid=sp-006
FF Homepage: hxxps://www.google.com/?trackid=sp-006
FF Keyword.URL: hxxps://www.google.com/search/?trackid=sp-006
CHR HomePage: Default -> 
CHR StartupUrls: Default -> 
CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}\InprocServer32 -> {189186FC-9468-D082-AA16-E0E985889A47} => No File
CustomCLSID: HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}\InprocServer32 -> {5993F050-9468-D082-0660-E2A885889A47} => No File
Task: {088656AE-DAEA-4171-9FAD-CE869824CB77} - \Inst_Rep -> No File 
Task: {1DD88FBA-648E-43B1-BD4C-1A5A8B242EDD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File 
Task: {202C4DDC-1F9B-4475-9F8D-E22253D2A91C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File 
Task: {25E0C527-58AD-4516-BC03-1BCD6DAFFD2E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File 
Task: {348DD3C3-066F-4097-9557-5D30C60CF6D9} - \Installer_iwebar -> No File 
Task: {3C9BEE0C-56FC-4A40-A415-C1D603DF2A5B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File 
Task: {3F6AAAB8-BCBE-4D45-AC40-902D5061E320} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File 
Task: {4ADFAE1B-77C2-4C6A-80F2-CA1CC50A3923} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File 
Task: {544C69E2-20D0-4076-BBA3-5796C5CAF849} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File 
C:\Users\jiane\AppData\Local\Installer\Installcr_29824
Task: {63B9FED6-1F29-4A2A-8599-402DCCB03B0C} - System32\Tasks\Installer_cr => C:\Users\jiane\AppData\Local\Installer\Installcr_29824\ytdiegut_gutdc_setup.exe 
Task: {7B62A1BD-00F7-4159-9407-B19B3EE4D0E5} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File 
Task: {B874DE28-294A-413A-B439-75BE6329B468} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File 
Task: {DADA0E39-9CB9-4B80-82A1-21FAF4CDCE65} - System32\Tasks\{F0840030-7652-496E-966E-3D1A5D88BABD} => pcalua.exe -a 
Task: {F8597579-F913-4FED-B3BF-55444083EA8E} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File 
Task: {FB4AFC1E-386C-4CD7-951C-A8053B7ACB60} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File 
EmptyTemp:
*****************
 
Processes closed successfully.
 
========================= File: C:\Program1\voipconnect.exe [32417376 2015-07-23] (VoipConnect) ========================
 
"C:\Program1\voipconnect.exe [32417376 2015-07-23] (VoipConnect)" => not found.
====== End of File: ======
 
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-774148936-2429103290-1943999915-1002\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F}" => key removed successfully
HKCR\Wow6432Node\CLSID\{E9410C70-B6AE-41FF-AB71-32F4B279EA5F} => key not found. 
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-21-774148936-2429103290-1943999915-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
Firefox DefaultSearchUrl removed successfully
Firefox "homepage" removed successfully
Firefox "Keyword.URL" removed successfully
Chrome HomePage => removed successfully
Chrome StartupUrls => removed successfully
"HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{004B49B7-11B9-5058-FF22-08DD093ADC4B}" => key removed successfully
"HKU\S-1-5-21-774148936-2429103290-1943999915-1002_Classes\CLSID\{DD0822FF-3A09-4BDC-B749-4B00B9115850}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{088656AE-DAEA-4171-9FAD-CE869824CB77}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{088656AE-DAEA-4171-9FAD-CE869824CB77}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Inst_Rep => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1DD88FBA-648E-43B1-BD4C-1A5A8B242EDD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1DD88FBA-648E-43B1-BD4C-1A5A8B242EDD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{202C4DDC-1F9B-4475-9F8D-E22253D2A91C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{202C4DDC-1F9B-4475-9F8D-E22253D2A91C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{25E0C527-58AD-4516-BC03-1BCD6DAFFD2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{25E0C527-58AD-4516-BC03-1BCD6DAFFD2E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{348DD3C3-066F-4097-9557-5D30C60CF6D9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{348DD3C3-066F-4097-9557-5D30C60CF6D9}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_iwebar => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C9BEE0C-56FC-4A40-A415-C1D603DF2A5B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C9BEE0C-56FC-4A40-A415-C1D603DF2A5B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3F6AAAB8-BCBE-4D45-AC40-902D5061E320}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F6AAAB8-BCBE-4D45-AC40-902D5061E320}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4ADFAE1B-77C2-4C6A-80F2-CA1CC50A3923}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4ADFAE1B-77C2-4C6A-80F2-CA1CC50A3923}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{544C69E2-20D0-4076-BBA3-5796C5CAF849}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{544C69E2-20D0-4076-BBA3-5796C5CAF849}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"C:\Users\jiane\AppData\Local\Installer\Installcr_29824" => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{63B9FED6-1F29-4A2A-8599-402DCCB03B0C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{63B9FED6-1F29-4A2A-8599-402DCCB03B0C}" => key removed successfully
C:\WINDOWS\System32\Tasks\Installer_cr => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Installer_cr" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7B62A1BD-00F7-4159-9407-B19B3EE4D0E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B62A1BD-00F7-4159-9407-B19B3EE4D0E5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B874DE28-294A-413A-B439-75BE6329B468}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B874DE28-294A-413A-B439-75BE6329B468}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DADA0E39-9CB9-4B80-82A1-21FAF4CDCE65}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DADA0E39-9CB9-4B80-82A1-21FAF4CDCE65}" => key removed successfully
C:\WINDOWS\System32\Tasks\{F0840030-7652-496E-966E-3D1A5D88BABD} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{F0840030-7652-496E-966E-3D1A5D88BABD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8597579-F913-4FED-B3BF-55444083EA8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8597579-F913-4FED-B3BF-55444083EA8E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB4AFC1E-386C-4CD7-951C-A8053B7ACB60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB4AFC1E-386C-4CD7-951C-A8053B7ACB60}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
EmptyTemp: => 3.5 GB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 16:36:33 ====

~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:24 PM

Posted 05 January 2016 - 03:17 PM

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.



Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 janefs

janefs
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:24 PM

Posted 06 January 2016 - 04:51 AM

Thank you Jurgen, for all your help.

 

I really appreciate your prompt reply, and excellent assistance, there's a coffee coming your way  :-)

 

I've completed the delfix and will be reading through the grindler's tips page.

 

All the best for the New Year.

 

(Topic can now be closed)

 

Regards

Jane


Edited by deeprybka, 06 January 2016 - 04:59 AM.

~~~~~~~~~~~~~~~~~~~ Specs ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ASUS N67VM-S3113V, Intel i7-3610 QM, CPU 2.3GHz 8GB RAM, 1TB, 64-bit OS, Windows 10 Home 
ASUS Eee 1005HA, Intel Atom CPU N270 1.60GHZ 1GB RAM, 32-bit OS, Windows 10 Home

NUC5i5RYH: Intel i5, 32-bit Windows 10 Pro
 


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:24 PM

Posted 06 January 2016 - 04:59 AM

Thank you very much! Take care! :)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:03:24 PM

Posted 06 January 2016 - 05:00 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users